Education

CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.

A practical security handbook for .NET developers covering essential security controls, cryptographic functions, and secure coding practices.

A collaborative repository of CTF write-ups and source files from 2014 competitions that allows community contributions to address scattered documentation issues.

AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.

Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.

Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.

A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.

Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.

Interactive challenges demonstrating attacks on real-world cryptography.

A deliberately vulnerable web application containing DOM-based XSS, CSRF, and other web vulnerabilities for security testing and educational purposes.

A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.

A video-sharing platform for creators to share their content and for users to discover new content, with a focus on cybersecurity.

A collaborative repository containing CTF competition write-ups and source files from 2016, providing accessible solutions and educational resources for cybersecurity challenges.

A collection of CTF write-ups demonstrating the use of pwntools for solving binary exploitation challenges across various cybersecurity competitions.

A centralized repository containing CTF source files and write-ups from 2015 competitions, providing accessible documentation and solutions for cybersecurity challenges.

HackTheArch is an open-source Ruby on Rails-based scoring server platform designed for hosting and managing Cyber Capture the Flag competitions with web-based problem management and hint systems.

A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.

A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.

A nodejs web application honeypot designed for small environments like Raspberry Pi to capture and analyze malicious web-based attacks.

Leading provider of free cybersecurity training resources

CTFd is a web-based framework for creating and managing Capture The Flag cybersecurity competitions with customizable challenges, scoring systems, and team management capabilities.

A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.

Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.

A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.