Gavin Klondike (GTKlondike) is the founder of NetSec Explained, a blog and YouTube channel, where he shares advanced netsec topics in an easy-to-understand way.
I used to run an internship program at a boutique consulting firm, training high-quality web app penetration testers.
99% of free training resources aren't worth it.
Save yourself the time, and focus on these 5 🧵👇
Free Lab #1: Portswigger Web Academy
By the team behind BurpSuite.
Most people misunderstand the specific vulnerabilities hackers exploit.
This free lab teaches you what they are, how they work, and how to exploit them yourself.
https://portswigger.net/web-security
Free Lab #2: OWASP Juice Shop
Most people think all you have to do is exploit. Little do they know, finding vulnerabilities in the first place is 90% of the work.
In this free lab, you have to build a methodology to find the vulnerabilities first.
https://juice-shop.herokuapp.com/
Free Lab #3: TryHackMe
Often, giving aspiring pentesters a bunch of vulnerabilities and saying "have fun" isn't that helpful (shocker).
This free lab offers some structure to your learning through their various learning paths.
Free Lab #4: Hack The Box
Most people overlook how networks, frameworks, and support systems tie into web app vulnerabilities.
This free lab lets you explore the networking side of things along with a variety of system configurations.
Free Lab #5: Pico CTF
Most people forget to have fun with it.
This free lab gamifies teaching you the fundamentals in a fun and interesting way.
It's geared towards beginners, so take a look if you're just starting out.
TL;DR: Out of hundreds of online labs, focus on these 5:
• Portswigger Web Academy
• OWASP Juice Shop
• TryHackMe
• Hack The Box
• Pico CTF
Happy Hacking!