- https://github.com/jassics/security-study-plan - Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
- For complete newbies, start here.
- SANS New to Cyber Field Manual - The Ultimate Guide to Getting into Cyber
- https://www.cyberaces.org/courses.html - Free SANS intro to security course.
- EC Council Essential's Series - The Essential Series includes three courses, each covering essential skills in Network Defense, Ethical Hacking, and Digital Forensics. This introductory course series is designed for today's entry-level careers in information security, network defense, and digital forensics and is ideal for learners aspiring to pursue a career in cybersecurity.
- Cisco Networking Academy: Intro to Cyber Security - Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion.
- Cisco Netwoking Academy: Cyber Security Essentials - Foundational knowledge and essential skills for all cybersecurity domains, including info security, systems sec, network sec, ethics and laws, and defense and mitigation techniques used in protecting businesses.
- https://www.hoppersroppers.org/training.html - The training portion of the site is designed to teach core competencies and more importantly, provide a wide base of knowledge on how to find and use the resources available.
- MICS - Introduction to Cyber Security - MICS teaches entry-level cyber security skills in domains such as open-source intelligence, security tools, operational security, network reconnaissance and threat hunting. Students who have successfully achieved their MICS Certification from MCSI can apply for winter/summer internships worldwide with the confidence that they have the competencies the industry is seeking.
- Cybersecurity 101: The Fundamentals of Cybersecurity by Crowdstrike.
- https://www.mandiant.com/mandiant-gives-back/free-cyber-defense-training - Access free on-demand cyber defense training courses to advance your understanding of the six critical functions of cyber defense and learn how to activate them in your organization. This expert training is based on a new book published by Mandiant, titled The Defender’s Advantage, written by frontline cyber security experts from Mandiant’s strategic consulting and threat intelligence teams.
- https://www.edx.org/course/cs50s-introduction-to-computer-science
- https://missing.csail.mit.edu/ - The missing CS semester
 (1).png)
- Networking Basics: Part 1
- Networking Basics: Part 2
- Seven Second Subnetting: https://www.youtube.com/watch?v=ZxAwQB8TZsM
- Subnet Guide: https://drive.google.com/file/d/1ETKH31-E7G-7ntEOlWGZcDZWuukmeHFe/view
- https://www.hackers-arise.com/post/2019/05/20/network-basics-for-hackers-domain-name-service-dns-and-bind-theory-vulnerabilities-and-im
- https://tryhackme.com/room/introtonetworking
- Crypto 101 - Crypto for everyone
- CryptoParty Handbook
- Handbook of Applied Cryptography
- A Graduate Course in Applied Cryptography
- Infosec Color Wheel - Making sense of the different groups and roles within Cyber
- https://shehackspurple.ca/2022/01/01/jobs-in-information-security-infosec/
- https://www.cyberseek.org/heatmap.html
- Cyber career pathway guide
- Cyber Job Hunting Guide
- https://zeltser.com/getting-the-right-it-job-tips/
- https://github.com/rezaduty/cybersecurity-career-path
- Choose-your-own-adventure - Cyber Careers
This goes perfectly between Career resources and Training material as cyber certifications cover both. As a rule of thumb, start with getting certifications that qualify you for the job you want. Then pursue other certifications or training depending on what skill set you wish to grow. Combine certification based training with the below resources for optimal growth.
{% content-ref url="cyber-security-certifications/" %} cyber-security-certifications {% endcontent-ref %}
- https://ippsec.rocks/?# - Amazing resource from a hacker with an incredible amount of content. Not only does IPPSEC have a ton of youtube content on various cyber topics, they even have a search engine like tool for looking for resources around any topic you search for.
- Infosec_Reference - The only other reference with enough material to rival my own.
- Rawsec's CyberSecurity Inventory - Huge repo of tools, guides, and other resources.
- JonnyBanana/Huge-Collection-of-CheatSheet
- https://github.com/EbookFoundation/free-programming-books/blob/master/books/free-programming-books.md
- https://www.freetechbooks.com/
- https://github.com/Aksheet10/Cyber-security-resources
- https://asecuritysite.com/ - Great Collections of training on different cyber related topics.
- The Five Pillars of an Information/Cyber Security Professional
- IT/Cyber Law
- https://derechodelared.com/wp-content/uploads/2021/04/Cybersecurity-Domains-Map-3.0.pdf
- TryHackMe - Bite sized gamified lessons on various offensive and defensive topics.
