Cyber Security training is a bit all over the place. While we ourselves are a cyber security training platform, we thought we would compare the offerings for both offensive security (good ol' hacking!) and defensive security (blue team!). We are going to compare platforms based on their FREE offerings.
Offensive Security Platforms
Red Teaming has been sort of the spiciest thing on the market, as a number of platforms have emerged that go above and beyond even the originals in the market. Ethical hacking can be a bit tough to get into (this is coming from an actual Red Teamer!), but it isn't impossible! These platforms are great for their free offerings.
HackTheBox
You can't really mention offensive security training without HackTheBox. They've been around a long time, even before they became much more organized and properly structured - throwback to when you had to "hack in"!
Without having to pay anything, you get somewhere around 20 active machines, a bunch of challenges, and access to some of their HackTheBox Academy modules. The Academy modules are fantastic in actual content and providing a real way to learn hacking without just banging around at random boxes. You won't get too far though until you have to pay, however.
HackTheBox is, in my opinion, the platform with the most amount of raw content on the platform as a whole. For free, you'll likely hit some roadblocks and yearn for more though.
TryHackMe
TryHackMe also started shortly after the beginning of HackTheBox, growing pretty quickly with its guided approach to "Rooms". While there are challenges for you to solve, a bulk of the content is "guided" and allows you to go through the individual steps it would take to solve a problem.
Usually folks on Reddit or wherever will recommend TryHackMe if you are an absolute beginner, as the introductions on HackTheBox's active machines can be a bit daunting if you're still learning how the whole process works.
The scope of TryHackMe's free side of the platform is more extensive than the others, offering "500+" free "Rooms" for you to challenge. Ignoring difficulty, this is probably a better spot to spend your time until you're ready to move onto the harder stuff.
VulnHub
If you are willing to get your hands a bit dirty with the setup, then this is the platform for you. VulnHub has been around for awhile, and was made by folks to give more practice when the platforms really weren't that plentiful.
You do need to actually setup the virtual machines yourself, but that is normally good practice as you will be doing that a ton in your career. As far as a first stop, we wouldn't recommend the platform. On the bright side - it's all free (so long as you have cheap hard drive space :) ).
Defensive Security Platforms
Blue Team training is sort of all over the place. Most of our training has been boiled down to cookie-cutter courses on theory without a whole lot of actually doing stuff to learn how to defend an enterprise. Platforms will usually guide you to a certification that is generic and does not apply to much other than looking nice on a resume for some HR filter. Here, we are going to focus on platforms that will help you actually LEARN!
EpicDetect
Hey, that's us! We are completely new to the training space and are building a platform that will allow users to train in a SIEM! You'll spend most of your time working with logs as a cyber security analyst, so you might as well get good at it! We want to take the dedication and passion programmers have for platforms like LeetCode and bring that to cyber security!
We offer all of our content for free at the moment, with nothing currently released as ever destination-bound for a paywall. We aim to release a certification for detection engineering soon, and have so much more coming! A minimum of two new problems a week, with a completely new pathway a month! Why not sign up and give us a shot?
LetsDefend
It's only fair to shout our competitors out. These guys offer a number of challenges from reverse engineering, to cloud security, and more for you to get your hands dirty on a number of technologies.
LetsDefend offers courses and pathways for a range of cyber security topics, allowing you to earn certificates of completion after completing relevant quizzes. There is content locked behind a monthly paywall, but you can get a decent amount for their current pricing.
Cybrary
The Cybrary platform is a video-centric one that allows students to view a range of topics. Sort of similar to LetsDefend, they focus mainly on specific Career Paths, allowing you to set a focus and learn along the way.
Their model is VERY limited however, keeping you to 10 activities per day (according to their pricing page). Typically, if you're on a binge and really trying to get into the weeds with learning cyber security, you don't want to be limited.
Review
Whatever you pick for whatever career path you're progressing on, you can get plenty of knowledge without paying a dime. It's important to get the "theoretical" certifications like the Security+, but it is vital for you to also get hands-on training - as this is a hands-on field!
