TryHackMe – By far the most interesting of the bunch at the moment for me, very interactive cybersecurity training with a hint system in case you get stuck. I really like that they’ve taken the time to build paths for different specializations. The community is also friendly and global, which is a big plus. It’s great to chat with someone from time to time, especially in this world where COVID-19 is still a thing.
HackTheBox – I must admit that I don’t have much experience with HackTheBox yet, but the site is very high quality. HTB is a bit older (more VMs to crack) than THM, and considerably harder with much less handholding. I will most likely start with this site after I’m “done” with THM.
Web Security Academy by Portswigger – Amazing if you’re interested in web hacking. Again, interactive training with very good materials. My go-to place to learn about web app security. I will most likely jump into this after I’m “done” with THM.
Bug bounty platforms – HackerOne, Bugcrowd, Intigriti, Synack… there are so many! Good for testing the stuff you’ve learned from previous sites. And maybe earning some cash or loot on the side, too!
Linux Journey – A nice site to learn about Linux in case you’re not that familiar with it. I would spin up a Linux distro in a virtual machine to get a more holistic view of things while studying this site.
Udemy – Udemy is a mixed bag. There are some good courses and then there are a lot of bad ones. Do your own research before diving in. Personally, I would avoid buying courses from less-known mentors, unless you really know who they are and are good at what they do. The courses are often 90% off, never pay the full price for a course on Udemy! I’ve enjoyed courses by Heath Adams, Dion Training and TOTAL.
Nahamsec’s list of resources – Some good tips in this list.
Metasploit Unleashed – A free course on Metasploit by Offensive Security.
TJNull’s OSCP prep guide – A helpful collection of information for the OSCP certification. I will most likely tackle this monster of a certification somewhere in the future. Yes, even after I just called out certifications for being dumb. ¯\_(ツ)_/¯ Also worth checking for those who are preparing for the OSCP.
There’s a lot more resources on the internet, this post is more of a personal reminder. It’s easy to get bogged down with a thousand bookmarks, so in case I go crazy and delete them all this post is here to remind me of the essentials.