Authoritative, free references worth bookmarking forever. Read the source before the blog post.

• OWASP Top 10free
  The canonical list of web application security risks.
• OWASP Cheat Sheet Seriesfree
  Concise, practical guidance for secure development.
• Arch Wikifree
  The best Linux documentation in existence — useful far beyond Arch.
• MITRE ATT&CKfree
  Knowledge base of real adversary tactics and techniques.
• Linux man pagesfree
  Run `man <tool>` — the definitive reference for every utility.
• CWE Databasefree
  Common Weakness Enumeration catalog of software flaws.

Legal, sandboxed environments to practice offensive and defensive skills against intentionally vulnerable machines.

• TryHackMefree
  Guided beginner-friendly rooms with built-in browser machines.
• Hack The Boxfree
  Realistic boxes and an academy track for deeper study.
• OverTheWirefree
  Wargames teaching Linux, networking, and binary basics via SSH.
• PortSwigger Web Security Academyfree
  Free, world-class labs covering every web vulnerability class.
• PicoCTFfree
  Year-round beginner CTF challenges from Carnegie Mellon.
• VulnHubfree
  Downloadable vulnerable VMs you can run fully offline.

The standard, free tools you will see referenced across nearly every guide and lab.

• Nmapfree
  Network discovery and port scanning.
• Wiresharkfree
  Packet capture and protocol analysis.
• Burp Suite (Community)free
  Intercepting proxy for web application testing.
• Metasploit Frameworkfree
  Exploitation and payload framework.
• John the Ripper / Hashcatfree
  Password hash auditing and recovery.
• Ghidrafree
  NSA's free software reverse-engineering suite.

Foundational texts that go deeper than any tutorial. Many have free editions or chapters online.

• The Web Application Hacker’s Handbookpaid / book
  The definitive web pentesting reference.
• Practical Malware Analysispaid / book
  Hands-on introduction to dissecting malicious software.
• The Linux Command Line (W. Shotts)free
  Free PDF — essential shell fundamentals.
• Hacking: The Art of Exploitationpaid / book
  Low-level exploitation and C/assembly foundations.
• Crypto 101free
  Free, approachable introduction to cryptography.
• RFCs (datatracker.ietf.org)free
  The actual specifications behind every protocol.

Capture The Flag events sharpen problem-solving under pressure and connect you with the community.

• CTFtimefree
  Calendar and rankings for every public CTF event.
• Jeopardy-style CTFsfree
  Solve categorized challenges for points (web, crypto, pwn, forensics).
• Attack/Defense CTFsfree
  Defend your services while exploiting others in real time.
• PicoCTF Gymfree
  Always-available practice challenges for newcomers.

Security moves fast. Follow primary sources and community hubs to keep your knowledge fresh.

• CISA Advisoriesfree
  Official US government vulnerability and threat alerts.
• NVD (National Vulnerability Database)free
  Searchable database of CVEs with severity scoring.
• Krebs on Securityfree
  In-depth investigative security journalism.
• r/netsec & r/AskNetsecfree
  Community discussion, news, and beginner questions.
• Exploit Databasefree
  Archive of public exploits and proof-of-concept code.