Explore 45 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
Mimecast Engage is a human risk management platform that combines AI-powered email security with security awareness training to protect against threats and reduce risks from user behavior.
Mimecast Engage is a human risk management platform that combines AI-powered email security with security awareness training to protect against threats and reduce risks from user behavior.
Hoxhunt is a human risk management platform that combines adaptive phishing simulations, security awareness training, and automated security operations to reduce organizational cyber risk through employee behavior change.
Hoxhunt is a human risk management platform that combines adaptive phishing simulations, security awareness training, and automated security operations to reduce organizational cyber risk through employee behavior change.
An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.
An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A phishing detection and response platform that combines human intelligence from millions of trained employees with AI/ML to identify and remediate email threats that bypass traditional security gateways.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
An automated API security testing platform that provides continuous vulnerability assessment, validation, and educational resources for API endpoint security.
An automated API security testing platform that provides continuous vulnerability assessment, validation, and educational resources for API endpoint security.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
An email security platform that combines human intelligence from millions of trained employees with AI/ML to detect, report, analyze, and remediate phishing attacks that bypass traditional security gateways.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
A security solution that protects email and collaboration tools in Microsoft 365 environments against advanced threats including phishing, business email compromise, ransomware, and malware.
A security solution that protects email and collaboration tools in Microsoft 365 environments against advanced threats including phishing, business email compromise, ransomware, and malware.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
A security awareness platform that combines phishing simulations with employee training to reduce organizational risk from email-based attacks.
A security awareness platform that combines phishing simulations with employee training to reduce organizational risk from email-based attacks.
A list of vulnerable applications for testing and learning
A list of vulnerable applications for testing and learning
Deliberately vulnerable web application for security professionals to practice attack techniques.
Deliberately vulnerable web application for security professionals to practice attack techniques.
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
An intentionally vulnerable web application containing multiple web service security flaws designed for educational purposes and security testing practice.
IT certification training for CompTIA exams with free resources.
IT certification training for CompTIA exams with free resources.
WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.
WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.
The best security training environment for Developers and AppSec Professionals.
The best security training environment for Developers and AppSec Professionals.
A security dataset and CTF platform available in full (16.4GB) and attack-only (3.2GB) versions, pre-indexed for Splunk to help security professionals practice analysis skills.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.
An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.
An educational cheatsheet that provides privilege escalation fundamentals and examples for CTF players and cybersecurity beginners.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
An open-source phishing toolkit for businesses and penetration testers.
An open-source phishing toolkit for businesses and penetration testers.
A wargame that challenges your hacking skills
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.
A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.
King Phisher is a phishing campaign toolkit for testing and promoting user awareness through simulated attacks.
King Phisher is a phishing campaign toolkit for testing and promoting user awareness through simulated attacks.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.
A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.
SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.
DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.