The best free platforms to practice hacking legally. Ranked by a CS student at Michigan Tech.
Capture The Flag competitions and practice platforms are the best way to build real cybersecurity skills. As a CS student at Michigan Tech who's worked through multiple platforms, here are the ones actually worth your time.
A CTF is a cybersecurity challenge where you find hidden flags —
usually a string like flag{this_is_the_flag} — by
exploiting vulnerabilities, solving puzzles, or reversing code.
They're the fastest way to build practical skills because you're
actually hacking, not just watching videos.
The most beginner-friendly platform available. Guided learning paths teach concepts before testing them. Browser-based attack machine means no setup needed.
Where you go after TryHackMe. Machines are realistic and much closer to real penetration testing scenarios.
Run by Carnegie Mellon University. Hundreds of challenges across web, crypto, forensics, reverse engineering, and binary. Challenges stay live after competitions end.
Start Free →Wargames that teach Linux and security through puzzles. Start with Bandit for Linux basics, then Natas for web security.
Start Free →A calendar of every live CTF competition happening worldwide. Competing in live CTFs is the best way to level up fast.
Browse CTFs →Hundreds of free downloadable virtual machines that are intentionally vulnerable. Download, run in VirtualBox, practice offline. Needs at least 8GB RAM.
Browse Machines →Over 400 free challenges across web, network, forensics, and cryptography. Good for breadth of knowledge.
Start Free →Focuses on defensive skills — log analysis, threat hunting, incident response. Essential if targeting a SOC Analyst role.
Start Free →Free holiday-themed CTF every December. Excellent production quality, beginner-friendly, and past challenges stay available year-round.
Learn More →Run by Arizona State University. Focuses on low-level binary exploitation. Harder than everything else on this list but completely free and exceptionally well designed.
Start Free →| Experience Level | Start Here |
|---|---|
| Complete beginner | TryHackMe |
| Know Linux basics | PicoCTF or OverTheWire |
| Comfortable with basics | HackTheBox Starting Point |
| Want offline practice | VulnHub |
| Targeting SOC roles | Cyber Defenders |
| Want live competitions | CTFtime.org |
My recommendation: Start with TryHackMe for 2-3 months, then add HackTheBox. Supplement with PicoCTF and OverTheWire Bandit. Once comfortable, join a live CTF on CTFtime.org.
For platforms that need a local setup (VulnHub etc.) you'll need VirtualBox (free) for running VMs locally. Or use a DigitalOcean VPS for cloud practice — new users get $200 free credits.