17 tools and resources
A list of vulnerable applications for testing and learning
Deliberately vulnerable web application for security professionals to practice attack techniques.
IT certification training for CompTIA exams with free resources.
The best security training environment for Developers and AppSec Professionals.
echoCTF is a computer security framework for running cybersecurity exercises and competitions like Capture the Flag, used for network penetration testing and security auditing.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
GRFICS is a graphical realism framework for industrial control simulations using Unity 3D game engine graphics to enhance ICS security training.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
An open-source phishing toolkit for businesses and penetration testers.
A wargame that challenges your hacking skills
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
King Phisher is a phishing campaign toolkit for testing and promoting user awareness through simulated attacks.
CloudGoat is a 'Vulnerable by Design' AWS deployment tool for honing cloud cybersecurity skills through 'capture-the-flag' style scenarios.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.