awesome-cyber-security-university
Cyber Security Training
A curated educational resource list focusing on learn-by-doing cyber security training
🎓 Because Education should be free. Contributions welcome! 🕵️
2k stars
39 watching
168 forks
last commit: about 1 month ago
Linked from 2 awesome lists
awesomeawesome-listcoursescurriculumcyber-securitycybersecurityeducationeducational-projectfreehackinglearning-by-doing
Awesome Cyber Security University / Introduction and Pre-Security / Level 1 - Intro | |||
| OpenVPN | Learn how to connect to a virtual private network using OpenVPN | ||
| Welcome | Learn how to use a TryHackMe room to start your upskilling in cyber security | ||
| Intro to Researching | A brief introduction to research skills for pentesting | ||
| Linux Fundamentals 1 | Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal | ||
| Linux Fundamentals 2 | Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal | ||
| Linux Fundamentals 3 | Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal | ||
| Pentesting fundamentals | Fundamentals of penetration testing | ||
| Principles of security | Principles of security | ||
| Red Team Engagements | Intro to red team engagements | ||
| Hip Flask | An in-depth walkthrough covering pentest methodology against a vulnerable server | ||
| Practice Linux Commands | A free course with 41 hands-on labs to practice and master the most commonly used Linux commands | ||
| Google Dorking | Explaining how Search Engines work and leveraging them into finding hidden content! | ||
| Osint | Intro to Open Source Intelligence | ||
| Shodan.io | Learn about Shodan.io and how to use it for device enumeration | ||
Awesome Cyber Security University / Free Beginner Red Team Path / Level 2 - Tooling | |||
| Tmux | Learn to use tmux, one of the most powerful multi-tasking tools on linux | ||
| Nmap,Curl and Netcat | Get experience with Nmap, Curl and Netcat for network communications | ||
| Web Scanning | Learn the basics of automated web scanning | ||
| Sublist3r | Learn how to find subdomains with Sublist3r | ||
| Metasploit | An introduction to the main components of the Metasploit Framework | ||
| Hydra | Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials | ||
| Linux Privesc | Practice your Linux Privilege Escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root! SSH is available | ||
| Red Team Fundamentals | Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements | ||
| Red Team Recon | Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target | ||
| Nmap Tutorials | Learn and practice the basics of network scanning using Nmap | ||
| Vulnversity | Learn about active recon, web app attacks and privilege escalation | ||
| Blue | Deploy & hack into a Windows machine, leveraging common misconfigurations issues | ||
| Simple CTF | Beginner level CTF | ||
| Bounty Hacker | A space cowboy-themed boot to root machine | ||
Awesome Cyber Security University / Free Beginner Red Team Path / Level 3 - Crypto & Hashes with CTF practice | |||
| Crack the hash | Cracking hash challenges | ||
| Agent Sudo | You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth | ||
| The Cod Caper | A guided room taking you through infiltrating and exploiting a Linux system | ||
| Ice | Deploy & hack into a Windows machine, exploiting a very poorly secured media server | ||
| Lazy Admin | Easy linux machine to practice your skills | ||
| Basic Pentesting | This is a machine that allows you to practice web app hacking and privilege escalation | ||
| Bypassing UAC | Learn common ways to bypass User Account Control (UAC) in Windows hosts | ||
Awesome Cyber Security University / Free Beginner Red Team Path / Level 4 - Web | |||
| OWASP top 10 | Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks | ||
| Inclusion | A beginner-level LFI challenge | ||
| Injection | Walkthrough of OS Command Injection. Demonstrate OS Command Injection and explain how to prevent it on your servers | ||
| Juiceshop | This room uses the OWASP juice shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities | ||
| Overpass | What happens when some broke CompSci students make a password manager | ||
| Year of the Rabbit | Can you hack into the Year of the Rabbit box without falling down a hole | ||
| DevelPy | Boot2root machine for FIT and bsides Guatemala CTF | ||
