The blog post provides a comprehensive review of red-teaming training platforms for 2024. Readers will learn about the most effective platforms to advance in red teaming, based on immersive experiences, skill development, and job opportunities. It compares the most popular platforms, evaluating their use of gamification, hands-on labs, structured learning paths, certifications, and career support.

...for those who are trying to move into the red teaming.

Red teaming as a tool is gradually losing the stigma of "being a troublemaker" and is being called a key contributor to security. What can bring more comfort to a CISO than validating his security program by challenging it with simulations of real adversaries?

The goal was to find the best available platform that would allow a student to become an experienced red teamer.

TL:DR If you want to approach red-teaming in an immersive and effective way, choose Hack The Box or TryHackMe. If fun is not such a priority, OFFSec or SANS will also safely lead you to the top of the red team's expertise.

Review methodology

• The capabilities of well-known platform providers have been challenged by 10 features or attributes that we believe such a platform must have.
• The attributes were grouped into 3 categories.
• The collected information was taken from the websites of the platforms, as they presented their offers to the public at the time of the research.
• Each attribute was scored in the following way

Fulfilled	Scoring
Yes	one point
Partially	half a point
No	no point

• At the end, all points within the 3 categories as well as in total were added up.

AI disclosure: Generative AI was used to formulate a final conclusion using research data as well as to help build a list of candidates for review.

Attributes

The 10 key attributes, divided into 3 categories.

Thrilling Experience

Learning should be immersive to keep me interested and engaged

• Gamification - Does the platform use game-like elements such as earning points, achieving levels, and badges?
• Real-World Case Studies - Does the platform use real case studies to demonstrate the use of red-teaming techniques?

Skill Development

I need to be sure that when I go through the Red Teaming journey, I will be ready to participate in the Red Teaming exercise.

• Comprehensive Curriculum - Does the platform offer a structured and thorough curriculum for the red team?
• Hands-On - Does the platform emphasize hands-on training and real-world scenarios?
• Capture the Flag (CTF) Competitions - Does the platform regularly organize CTF events?
• Advanced Training Programs - Does the platform offer regularly updated training in line with known red team best practices such as TIBER-EU/DORA and CREST?
• Certification Program - Does the platform issue certificates upon successful completion of courses and training modules that recognize industry and regulatory standards?

Expert Broker

Now that I've made some demonstrable progress in my red teaming expertise, why not jump right into red teaming projects with the platform that educated me?

• Detailed Profiles - Does the platform maintain comprehensive profiles highlighting skills, experience, certifications, and past engagements?
• Job Listings - Does the platform allow companies to register their demand for red team services?
• Job Brokering - Does the platform mediate external contracts for red team services or partial penetration tests for registered experts?

Selection of review candidates

Candidates for this review were selected when performing simple search queries such as "red teaming training platform" or "hacking training platform".

• Cousera
• CTFlearn
• Cybrary
• Defend the Web
• Edureka
• GICSEH
• Hack The Box
• Hackerone
• HackerRank
• InfoSec Institute
• OFFSec
• Parrot CTFs
• PentesterLab
• PorSwiggerWeb Security Academy Labs
• RangeForce
• Root Me
• SANS Institute
• Security Journey
• TryHackMe
• Udemy

We expanded the list with already published articles trying to map this area and by knowledge of the various generative AI.

Results

Overall

Thrilling Experience

The category score is the sum of the points for the following attributes.

• Gamification - Does the platform use game-like elements such as earning points, achieving levels, and badges?
• Real-World Case Studies - Does the platform use real case studies to demonstrate the use of red-teaming techniques?

Skill Development

The category score is the sum of the points for the following attributes.

• Comprehensive Curriculum - Does the platform offer a structured and thorough curriculum for the red team?
• Hands-On - Does the platform emphasize hands-on training and real-world scenarios?
• Capture the Flag (CTF) Competitions - Does the platform regularly organize CTF events?
• Advanced Training Programs - Does the platform offer regularly updated training in line with known red team best practices such as TIBER-EU/DORA and CREST?
• Certification Program - Does the platform issue certificates upon successful completion of courses and training modules that recognize industry and regulatory standards?

