Education

IT security training platform offering courses and certification prep

An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.

A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

A security awareness platform that combines phishing simulations with employee training to reduce organizational risk from email-based attacks.

Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.

A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.

The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.

Node.js Goof is a vulnerable Node.js demo application containing multiple security vulnerabilities for testing and educational purposes.

A tool to generate a PNG image containing a XSS payload

A collection of Local File Inclusion (LFI) vulnerability tests and exploitation techniques designed for use with Burp Suite.

Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.

A tool to help exploit XXE vulnerabilities by sending a crafted XML file to the server and parsing it to extract the data.

A mini webserver with FTP support for XXE payloads

Cybersecurity training platform with courses, certifications, and study guides.

An educational cybersecurity knowledge repository that compiles and presents hacking and cybersecurity information in an accessible format for learning purposes.

An educational repository providing structured lab materials and scripts for learning container technologies and their internal mechanisms.

mkCTF is a framework for creating and managing jeopardy-style CTF challenges with configurable structure and automated deployment capabilities.

An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.

InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.

A lightweight CTF platform with simple setup and difficulty-based scoring that removes timezone advantages from competitions.

WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.

A collection of Return-Oriented Programming (ROP) challenges designed for practicing binary exploitation techniques and developing offensive security skills.

OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.

Collection of industry and community cybersecurity courses and materials by M. E. Kabay.