Free Resources To Learn Pentesting

TryHackMe
TryHackMe is a online service that offers paid and free rooms. The highlight for TryHackMe is that it offers beginner friendly and advanced rooms for pentesting, malware analysis, digital forensics, and much more related to cyber security. If you are just getting into Cyber Security, this is a great starting point. If you enjoy the free content, consider the monthly service to have access to the paid rooms. I used this as my first Cyber Security Training to help me become a Pentester.

PortSwigger Web Security Academy
PortSwigger Academy is a free online resource for learning beginner and advanced Web Application Exploits. This site offers labs on XSS, SQL Injection, Server Side Request Forgery and so much more. The course is designed around PortSwiggers Burp Suite Program, but labs can be completed without it. PortSwigger is always adding new content to the site. This is a great resource for learning Web Application Pentesting.

API Security University
APISEC University is a website that offers Courses on learning how to hack and pentest against APIs. Corey Ball goes into great detail in discussing how to hack APIs and talking about the OWASP Top 10 for API Security. This course is free and offers great video material that help set up labs and perform the test, then at the end of each section you will be given a quiz and a lab to perform to ensure you are learning the material.

The Cyber Mentor YouTube Channel
The Cyber Mentor has a fantastic YouTube Channel dedicated to Cyber Security. I could make a blog post dedicated to just Cyber Mentor Content. The content on the YouTube playlist I recommend checking out is the twelve hour series on Ethical Hacking. It includes information on networking, basic hacking techniques, python programming, web application hacking, buffer overflows, OISNT, and much more. If you enjoy the free content, you can check out the paid video series on TCM Security Academy and extend your knowledge.

HackTricks
HackTricks is a fantastic website that has great learning material and methodology on pentesting. It is a typical go-to while I am performing a pentest to get a refresher on a tool. This site has a great number of links to resources and other learning material as well. I highly recommend checking out this resource and giving the material a read.

Active Directory Security
Active Directory Security is a website used to post information about Active Directory Security and pentesting. Learn about Mimikatz, Kerberoasting, AD Recon, and more. If you are interested in Active Directory Security and pentesting, this site is a great resource to learn from.

VulnHub
VulnHub is a resource with vulnerable boxes that are meant to provide hands-on practice. The website offers several vulnerable boxes that use Virtualization Software such as Virtualbox or VMWare. I recommend the route of setting up your own virtual environments and testing against it. You can also look into hardening and patches the boxes.

If you found this helpful, please send me a tweet and tell me what you thought! Feedback is always appreciated!