If you are interested in learning or practicing hacking, there are a variety of websites that are free to use! We recommend the following:

*Note: please use these resources in your pentesting journey, never attempt to hack a real website or application :) *Note: please use these resources in your pentesting journey, never attempt to hack a real website or application :)

Highly Recommended Sites:

• TryHackMe: very beginner friendly and also had additional cybersecurity information! TryHackMe: very beginner friendly and also had additional cybersecurity information!


• picoCTF: beginner friendly and has CTF challenges based on a variety of security skills


• HackTheBox: a little less beginner friendly, but once you begin to understand hacking, it is the go-to practice tool due to the multitude of instances you can practice on and the vast HTB community

*CTF: CTF stands for capture the flag. This refers to challenges in which players must use their cybersecurity skills to find and submit a flag, which is usually just a string of characters.

Other Recommended Resources:

• OverTheWire: focuses on Linux-based skills, has many levels of CTF


• PentesterLab: also has a variety of instances to pentest, similar to HackTheBox


• Damn Vulnerable Web App (DVWA): must be run on a virtual machine (such as VirtualBox (Course 6)), has fake applications that you can attempt to hack into and has settings to change the difficulty be run on a virtual machine (such as VirtualBox (Course 6)), has fake applications that you can attempt to hack into and has settings to change the difficulty


• TheBadStore: also must be run on a virtual machine, TheBadStore is a fake, hackable website where you can safely practice.

Additional Reading: Bug Bounty Hunting (Optional):

Bug bounty hunting (BBH) can be casual, but usually happens in competitions where pentesters attempt to find bugs in a system. Sometimes, companies hold BBH events where those who find vulnerabilities in their system can win prizes or money. If you are ever comfortable with penetration, try to see if there are any of virtual machine, TheBadStore is a fake, hackable website where you can safely practice.

Additional Reading: Bug Bounty Hunting (Optional):

Bug bounty hunting (BBH) can be casual, but usually happens in competitions where pentesters attempt to find bugs in a system. Sometimes, companies hold BBH events where those who find vulnerabilities in their system can win prizes or money. If you are ever comfortable with penetration, try to see if there are any of these events in your area!