Platforms

There are several platforms on which to perform CTFs or exploit machines prepared for this purpose and thus learn in a practical way, which in my opinion is the best way to learn in this field.

Red Team

I have practiced, less than I would like, in several platforms focused on offensive security, here is a list of some of them:

• HackTheBox (HTB): https://www.hackthebox.com/

• TryHackMe (THM): https://tryhackme.com/

• VulnHub: https://www.vulnhub.com/

They provide machines prepared to practice exploitation techniques, within a controlled environment and with active vulnerabilities to be exploited.

I will be uploading in the WRITEUPS section guides on machines that I have managed to complete.

Some of these platforms include paid subscriptions to be able to practice without limits, since the free accounts only allow to make certain machines.

Blue Team

In addition to these platforms for offensive security, there are also some other platforms for defensive security, such as:

• CyberDefenders: https://cyberdefenders.org/

• LetsDefend: https://www.letsdefend.io/

And if you like to compete, there are also CTF events or competitions organized throughout the year, such as the INCIBE Hacker Academy and many more.

Purple Team

And finally, I leave you a platform where there are courses, a path with different difficulties and even a certification for what would be a mixed profile between offensive and defensive security.

• CyberWarfare Labs: https://cyberwarfare.live/

They have training in different branches and organized everything by paths according to the branch and difficulty.

Bug Bounty

Bug bounty is another world within practical cybersecurity: here it is not about prepared machines, but about finding real vulnerabilities in applications and systems of companies that voluntarily offer to be audited in exchange for financial rewards or recognition in rankings.

Some of the main platforms to start with are:

• secur0: https://secur0.com/en/hackers

• HackerOne: https://www.hackerone.com/

• Bugcrowd: https://www.bugcrowd.com/

• YesWeHack: https://www.yeswehack.com/

• Intigriti: https://www.intigriti.com/

• Open Bug Bounty: https://www.openbugbounty.org/

Each platform has its own particularities: some focus more on private invitation-only programs, others on public programs, and the rewards can range from recognition in a hall of fame to quite lucrative payments.

At the moment, I haven't delved as deeply into this field as I would like, but I want to dedicate a specific section of the blog to documenting my progress, my first experiences, and perhaps some write-ups (obviously taking care not to reveal sensitive information or active vulnerabilities).

Conclusion

As you can see, there are multiple platforms for learning and practicing cybersecurity, whether from the offensive, defensive, or mixed side, or even facing real environments through bug bounty programs. Each one provides a different and complementary perspective: some help you improve the technical side of exploitation, others train you in detection and response, and others bring you closer to the reality of the job market and professional research.

The idea is to explore little by little, slowly but surely, trying out different challenges and documenting your progress. This way, you not only reinforce what you have learned, but you also create your own roadmap for progression within cybersecurity.