On-line Learning for Penetration Testing, Information Security and general IT training

Curated, high-signal resources I rate for building hands-on skills in web exploitation, Active Directory, adversary emulation and malware development. UK English. No fluff.

Last updated: 7 September 2025

Start here: free & foundational

PortSwigger Web Security Academy — gold-standard, research-driven web app labs (from basics to advanced; pairs perfectly with Burp). Free.
TryHackMe Learning Paths — guided, browser-based labs. See the Red Teaming path for adversary simulation fundamentals.
OffSec Learn Fundamentals — structured foundations (networking, Linux, scripting) to prep for OSCP/advanced tracks.
VulnHub — downloadable VMs to practice end-to-end compromises in your own lab.
PentesterLab — focused web-hacking exercises including real CVEs and code-review-style tasks.

Hands-on platforms (individual)

Hack The Box Pro Labs — enterprise-style, hardened networks for realistic attack paths and OPSEC practice.
HTB Academy — modular curriculum (e.g., BloodHound/AD, priv-esc, web) that integrates with Pro Labs when you’re ready.
TryHackMe Red Teaming Path — campaign-style sequences covering initial access, AD enumeration, persistence and EDR evasion basics.

Web application security (from beginner to advanced)

PortSwigger All Labs — SQLi/XSS/SSRF/XXE/deserialisation and more, with write-ups and mystery labs.
Burp Suite Certified Practitioner (BSCP) — a practical exam that validates applied web exploitation and Burp skills.
OffSec WEB-300 (OSWE) — advanced white-box exploitation & code review; ideal step after PortSwigger labs.
PentesterLab PRO — >600 exercises including modern bug classes and code-review scenarios.

Active Directory & red team tradecraft

Zero-Point Security — Red Team Ops (CRTO) — adversary simulation with Cobalt Strike across the full attack lifecycle; practical exam.
Zero-Point Security — Red Team Ops II (CRTO2) — defence-evasion/OPSEC, custom tooling, memory artefact reduction, ASR/WDAC bypass work.
SpecterOps — Adversary Tactics: Red Team Operations — operator-level tradecraft against live defenders in an enterprise-mimicking lab.
SpecterOps — Identity-Driven / Detection / Tradecraft Analysis — deep dives on identity attacks, detection engineering and data-driven evasion.
SANS SEC560: Enterprise Penetration Testing — large-estate testing across on-prem, Azure and Entra ID with CTF.
Altered Security — CARTP / CARTS Bootcamp — hands-on courses in Active Directory attacks, red team operations, and purple team tradecraft. Very practical with modern AD attack paths.

Malware development & EDR bypass (for mature practitioners)

SEKTOR7 — Malware Development Essentials — Windows internals, shellcode, loaders and OST patterns (progresses to Intermediate/Advanced).
SEKTOR7 — Malware Development Intermediate — API hooking, reflective binaries, 32/64-bit migrations, more.
SEKTOR7 — Advanced (Vol. 1 & 2) — userland and kernel tradecraft, ETW taming, RW primitives and stealth techniques.
OffSec PEN-300 (OSEP) — advanced evasion & breaching; strong bridge between red team ops and exploit dev.
OffSec EXP-301 (OSED) — Windows exploit dev: mitigations, shellcoding, reversing foundations.

Note: these are offensive-engineering tracks; use responsibly and only with written authorisation.

Adversary emulation frameworks & ATT&CK

Atomic Red Team — ATT&CK-mapped atomic tests; pair with Invoke-AtomicRedTeam for quick execution.
MITRE ATT&CK Training — free modules (ATT&CK fundamentals, CTI, adversary emulation, purple-team basics).
MAD20 (MITRE ATT&CK Defender) — certification and hands-on labs focused on ATT&CK-aligned emulation/detection.

Team cyber ranges (red/blue/purple)

RangeForce — cloud ranges and solo labs using real tools (Splunk, CrowdStrike, etc.).
Immersive Labs — Cyber Range — scenario-driven exercising mapped to ATT&CK for team readiness.
OffSec Enterprise Cyber Ranges — live-fire simulations for blue/purple teams with complementary OffSec content.

Certification tracks to anchor your learning

OSCP/OSCP+ via OffSec PEN-200 — foundational pen-testing.
CRTO and CRTO2 — Active Directory-first red teaming and defence evasion.
BSCP — web exploitation with Burp.
OSWE and OSED / OSEP — advanced web/exploit/evade progression.

How I’d stitch this together

Warm-up: PortSwigger Academy → HTB Academy modules (Linux, AD basics, priv-esc).
Foundation cert: OSCP (PEN-200) or BSCP (web-first path).
Enterprise realism: HTB Pro Labs or a small homelab + VulnHub/PentesterLab targets.
Red team specialism: CRTO → CRTO2 or SpecterOps Red Team Operations.
Evasion/engineering: OSEP and SEKTOR7 (as needed for your role/clients).
Purple-team loop: use Atomic Red Team + ATT&CK training to validate detections and improve OPSEC.