Training Red Team#
Practice ranges, walkthroughs, and curated drill lists the operator runs through to keep offensive tradecraft sharp. The ranges below all run authorised practice targets; everything else stays scoped to systems the operator owns or has written authorisation to test.
Ranges#
Hack The Box at https://www.hackthebox.com/, the working online range. IppSec’s per-box walkthrough archive lives at https://ippsec.rocks/ and is the single best way to learn from a watched solve.
TryHackMe at https://tryhackme.com/, structured rooms with more hand-holding than HTB, better suited for the operator who is rebuilding a specific skill.
VulnHub at https://www.vulnhub.com/, downloadable vulnerable VMs for offline range work.
PortSwigger Web Security Academy at https://portswigger.net/web-security, the operator’s web-app reference range, free and well-scaffolded.
awesome-cyber-skills joe-shenouda/awesome-cyber-skills, curated list of legal hacking environments.
CTF and BB#
CTFtime at https://ctftime.org/, the calendar and team-rating source for active CTF events.
awesome-ctf at apsdehal/awesome-ctf, general CTF tooling and writeup index.
Bug Bounty Hunter notes at ngalongc/bug-bounty-reference, curated writeups by vulnerability class.
Certification map#
The community-maintained Reddit progression chart at https://www.reddit.com/r/cybersecurity/wiki/certificationchart/ shows the rough order most offensive certs sit in (OSCP into OSEP / OSWE, then specialty tracks). Treat it as a sketch, not a prescription; the operator picks the cert that matches the next target, not the next chart-square.