Student home lab
A student or career-changer studying for a certification like Security+ or OSCP, or just teaching themselves cybersecurity hands-on, running everything on a spare laptop, an old PC, a handful of VMs, or a Raspberry Pi — with essentially no budget and a strong preference for open-source tools whose source they can actually read.
A zero-cost toolkit spanning nearly every domain in this landscape, chosen for learning value over production polish: a self-hosted firewall and IAM server to configure by hand, network monitoring and packet analysis tools to watch traffic, the standard offensive-security OS and exploitation framework, open-source SIEM/EDR and forensics tools, and a home-lab-scale taste of threat intel, incident response, and GRC — everything a learner needs to practice the full attack-and-defend lifecycle without spending a cent.
The stack, layer by layer
All 10 defense layers, in order — what this team chose, why, and what they left for later.
- 01
Identity & Access
KeycloakCommunity projectFreeSelf-hosting an IAM server is exactly the point for a learner — configuring SSO, SAML, and OIDC by hand teaches how identity federation actually works instead of just clicking through a vendor's console.
- 02
Endpoint Protection
WazuhWazuh, Inc.FreeA single free, self-hosted platform combining EDR, log analysis, and file integrity monitoring gives a home lab realistic endpoint telemetry to practice detection on without juggling several separate agents.
osqueryCommunity projectFreeQuerying a live system's processes and configuration as SQL tables is a hands-on way to learn what an EDR agent is actually collecting under the hood, for free, on the learner's own machine.
- 03
Network Security
pfSense CENetgateFreeA free, self-hosted firewall and router turns a spare PC into real network infrastructure to configure — VPN, content filtering, VLANs — rather than reading about firewall rules without ever writing one.
Security OnionSecurity Onion SolutionsFreeBundles Suricata, Zeek, and the Elastic Stack into one ready-to-deploy network monitoring platform, saving a solo learner the integration work while still exposing the individual open-source tools underneath.
WiresharkCommunity projectFreeThe standard tool for actually looking at packets field by field, which is where a lot of foundational networking and protocol knowledge gets learned that no amount of reading replaces.
NmapCommunity projectFreeThe standard reconnaissance scanner for practicing asset discovery and service enumeration against a learner's own home lab targets, foundational to both offensive and defensive coursework.
- 04
Email Security
Not covered
No email security selected — phishing and malicious email remain common initial-access paths.
- 05
Cloud Security
ProwlerProwlerFreeRunning hundreds of free posture checks against a personal AWS free-tier account teaches cloud security assessment hands-on without needing a paid CNAPP subscription.
- 06
Application Security
ZAP by CheckmarxCheckmarxFreeA free, full-featured web application scanner with deep OWASP roots — the standard starting point for learning hands-on web app security testing.
NucleiProjectDiscoveryFreeA huge, community-maintained library of scan templates lets a learner see how real CVEs and misconfigurations get detected in practice, for free, against their own test targets.
BanditCommunity projectFreeA free, lightweight way to learn what static analysis actually flags in Python code — hardcoded secrets, insecure function use — without standing up a full enterprise SAST platform.
OWASP Dependency-CheckCommunity projectFreeTeaches software composition analysis fundamentals — matching dependencies against known-vulnerability databases — as a free command-line tool a learner can run against any personal project.
- 07
Data Protection
GnuPGCommunity projectFreeLearning to generate, manage, and use PGP keypairs by hand — for signing and encrypting files and email — is foundational cryptography knowledge that a managed cloud KMS abstracts away entirely.
ageCommunity projectFreeA deliberately small, modern alternative to PGP for encrypting individual files, worth learning alongside GnuPG specifically because its simplicity makes the underlying concepts easier to see clearly.
- 08
Detection & Response
Kali LinuxOffSecFreeA preconfigured offensive-security environment with the reconnaissance, exploitation, and forensics tools commonly used in training labs and CTFs.
Metasploit FrameworkRapid7FreeA free exploitation framework for learning how a documented vulnerability becomes a working exploit, pairing with the reconnaissance and scanning tools earlier in the lab.
MISPCommunity projectFreeRunning a personal MISP instance and pulling in public feeds teaches how threat intelligence sharing communities actually work, from the inside, rather than just consuming a vendor's finished feed.
TheHiveStrangeBeeFreemiumA free-tier case management platform lets a learner practice structuring an investigation — triage, evidence, timeline — the way a real SOC analyst would, instead of just chasing alerts ad hoc.
Cortex (TheHive)StrangeBeeFreePairs with TheHive to practice automated enrichment — looking up an IP or file hash against real intelligence services — the analyst workflow TheHive alone doesn't automate.
OpenVAS (Greenbone Community Edition)GreenboneFreeThe standard open-source vulnerability scanner for practicing authenticated and unauthenticated scanning against the learner's own lab targets, free of the licensing a commercial scanner would require.
AutopsyCommunity projectFreeA free graphical platform for practicing disk-image analysis, deleted-file recovery, and timeline reconstruction.
Volatility 3Community projectFreeThe standard framework for memory forensics, teaching a learner to pull processes and injected code out of a RAM capture — where a lot of modern malware lives without ever touching disk.
- 09
Resilience & Recovery
resticCommunity projectFreeA learner should back up their own lab the way professionals back up production; restic is free, open source, and teaches encrypted, deduplicated, content-addressable backups by hand from the command line — the concepts every commercial backup tool hides behind a GUI.
- 10
Compliance & Awareness
erambaErambaFreemiumA free, real GRC platform for practicing risk registers, control frameworks, and policy management hands-on, rather than only reading about what a GRC program is supposed to contain.
GophishCommunity projectFreeA free, self-hosted phishing simulation framework for practicing the attacker side of security-awareness training — building a campaign and landing page — which is exactly how a red-teamer or SAT practitioner learns the mechanics.