| Jack of all trades | Boot-to-root originally designed for Securi-Tay 2020 | ||
| Bolt | Bolt themed machine to root into | ||
Awesome Cyber Security University / Free Beginner Red Team Path / Level 5 - Reverse Engineering & Pwn | |||
| Intro to x86 64 | This room teaches the basics of x86-64 assembly language | ||
| CC Ghidra | This room teaches the basics of ghidra | ||
| CC Radare2 | This room teaches the basics of radare2 | ||
| Reverse Engineering | This room focuses on teaching the basics of assembly through reverse engineering | ||
| Reversing ELF | Room for beginner Reverse Engineering CTF players | ||
| Dumping Router Firmware | Reverse engineering router firmware | ||
| Intro to pwntools | Introduction to popular pwn tools framework | ||
| Pwnkit: CVE-2021-4034 | Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package | ||
Awesome Cyber Security University / Free Beginner Red Team Path / Level 6 - PrivEsc | |||
| Sudo Security Bypass | A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series | ||
| Sudo Buffer Overflow | A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series | ||
| Windows Privesc Arena | Students will learn how to escalate privileges using a very vulnerable Windows 7 VM | ||
| Linux Privesc Arena | Students will learn how to escalate privileges using a very vulnerable Linux VM | ||
| Windows Privesc | Students will learn how to escalate privileges using a very vulnerable Windows 7 VM | ||
| Blaster | Metasploit Framework to get a foothold | ||
| Ignite | A new start-up has a few security issues with its web server | ||
| Kenobi | Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation | ||
| Capture the flag | Another beginner-level CTF challenge | ||
| Pickle Rick | Rick and Morty themed LFI challenge | ||
Awesome Cyber Security University / Free Beginner Blue Team Path / Level 1 - Tools | |||
| Introduction to digital forensics | Intro to Digital Forensics | ||
| Windows Fundamentals | Intro to Windows | ||
| Nessus | Intro to nessus scan | ||
| Mitre | Intro to Mitre attack framework | ||
| IntroSIEM | Introduction to SIEM | ||
| Yara | Intro to yara for malware analysis | ||
| OpenVAS | Intro to openvas | ||
| Intro to Honeypots | Intro to honeypots | ||
| Volatility | Intro to memory analysis with volatility | ||
| Red Line | Learn how to use Redline to perform memory analysis and scan for IOCs on an endpoint | ||
| Autopsy | Use Autopsy to investigate artifacts from a disk image | ||
Awesome Cyber Security University / Free Beginner Blue Team Path / Level 2 - Security Operations, Incident Response & Threat Hunting | |||
| Investigating Windows | Investigating Windows | ||
| Juicy Details | A popular juice shop has been breached! Analyze the logs to see what had happened | ||
| Carnage | Apply your analytical skills to analyze the malicious network traffic using Wireshark | ||
| Squid Game | Squid game-themed CTF | ||
| Splunk Boss of the SOC V1 | Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information | ||
| Splunk Boss of the SOC V2 | Splunk analysis vol 2 | ||
| Splunk Boss of the SOC V3 | Splunk analysis vol 3 | ||
| Hunt Conti with Splunk | An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server | ||
| Hunting for Execution Tactic | Join Cyborg Security's expert threat hunters as they dive into the interesting MITRE ATT&CK Tactic of Execution (TA0002) | ||
| Hunting for Credential Access | Join Cyborg Security's expert threat hunters as they dive into the interesting MITRE ATT&CK Tactic of Credential Access (TA0006) | ||
| Hunting for Persistence Access | Join Cyborg Security's team of threat hunting instructors for a fun and hands-on-keyboard threat hunting workshop covering the topic of adversarial persistence (TA0003) | ||
| Hunting for Defense Evation | Join Cyborg Security's expert threat hunters as they dive into the interesting MITRE ATT&CK Tactic of Defense Evasion (TA0005) | ||
Awesome Cyber Security University / Free Beginner Blue Team Path / Level 3 - Beginner Forensics, Threat Intel & Cryptography | |||
| Martryohka doll | Beginner file analysis challenge | ||
| The Glory of the Garden | Beginner image analysis challenge | ||
| Packets Primer | Beginner packet analysis challenge | ||
| Wireshark doo doo doo | Beginner packet analysis challenge | ||
| Wireshark two two two | Beginner packet analysis challenge | ||
