As a nonprofit that interfaces with a lot of people who are trying to obtain jobs in cybersecurity, I can tell you having done a gap analysis as a black woman in cybersecurity, that the financial barriers to entry into ethical hacking are high. We are in the middle of a pandemic and people are trying to take care of their family and don’t need the worry of an 1200 EC Council Exam, a 360 Comptia exam, or an over 8000 Sans exams. Those certs are all worth something in the industry but they’re not worth anything to you if they are outside of your reach. To help address this financial barrier to ethical hacking I’m going to discuss some ways that you can be able to practice real-world hands on skills free or low cost.
Setting up a Home Lab
Setting up a home lab in virtualbox or vmware can provide an easy environment within your computer to practice hands on skills. With a computer with access to a computer, you can set up a home lab that has a minimum of two virtual machines (VMs) One VM, Kali or Parrot, and one VM to be the victim machine called broken web app. All of the tools discussed here, virtualbox, vmware, kali, parrot, and the vms themselves are all free. They are also a one stop shop for learning authentication, authorization, network penetration testing, ethical hacking, scanning and enumeration, exploiting and privilege escalation and more. There is even a running webserver that is available on the victim VM that will allow you to practice your web hacking activities and learn how to spot and exploit things like the OWASP Top 10. As you can see, setting up a home lab give you a wide range of both red and blue team activities that you can perform to be able to practice your skills. The best part of this is that you don’t need access to the internet once your network is set up and you would not have to work about any legal repercussions from the practice of ethical Hacking. BlackGirlsHack has a new year, new lab workshop that walks you through how to set up a home lab so that you can practice these skills. There is also a New Year, New Lab Part Deux and Part Tree that show you other useful things you can do without spending any money. And once you level up your skills in penetration testing and web application penetration testing you can get intentionally vulnerable vms from vulnhub that will give you other types of boxes to “break into” such as windows and other flavors of Linux.
No discussion on budget hacking would be complete without tryhackme. Tryhackme has a free tier of programs and a paid tier (10/mo) you can definitely do all types of rooms for free. What you will find in Tryhack me is rooms that are set up to teach a very specific subject. For example, you might go into the nmap room to learn how to use nmap, or into the wireshark room to learn how to use that. Tryhackme is a cloud based cyber training program that is available for free for many types of rooms, and boxes. TryHackMe is a beginners level application although they do have some rooms that are more advanced.
Rangeforce is an interactive and hands on team cyber readiness platform. They specialize in blue team things although they do have purple, yellow and some red team training. They are a cloud based cyber training platform that has a free community edition or if you’re a member of BlackGirlsHack, we have their higher content free through our BlackGirlsHackxRangeforce partnership.
Hack The Box
Hack the box is an online cybersecurity training platform that allows people to practice their ethical hacking skills breaking into boxes that they have staged which cover a wide variety of hosts. Hack the Box is probably more for mid to advanced level people as they do not provide step by step guidance line tryhackme and Rangeforce does. They have a wide range of boxes available for free but they also have a paid offering.
Portswigger Academy aka Web Security Academin is a free online training center for web application security. It includes content related to the OWASP Top 10 and uses Burp Suite, a real world tool that is used for web application penetration testing. It is free and often neglected but if you are a future ethical hacker, penetration tester, or web security professional, this needs to be your new goto site.
Over the Wire
Over the Wire is a set of cyber wargames that are offered for free that provide you with a wide variety of skills. The over the wire Bandit series is a primer in Linux and is set up in a gamified way so that you have to hack your way to the highest levels. They also have other wargames including Natas which teaches the basis of web security, and Leviathan and Narnia are some of the other wargames that are general cyber skills, common sense and basic exploitation. You don’t need a lot to join this games and they’re lots of fun.