Develop your Cyber Security skills and knowledge with these cool projects

David Luchi
4 min readJun 20, 2022


Cybersecurity is a vast and complex field, and it can be difficult to know where to start if you’re interested in getting into it. However, there are some great projects you can do to develop your skills and knowledge in the area.

In this blog post, we’ll explore some interesting cybersecurity projects that you can use to practice your skills and broaden your understanding of the field. Whether you’re interested in pentesting, app sec, cloud security, blue teaming, or malware analysis, there are plenty of opportunities to learn and grow in the world of cybersecurity.

So, let’s take a look at some cool projects you can do to develop your cybersecurity skills!

Photo by Scott Graham on Unsplash


First things first: Cybersecurity is not just pentest. Most guides, courses, and labs will focus on the penetration side of things, it’s a sexy area, and everyone would like to be a hacker as shown in Hollywood movies but if it’s not for you don’t fill pressured to practice it, focus in what you like.

Okay, so you want to be a penetration tester? Begin with the basics and study how the most popular attacks function. Try them out on purposefully vulnerable systems like webgoat, DVWA, and Metasploitable. When you’re ready, move on to more challenging CTFs such as hack the box, complex vulnerable cloud environments like, and kubegoat for Kubernetes.

At this stage, you’re probably quite skilled at a position in the field, but if you want something bigger, consider developing your own settings and breaking them with new exploits or attempting to figure out how a patch addressed a vulnerability.

Please be advised that the act of hacking live systems/websites/applications is considered a crime and you may be fined or imprisoned, but some organizations do have a bug bounty program, which you should read carefully before attempting anything.

Application Security

To get started in app sec, you should first understand how web applications work and the common vulnerabilities that exist in them. A great way to learn about these things is by looking at OWASP Top 10. Once you have a good understanding of the risks involved in web application development, you can start playing with some tools and scenarios.

This is a variant of pentesting that focuses more on the application side of things. To begin, get The Web Application Hacker’s Handbook (old but still relevant) and learn about the major hacks and vulnerabilities; there are some scenarios in there you may also use to practice.

Now that you know how to analyze code, the next challenge may be finding or creating vulnerable samples and exploiting them, then correcting the problem. Go to the project after you’ve gotten really good at it and do your best scanning your code/app with SAST, DAST, and SCA tools to get the vulnerabilities discovered.

Photo by Oskar Yildiz on Unsplash


Start deploying basic infrastructure on your chosen cloud. Cloud providers, for example, AWS, have several labs and lessons where you can practice as you go. Learn how to deploy components using the native solution, terraform, and API. Take a look at CIS and CSA standards for cloud security, learn how flaws and misconfigurations occur, and try to repair them (be careful about putting vulnerable stuff on the internet). Most clouds provide a free tier where you can use most services for free.

Blue Team

Is defending your main concern? If you want to build on a defensive foundation, you may replicate any of the above projects, but instead of going for exploitation, go for adding monitoring tools like IDS/IPS, endpoint protection, telemetry, and SRE tooling so that all alarms are sent to a SIEM/SOAR. Try setting up native security tooling and auto-remediation actions in cloud environments. It’s a bit of a risk but you might as well spin up a honeypot and study the attacks that come into it.


There are a plethora of crackme problems on the internet, so get all of the tools you’ll need and attempt to solve them once you’ve learned the basics. You may also attempt to breach old and simple software (IP protection laws might apply here; be cautious). Spin up a virtual machine and test an old malware when you’re ready.

More information regarding forensics can be found on the internet, as well as network dumps that can be analyzed in order to figure out what occurred.

Photo by Amélie Mourichon on Unsplash

Cybersecurity is a field full of possibilities, and the best way to learn is by doing. Use the knowledge you have to try and solve problems in creative ways; this will help you understand the concepts better and give you a competitive advantage when applying for jobs or conducting research.

It’s important to find an area of focus and try to get really good at it before moving on to other topics. The key is to keep learning and practicing as much as possible. There are plenty of resources available online, so make use of them.

Don’t be afraid to ask for help when you’re stuck, there are plenty of resources and people who are willing to help out. Finally, have fun and enjoy the challenge! Thanks for reading!



David Luchi

Head of Information Security | AWS Community Builder | CISSP | I love all things nerdy, especially Star Wars and anything to do with security.