- https://academy.attackiq.com/ - Free courses taught by cybersecurity practitioners at the cutting edge of the field, students gain realistic, hands-on experience in building a threat-informed defense to improve cybersecurity effectiveness.
- https://opensecuritytraining.info/ - Open source platform that provides crowd sources free training on various cyber topics.
- https://www.thecybermentor.com/ - The platform of the Cyber Mentor. This site offers both free and premium training material and even their own practical penetration testing certification.
- https://www.udemy.com/ - Video learning platform with thousands of courses on various topics. Look for the security related topics and sort bby popularity.
- https://my.ine.com/ - The official training platform for https://elearnsecurity.com/ and their collection of certifications.
- https://www.cybrary.it/ - Cybrary is the fastest growing, fastest-moving catalog in the industry. By working with an elite community of instructors, experts, and thought leaders, as well as cutting edge hands-on learning providers, we deliver relevant and high-quality content that is accessible anytime, anywhere.
- https://www.hacksplaining.com/lessons - Great resource for learning the ins and outs of specific attacks or vulnerabilities.
- http://www.securitytube.net/ - Like youtube for security videos. The content is great and they have a helpful forum as well.
- https://www.bugcrowd.com/hackers/bugcrowd-university/ - Security, education, and training for the whitehat hacker community.
- https://defendtheweb.net/ - Defend the Web is an interactive security platform where you can learn and challenge your skills.
- https://www.opswat.com/academy
- awesome-computer-history
- Awesome Lists Collection: Infosec
- Awesome Lists Collection: Cyber Skills
- Awesome Lists Collection: Security Talks
{% content-ref url="the-awesome-lists.md" %} the-awesome-lists.md {% endcontent-ref %}
These sections have guides on how to practice your offensive an defensive skills in either a hosted CTF/CTF style platform, or even how to build everythingyou need in a local environment.
{% content-ref url="practice-lab.md" %} practice-lab.md {% endcontent-ref %}
{% content-ref url="ctf-practice.md" %} ctf-practice.md {% endcontent-ref %}
- Blue Team Labs Online » SECURITY BLUE TEAM - A new CTF style learning platform focused on blue teaming. They offer certification tracks for thier platform and are adding more content daily.
- Blue Team Training Toolkit (BT3) - Defensive Security Training Software - Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.
- OpenSOC - Network Defense Simulation - OpenSOC is a free blue team defensive competition that is as close to "the real thing" as it gets.
- https://cyberdefenders.org/ - CyberDefenders is a training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice, validate the skills they have, and acquire the ones they need.
- TryHackMe - Bite sized gamified lessons on various offensive and defensive topics.
- Applied Network Defense - Fantastic sets of courses by some of the best defenders in the industry.
- https://letsdefend.io/ - Practical Blue team training.
- How to start RE/malware analysis - Amazing free class on getting started in Reverse Engineering and Malware Analysis.
- https://phishing.livingsecurity.com/ - Training for analyzing phishing emails and their indicators.
- CNIT 129S: Securing Web Applications
- https://www.blueteamsacademy.com/
- Introduction to windows forensics Youtube Series
- https://www.amanhardikar.com/mindmaps/ForensicChallenges.html
- https://dfrws.org/forensic-challenges/
- https://cyberdefenders.org/labs/71
- https://cfreds.nist.gov/
- https://securitytrainings.net/security-trainings/
- Hackersploit's Malware Analaysis Bootcamp
- Digital Forensics Beginner to Expert - Google class by Shannon Brazil
- https://training.xintra.org/
- TryHackMe - Bite sized gamified lessons on various offensive and defensive topics.
- Red Team Ops Course Overview — Zero-Point Security
- Metasploit Unleashed - Free Online Ethical Hacking Course
- Practical Ethical Hacking - The Complete Course | Udemy
- Hackersploit Ethical Hacking and Penetration Testing Video series
- https://institute.sektor7.net/ - Training provider with offensive focused courses
- https://www.fortynorthsecurity.com/public-training- Training provider with offensive focused classes both free and premium.
- https://www.netspi.com/training/ - Training provider with both public and private offensive focused courses
- Nightmare by GuyInAuxedo - Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
- https://hackersploit.org/ - Blog posts and guides to different offensive tactics.
- https://pentesting.cloud/ - A Free Pen Testing Learning Platform
- All learning materials | Web Security Academy - This platform has replaced the Web Application Hackers Handbook as the go to learning resource for web application knowledge. Huge list of attacks, resources, and documentation on how to exploit or defend them. There are also amazingly handy hands on labs that you can complete with the community version of Burp!
