Cyber Tool Stack
All stacks

Student home lab

A student or career-changer studying for a certification like Security+ or OSCP, or just teaching themselves cybersecurity hands-on, running everything on a spare laptop, an old PC, a handful of VMs, or a Raspberry Pi — with essentially no budget and a strong preference for open-source tools whose source they can actually read.

A zero-cost toolkit spanning nearly every domain in this landscape, chosen for learning value over production polish: a self-hosted firewall and IAM server to configure by hand, network monitoring and packet analysis tools to watch traffic, the standard offensive-security OS and exploitation framework, open-source SIEM/EDR and forensics tools, and a home-lab-scale taste of threat intel, incident response, and GRC — everything a learner needs to practice the full attack-and-defend lifecycle without spending a cent.

The stack, layer by layer

All 10 defense layers, in order — what this team chose, why, and what they left for later.

  1. 01

    Identity & Access

    KeycloakCommunity projectFree

    Self-hosting an IAM server is exactly the point for a learner — configuring SSO, SAML, and OIDC by hand teaches how identity federation actually works instead of just clicking through a vendor's console.

  2. 02

    Endpoint Protection

    WazuhWazuh, Inc.Free

    A single free, self-hosted platform combining EDR, log analysis, and file integrity monitoring gives a home lab realistic endpoint telemetry to practice detection on without juggling several separate agents.

    osqueryCommunity projectFree

    Querying a live system's processes and configuration as SQL tables is a hands-on way to learn what an EDR agent is actually collecting under the hood, for free, on the learner's own machine.

  3. 03

    Network Security

    pfSense CENetgateFree

    A free, self-hosted firewall and router turns a spare PC into real network infrastructure to configure — VPN, content filtering, VLANs — rather than reading about firewall rules without ever writing one.

    Security OnionSecurity Onion SolutionsFree

    Bundles Suricata, Zeek, and the Elastic Stack into one ready-to-deploy network monitoring platform, saving a solo learner the integration work while still exposing the individual open-source tools underneath.

    WiresharkCommunity projectFree

    The standard tool for actually looking at packets field by field, which is where a lot of foundational networking and protocol knowledge gets learned that no amount of reading replaces.

    NmapCommunity projectFree

    The standard reconnaissance scanner for practicing asset discovery and service enumeration against a learner's own home lab targets, foundational to both offensive and defensive coursework.

  4. 04

    Email Security

    Not covered

    No email security selected — phishing and malicious email remain common initial-access paths.

  5. 05

    Cloud Security

    ProwlerProwlerFree

    Running hundreds of free posture checks against a personal AWS free-tier account teaches cloud security assessment hands-on without needing a paid CNAPP subscription.

  6. 06

    Application Security

    ZAP by CheckmarxCheckmarxFree

    A free, full-featured web application scanner with deep OWASP roots — the standard starting point for learning hands-on web app security testing.

    NucleiProjectDiscoveryFree

    A huge, community-maintained library of scan templates lets a learner see how real CVEs and misconfigurations get detected in practice, for free, against their own test targets.

    BanditCommunity projectFree

    A free, lightweight way to learn what static analysis actually flags in Python code — hardcoded secrets, insecure function use — without standing up a full enterprise SAST platform.

    OWASP Dependency-CheckCommunity projectFree

    Teaches software composition analysis fundamentals — matching dependencies against known-vulnerability databases — as a free command-line tool a learner can run against any personal project.

  7. 07

    Data Protection

    GnuPGCommunity projectFree

    Learning to generate, manage, and use PGP keypairs by hand — for signing and encrypting files and email — is foundational cryptography knowledge that a managed cloud KMS abstracts away entirely.

    ageCommunity projectFree

    A deliberately small, modern alternative to PGP for encrypting individual files, worth learning alongside GnuPG specifically because its simplicity makes the underlying concepts easier to see clearly.

  8. 08

    Detection & Response

    Kali LinuxOffSecFree

    A preconfigured offensive-security environment with the reconnaissance, exploitation, and forensics tools commonly used in training labs and CTFs.

    Metasploit FrameworkRapid7Free

    A free exploitation framework for learning how a documented vulnerability becomes a working exploit, pairing with the reconnaissance and scanning tools earlier in the lab.

    MISPCommunity projectFree

    Running a personal MISP instance and pulling in public feeds teaches how threat intelligence sharing communities actually work, from the inside, rather than just consuming a vendor's finished feed.

    TheHiveStrangeBeeFreemium

    A free-tier case management platform lets a learner practice structuring an investigation — triage, evidence, timeline — the way a real SOC analyst would, instead of just chasing alerts ad hoc.

    Cortex (TheHive)StrangeBeeFree

    Pairs with TheHive to practice automated enrichment — looking up an IP or file hash against real intelligence services — the analyst workflow TheHive alone doesn't automate.

    OpenVAS (Greenbone Community Edition)GreenboneFree

    The standard open-source vulnerability scanner for practicing authenticated and unauthenticated scanning against the learner's own lab targets, free of the licensing a commercial scanner would require.

    AutopsyCommunity projectFree

    A free graphical platform for practicing disk-image analysis, deleted-file recovery, and timeline reconstruction.

    Volatility 3Community projectFree

    The standard framework for memory forensics, teaching a learner to pull processes and injected code out of a RAM capture — where a lot of modern malware lives without ever touching disk.

  9. 09

    Resilience & Recovery

    resticCommunity projectFree

    A learner should back up their own lab the way professionals back up production; restic is free, open source, and teaches encrypted, deduplicated, content-addressable backups by hand from the command line — the concepts every commercial backup tool hides behind a GUI.

  10. 10

    Compliance & Awareness

    erambaErambaFreemium

    A free, real GRC platform for practicing risk registers, control frameworks, and policy management hands-on, rather than only reading about what a GRC program is supposed to contain.

    GophishCommunity projectFree

    A free, self-hosted phishing simulation framework for practicing the attacker side of security-awareness training — building a campaign and landing page — which is exactly how a red-teamer or SAT practitioner learns the mechanics.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.