Security Training

An open-source phishing toolkit for businesses and penetration testers.

A wargame that challenges your hacking skills

Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.

A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.

A Terraform tool that creates intentionally misconfigured AWS infrastructure with 84 vulnerabilities across 22 services for security training and testing purposes.

King Phisher is a phishing campaign toolkit for testing and promoting user awareness through simulated attacks.

Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.

A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.

A pre-indexed Splunk security dataset and CTF platform that provides realistic security data for training, research, and educational purposes for cybersecurity professionals and students.

NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.

A wargaming network for penetration testers to practice their skills in a realistic environment.

A collection of 20 cross-site scripting challenges covering various XSS attack vectors and filtering bypass techniques for educational purposes.

A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.

A deliberately vulnerable web application written in under 100 lines of Python code for educational purposes and web security testing.

An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.

A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.

DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.

SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.

A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.

CTF Writeups are detailed educational documents that explain the step-by-step solutions to Capture The Flag cybersecurity challenges, serving as learning resources for security professionals.

OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.

DIVA Android is an intentionally vulnerable Android application designed to teach security professionals and developers about mobile application security flaws through hands-on learning.