- Burp Suite Certified Practitioner - The official Burp Suite user certification from PortSwigger
- Bugcrowd University | Bugcrowd - Resources and training from one of the top Bug Bounty platforms on the market.
- Burp Suite: In Depth Survival Guide | Udemy - Burp Suite is huge and complex. This course is a fantastic way to start making sense of all the utility in the tool
- Web Application Penetration Testing Training Course | (ISC)²
- Cyber Mentor's Intro to Bug Bounty
- https://www.isc2.org/Development/Express-Learning-Courses/Web-Application-Penetration-Testing
- https://www.hacksec.in/
- crAPI - completely ridiculous API (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.
- https://github.com/jassics/security-study-plan/blob/main/web-pentest-study-plan.md
{% content-ref url="books-and-reading.md" %} books-and-reading.md {% endcontent-ref %}
Check these every day for new tools and tactics for offensive and defensive security.
- https://www.sans.org/security-awareness-training/blog
- https://www.sans.org/webcasts
- https://www.sans.org/reading-room
- https://www.activecountermeasures.com/blog/
- https://medium.com/mitre-attack
- https://pentestlab.blog/
- https://letsdefend.io/blog/
- https://www.threathunting.se/
- https://www.pentestgeek.com/blog
- https://www.infosecmatter.com/
- https://infosec-conferences.com/ - List of all cons over the course of the year, world wide.
- ConCollector - An awesome tool that allows you to parse content from thousands of secrity Cons.
- https://wildwesthackinfest.com/training-schedule/ - Keep an eye out for their Pay-What-You-Can SOC Core skills class. Absolute gold for everyone regardless of skill level.
- Hacker Summer Camp
- B-Sides - Localized security conventions all across the world.
- Cyber Security Discord channel collection
- Twitter feeds
- Forums
- http://sla.ckers.org/forum/index.php
- http://www.ethicalhacker.net/
- http://www.backtrack-linux.org/forums/
- http://www.elitehackers.info/forums/
- http://www.hackthissite.org/forums/index.php
- http://securityoverride.com/forum/index.php
- http://www.iexploit.org/
- http://bright-shadows.net/
- http://www.governmentsecurity.org/forum/
- http://forum.intern0t.net/
- https://book.hacktricks.xyz/
- http://0xc0ffee.io/blog/OSCP-Goldmine
- https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
- https://www.explainshell.com/
- https://isc.sans.edu/links.html
- https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
- https://github.com/KathanP19/HowToHunt
- https://github.com/sans-blue-team
- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://github.com/byt3bl33d3r
- https://github.com/threatexpress
- https://github.com/m4ll0k?tab=repositories
- https://github.com/danielmiessler/SecLists
- https://github.com/Shiva108/CTF-notes
- https://github.com/Dionach
- https://github.com/Tib3rius
- https://github.com/We5ter/Scanners-Box
- https://github.com/tomnomnom
- https://github.com/tjnull
- https://github.com/activecm
- https://github.com/nullsecuritynet/tools/tree/master/scanner
- https://github.com/fireeye
- https://github.com/humanetech-community/awesome-humane-tech#tracking
- Peter Yarowski - https://www.youtube.com/c/yaworsk1
- HackerOne - https://www.youtube.com/c/HackerOneTV
- Stok - https://www.youtube.com/c/STOKfredrik
- BugCrowd - https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww
- Hakluke - https://www.youtube.com/channel/UCCzvz8jsulXm27Cd6k3vzyg
- Nahamsec - https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw
- LiveOverflow - https://www.youtube.com/c/LiveOverflow
- PortSwigger - https://www.youtube.com/channel/UCkytgKNbJ0L1UuN1K27GAKA
- InsiderPHD's List for Beginners - https://www.youtube.com/playlist?list=PLbyncTkpno5FAC0DJYuJrEqHSMdudEffw
- SimplyCyber Weekly vids, Simply Cyber brings Information security related content to help IT or Information Security professionals take their career further, faster. - https://www.youtube.com/c/GeraldAuger
- IPPSec - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
- Pentester Academy TV - lots of brief videos, very regular posting, up to +8 a week https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA
- Open SecurityTraining - lots of lengthy lecture-style vids, no recent posts, but quality info. https://www.youtube.com/channel/UCthV50MozQIfawL9a_g5rdg
- John Hammond - Solves CTF problems. contains pen testing tips and tricks https://www.youtube.com/user/RootOfTheNull
- HackerSploit - regular posts, medium length screenshot vids, with dialog https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q