Education

A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.

secrepo.com is a curated repository providing access to various cybersecurity datasets including Snort logs, LANL datasets, and other security research data for analysis and testing purposes.

A categorized collection of bug bounty write-ups that documents real-world vulnerability discoveries and exploitation techniques across various security flaw types.

A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.

An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.

A repository containing writeups and solutions from various Capture The Flag cybersecurity competitions spanning from 2015 to 2021.

WackoPicko is an intentionally vulnerable web application used for security testing, penetration testing practice, and vulnerability scanner evaluation.

A collection of detailed CTF challenge writeups organized by category, providing explanations of problems and their solutions for educational purposes.

An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.

DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.

SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.

A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.

CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.

OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.

A proof-of-concept tool that demonstrates the Dirty COW kernel exploit (CVE-2016-5195) for privilege escalation within Docker containers, specifically targeting nginx images while providing mitigation guidance through AppArmor profiles.

MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.

A community-maintained glossary that defines and explains cybersecurity acronyms and terminology to help users understand security concepts beyond buzzwords.

InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.

A collection of free cloud security research articles by Rhino Security Labs covering AWS, Azure, and GCP security topics including best practices, vulnerability assessments, and threat mitigation strategies.

Leading academic department offering diverse courses and research opportunities.

DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.

A three-part educational series documenting techniques for achieving domain administrator privileges in Windows environments, covering attack methods, defenses, and remediation strategies.

Teaching Security provides educational resources and lessons for teaching cybersecurity concepts to high school students.

DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.