Expert Broker

The category score is the sum of the points for the following attributes.

• Detailed Profiles - Does the platform maintain comprehensive profiles highlighting skills, experience, certifications, and past engagements?
• Job Listings - Does the platform allow companies to register their demand for red team services?
• Job Brokering - Does the platform mediate external contracts for red team services or partial penetration tests for registered experts?

Top 5 platforms for red teaming career preparation

1. Hack The Box

• Thrilling Experience: Hack The Box offers an engaging, gamified environment with real-world hacking labs that simulate adversarial situations. It excels in keeping users engaged with challenging Capture the Flag (CTF) events and red team labs.
• Skill Development: The platform offers hands-on training with practical exercises that closely mimic real-world red teaming tactics, techniques, and procedures (TTPs). It also includes regular updates aligned with industry standards.
• Expert Broker: Hack The Box features job listings and a talent registry, helping users transition into professional red team roles and penetration testing projects.

2. TryHackMe

• Thrilling Experience: Known for its accessible and gamified learning paths, TryHackMe creates an immersive red team training environment using scenario-based challenges and real-world case studies.
• Skill Development: The platform provides structured learning paths and hands-on labs specifically focused on red teaming techniques, ensuring users develop practical skills.
• Expert Broker: While TryHackMe does not directly broker jobs, its certifications and progress tracking provide students with a strong portfolio to demonstrate their red teaming capabilities to employers.

3. SANS Institute

• Thrilling Experience: Although SANS is more traditional, its real-world scenario-based training provides high-quality, immersive experiences for red team professionals. Its advanced courses focus on red team operations and threat emulation.
• Skill Development: SANS offers advanced, hands-on training that is deeply rooted in practical red teaming techniques. Its courses align with the latest industry frameworks, including MITRE ATT&CK, making it a top choice for skill development.
• Expert Broker: While SANS does not focus on job brokering, its highly respected certifications (such as GIAC Red Teaming Certificate) are valued by employers, significantly boosting career prospects.

4. Offensive Security (OffSec)

• Thrilling Experience: OffSec’s intense hands-on challenges and practical labs offer a highly immersive learning environment. The platform's focus on offensive security and red teaming ensures that users remain engaged with practical tasks.
• Skill Development: Offensive Security is renowned for its focus on practical, hands-on red teaming training, offering certifications like OSCE and OSEP, which are specifically designed for red teamers.
• Expert Broker: OffSec certifications are highly regarded in the cybersecurity community, making them a strong credential for job seekers, though the platform does not offer direct job brokering services.

Conclusion

All five platforms provide strong red teaming training, but Hack The Box and TryHackMe lead in offering an engaging, gamified Thrilling Experience combined with Skill Development through hands-on labs and real-world scenarios. For users looking to transition into professional roles, Hack The Box stands out in the Expert Broker category, offering job listings and talent brokerage. Meanwhile, SANS and OffSec provide highly respected certifications, giving red teamers valuable credentials for career advancement. Each platform effectively prepares students for real-world red team operations while offering an engaging, practical learning experience​.

About the Author

Richard Mader
An experienced IT security professional with a strong technical foundation and a passion for offensive security. Richard thrives on uncovering vulnerabilities and helping organizations proactively defend against emerging threats. With a history of leading teams and implementing robust security solutions, he combines strategic insight with hands-on expertise to enhance overall security posture. His goal is to empower companies to achieve their objectives while identifying and mitigating risks with precision and efficiency.

Spark42.tech is a research group dedicated to exploring the infinite improbabilities of cyberspace to keep reality intact. Their mission is to ensure the safety of technology, even if the algorithms and adversaries have other plans. By leveraging their expertise in vulnerability assessment and cutting-edge cybersecurity methodologies, Spark42.tech continues to drive innovation and protect critical systems from evolving threats.