Cybersecurity Virtual Lab/Ranges

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. TryHackMe gives students their own personal hackable machine, deployable by 1 click of a button, which allows them to put their knowledge into practice. (https://www.tryhackme.com/)

Hack The Box is a gamified cybersecurity upskilling, certification, and talent assessment software platform enabling individuals, businesses, government institutions, and universities to sharpen their offensive and defensive security expertise. They offer free resources. (https://www.hackthebox.com/)

The Offensive Security Proving Grounds (PG) are a modern network for practicing penetration testing skills on exploitable, real-world vectors. They’re based on the course labs featured in the pentesting course for the OSCP certification, Penetration Testing with Kali Linux (PWK). (https://www.sans.org/cyberaces/)

OverTheWire is a community that can help you to learn and practice security concepts in the form of fun-filled games. They offer lots of wargames to practice your skills. (https://overthewire.org/wargames/)

RangeForce levels up SOC and cybersecurity professionals with realistic, holistic, advanced defensive skills training, while accurately and quantitatively assessing existing team capabilities. (https://www.rangeforce.com/)

PicoCTF is a free computer security game targeted at middle and high school students. The game consists of a series of challenges centered around a unique storyline where the participants must reverse engineer, break, hack, decrypt, and solve the challenge. (https://picoctf.com/)

Blue Team Labs is a gamified platform for defenders to practice their skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting. Free and paid tiers available. (https://blueteamlabs.online/)

AttackDefense Labs host over 2000+ unique lab exercises on topics spanning from recon, exploitation, post-exploitation, data exfiltration, web applications, traffic analysis, CVEs, network components, infrastructure attacks, privilege escalation, forensics, firmware analysis, reversing, secure coding, IoT networks, Metasploit, Python for infosec and many others. (https://www.attackdefense.com)

CryptoHack is a learning lab about modern cryptography that allows the user to solve a series of interactive puzzles and challenges. It allows the user to understand the ciphers and protocols that secure the digital world by breaking them. (https://www.cryptohack.org)

Hacking-Lab Cyber Range is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Hacking-Lab is providing CTF and mission style challenges. Hacking-Lab's goal is to raise awareness towards increased education and ethics in information and security. (https://www.hacking-lab.com/)

PentesterLab is an easy and great way to learn penetration testing. PentesterLab provides free vulnerable systems that can be used to test and understand vulnerabilities. The exercises are based on common vulnerabilities found in different systems. (https://pentesterlab.com/)

Hack This Site is a free training ground for users to test and expand their hacking skills. The community is dedicated to facilitating an open learning environment by providing a series of hacking challenges, articles, resources, and discussion of the latest happenings in hacker culture. They are an online movement of artists, activists, hackers and anarchists who are organizing to create new worlds. (https://www.hackthissite.org/)

Root-Me is a well-known cybersecurity learning platform Root-Me. Root-Me allows users to access virtual environments in order to prepare and train beginners and experts to the various disciplines within the field of cybersecurity (ethical hacking, forensic, web security, network security, system security, cryptography, …). (https://www.root-me.org/)

OpenSOC is a free blue team defensive competition that is as close to "the real thing" as it gets. Its run as a series of infosec community events throughout the year to give back to the infosec community, promote the open source projects, and support infosec events like DEFCON and BSides. It's a platform to train real-world responders to handle real-world situations. The environment is a fully functional replication of an enterprise environment, complete with all the trimmings - Active Directory, Exchange, distributed networks, various sensors, log aggregation, end-user simulation, and more. (https://www.opensoc.io/)

CMD+CTRL is an immersive hacking experience designed to teach the fundamentals of web application security. CMD+CTRL allows users to explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points. The hands-on labs allow users to have a better understanding of the vulnerabilities that put real applications at risk. The labs will also better prepare users to find and fix those vulnerabilities in code. (https://cmdnctrl.net/)

CYBER RANGES is an all-in-one, simulation-based platform which offers holistic, beginner-to-expert, experiential learning paths in cyber security. They offer a community edition that is free. (https://www.cyberranges.com/community-subscription/)

Immersive Labs Community Edition offers a free platform packed with interactive labs that simulate real-world scenarios. Include hands-on practice for red team, blue team, and purple teaming labs. (https://cybermillion.immersivelabs.online/)

VulnMachines.com is a cybersecurity learning platform designed for security enthusiasts to develop their penetration testing and ethical hacking skills through hands-on experience. (https://cybermillion.immersivelabs.online/)

Vulnhub is a platform that provides users with downloadable virtual machines designed for practicing penetration testing and ethical hacking in a safe and controlled environment. (https://www.vulnhub.com)

The OWASP Vulnerable Web Application Directory (VWAD) is a project by the Open Web Application Security Project (OWASP) that acts as a curated list of known vulnerable web applications. (https://owasp.org/www-project-vulnerable-web-applications-directory/)