Ethical Use Only. This guide covers cybersecurity concepts for educational purposes — penetration testing with authorisation, CTF competitions, security research, and building defensive skills. Always obtain written permission before testing any system you do not own. Unauthorised access to computer systems is illegal under laws such as the Computer Fraud and Abuse Act (CFAA) and the Computer Misuse Act.
Foundations
Offensive Techniques
Defensive Security
Specialist Domains
Learning Path
Practice Platforms
Platform
Style
Best For
Cost
TryHackMe
Guided learning paths
Absolute beginners, structured labs
Free / £10/mo
HackTheBox
Real-world machines
Intermediate–advanced hands-on hacking
Free / €14/mo
PicoCTF
CTF competitions
Students, beginner–intermediate CTF
Free
OverTheWire
Wargames (CLI)
Linux skills, binary exploitation basics
Free
VulnHub
Downloadable VMs
Offline practice, OSCP prep
Free
DVWA
Self-hosted web app
Web application testing practice
Free
Root Me
Challenges
Wide range of categories, no subscription
Free
CTFtime
CTF event tracker
Finding live competitions
Free
Legal Lab Setup
Setup
How
Use
Virtual Machines
VirtualBox or VMware + Kali Linux ISO
Isolated attack environment — safe to break things
Metasploitable
Vulnerable VM by Rapid7
Practice exploitation against intentionally weak target
FLARE VM
Windows-based analysis VM by Mandiant
Malware analysis and reverse engineering
Docker labs
docker pull vulnerables/web-dvwa
Quick spin-up of vulnerable web apps locally
Home network segment
Separate VLAN / router for lab devices
Hardware device testing without risking main network