It has been a couple of years since I discovered PentesterLab, and I continue to be impressed by their vulnerable VM exercises and the corresponding coursework offered for free, but their Pentester Boot Camp is something that anyone interested in getting into infosec (and especially pentesting) should take a look at. It uses a Try Harder-style approach whereby it gives learners just enough about a topic to dig deeper and learn for themselves.
The boot camp teaches many topics, including (but not limited to):
- Linux (basic administration) and Scripting (Ruby/Python/Perl)
- HTTP, including setting up a LAMP stack from scratch and writing your own HTTP client
- DNS and whois lookups
- Zone Transfers
- SSL/TLS, including writing your own SSL client
- SQLi and LFI
- Wireshark and traffic analysis
- iptables
- NMAP
- and much more
I highly recommend it, as there is something for people of any skill level.
They also have a new paid offering that looks promising, with new hands-on exercises every month, videos, PDFs and more, for around $20/month. I’ll probably be checking that out soon.