| Trivial flag transfer protocol | Beginner packet analysis challenge | ||
| What Lies within | Beginner decoding analysis challenge | ||
| Illumination | Medium level forensics challenge | ||
| Emo | Medium level forensics challenge | ||
| Obsecure | Medium level forensics challenge | ||
| Intel101 Challenge | Medium level Threat Intel challenge | ||
| Introduction to Cryptohack | Medium level cryptography challenge | ||
Awesome Cyber Security University / Free Beginner Blue Team Path / Level 4 - Memory & Disk Forensics | |||
| Sleuthkit Intro | Medium level disk forensics challenge | ||
| Reminiscent | Medium level disk forensics challenge | ||
| Hunter - Windows Disk Image Forensics | Medium level disk forensics challenge | ||
| Spotlight - Mac Disk Image Forensics | Medium level disk forensics challenge | ||
| Ulysses - Linux Disk Image Forensics | Medium level disk forensics challenge | ||
| Banking Troubles - Windows Memory Image Forensics | Medium level memory forensics challenge | ||
| Detect Log4J | Medium level disk forensics challenge | ||
Awesome Cyber Security University / Free Beginner Blue Team Path / Level 5 - Malware and Reverse Engineering | |||
| History of Malware | Intro to malware history | ||
| Malware Introduction | Intro to malware | ||
| Basic Malware Reverse Engineering | Intro to malware RE | ||
| Intro Windows Reversing | Intro to Windows RE | ||
| Windows x64 Assembly | Introduction to x64 Assembly on Windows | ||
| JVM reverse engineering | Learn Reverse Engineering for Java Virtual Machine bytecode | ||
| Get PDF (Malicious Document) | Reversing PDF malware | ||
Awesome Cyber Security University / Bonus CTF practice and Latest CVEs | |||
| Bandit | Aimed at absolute beginners and teaches the basics of remote server access | ||
| Natas | Teaches the basics of serverside web-security | ||
| Post Exploitation Basics | Learn the basics of post-exploitation and maintaining access with mimikatz, bloodhound, powerview and msfvenom | ||
| Smag Grotto | An obsecure boot to root machine | ||
| Dogcat | I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container | ||
| Buffer Overflow Prep | Practice stack-based buffer overflows | ||
| Break out the cage | Help Cage bring back his acting career and investigate the nefarious going on of his agent | ||
| Lian Yu | A beginner-level security challenge | ||
| Insecure Kubernetes | Exploiting Kubernetes by leveraging a Grafana LFI vulnerability | ||
| The Great Escape (docker) | Escaping docker container | ||
| Solr Exploiting Log4j | Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun | ||
| Spring4Shell | Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework | ||
| Most Recent threats | Learn about the latest industry threats. Get hands-on experience identifying, exploiting, and mitigating critical vulnerabilities | ||
Awesome Cyber Security University / Bonus Windows | |||
| Attacktive Directory | Learn about 99% of Corporate networks that run off of AD | ||
| Retro | Breaking out of the retro-themed box | ||
| Blue Print | Hack into this Windows machine and escalate your privileges to Administrator | ||
| Anthem | Exploit a Windows machine in this beginner-level challenge | ||
| Relevant | Penetration Testing Challenge | ||
Awesome Cyber Security University / Extremely Hard Rooms to do | |||
| Ra | You have found WindCorp's internal network and their Domain Controller. Pwn the network | ||
| CCT2019 | Legacy challenges from the US Navy Cyber Competition Team 2019 Assessment sponsored by US TENTH Fleet | ||
| Theseus | The first installment of the SuitGuy series of very hard challenges | ||
| IronCorp | Get access to Iron Corp's system | ||
| Carpe Diem 1 | Recover your client's encrypted files before the ransomware timer runs out | ||
| Borderlands | Compromise a perimeter host and pivot through this network | ||
| Jeff | Hack into Jeff's web server | ||
| Year of the Owl | Owl-themed boot to root machine | ||
| Anonymous Playground | Want to become part of Anonymous? They have a challenge for you | ||
| EnterPrize | Enterprise-themed network to hack into | ||
| Racetrack Bank | It's time for another heist | ||
| Python Playground | Use python to pwn this room | ||
Awesome Cyber Security University / Footnotes / Contributors & stargazers ✨ | |||
| Oaker Min | |||
| Michael Paul Coder | |||
sindresorhus/awesome
0ex/more-awesome