Explore 69 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
Cybrec is an IT security training platform offering video-based courses, certification preparation, and educational content for network, cloud, and cybersecurity professionals.
Cybrec is an IT security training platform offering video-based courses, certification preparation, and educational content for network, cloud, and cybersecurity professionals.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.
An online cybersecurity education platform offering structured learning paths, hands-on labs, and certification preparation for individuals and organizations.
A human risk management platform that combines security awareness training, simulated phishing, real-time coaching, and security orchestration to reduce cybersecurity risks associated with human behavior.
A human risk management platform that combines security awareness training, simulated phishing, real-time coaching, and security orchestration to reduce cybersecurity risks associated with human behavior.
A security awareness training platform that combines phishing simulations with psychology-based training to help organizations reduce phishing vulnerabilities and build a security-aware culture.
A security awareness training platform that combines phishing simulations with psychology-based training to help organizations reduce phishing vulnerabilities and build a security-aware culture.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
Educational repository containing materials on advanced subdomain enumeration techniques from Bugcrowd LevelUp 2017 conference.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
An educational cybersecurity knowledge repository that compiles and presents hacking and cybersecurity information in an accessible format for learning purposes.
An educational cybersecurity knowledge repository that compiles and presents hacking and cybersecurity information in an accessible format for learning purposes.
An educational repository providing structured lab materials and scripts for learning container technologies and their internal mechanisms.
An educational repository providing structured lab materials and scripts for learning container technologies and their internal mechanisms.
The SOC Academy offers official VirusTotal certification courses to help cybersecurity professionals maximize its functionalities and advance their careers.
The SOC Academy offers official VirusTotal certification courses to help cybersecurity professionals maximize its functionalities and advance their careers.
Free cyber security training and resources for career development.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
Educational resource collection providing learning materials and online tools for understanding AT&T assembly language and x86 assembly programming.
Educational resource collection providing learning materials and online tools for understanding AT&T assembly language and x86 assembly programming.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
A wargame composed of 27 levels, with files needed in /vortex/ directory.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.
Infosec Resources provides extensive cybersecurity training and certifications to boost cybersecurity skills and careers.
Infosec Resources provides extensive cybersecurity training and certifications to boost cybersecurity skills and careers.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.
A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.
A collection of hands-on workshops and educational content focused on AWS security services, techniques, and best practices through practical scenarios.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
Haaukins is an automated virtualization platform that provides hands-on cybersecurity education through capture the flag exercises in controlled vulnerable environments.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
GRFICS is a Unity 3D-based framework that provides a virtual industrial control system environment for practicing ICS security attacks and defenses with visual feedback.
OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.
OWASP WrongSecrets is an educational game that teaches proper secrets management by demonstrating common mistakes through interactive challenges across various deployment platforms.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.
An educational project that teaches data analysis techniques for cybersecurity applications using Python tools like IPython, Pandas, and Scikit Learn through practical exercises and realistic scenarios.
SANS Blog provides extensive cybersecurity training and certifications tailored to a wide range of IT security areas and skill levels.
SANS Blog provides extensive cybersecurity training and certifications tailored to a wide range of IT security areas and skill levels.
An open-source introductory book about cryptography that provides educational content on fundamental cryptographic concepts and principles.
An open-source introductory book about cryptography that provides educational content on fundamental cryptographic concepts and principles.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
A deliberately vulnerable ARM/ARM64 application with 14 different vulnerability levels designed for CTF-style exploitation training and education.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
A distributed systems simulator that creates intentionally vulnerable Kubernetes clusters in AWS for security training and attack scenario practice.
FBCTF is a platform for hosting Jeopardy and King of the Hill style Capture the Flag competitions with support for various scales and participation models.
FBCTF is a platform for hosting Jeopardy and King of the Hill style Capture the Flag competitions with support for various scales and participation models.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
Educational repository containing RPISEC's course materials for teaching modern binary exploitation, vulnerability research, and reverse engineering at Rensselaer Polytechnic Institute.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
INE Security offers a range of cybersecurity certifications, including penetration testing, mobile and web application security, and incident response.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.
Free and open-source cybersecurity training classes with multi-class learning paths for high-skill, high-pay job skills.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Hack Night is a thirteen-week educational program by NYU Tandon's OSIRIS Lab that provides an accelerated introduction to offensive security concepts, techniques, and practical applications.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
Root the Box is a real-time CTF scoring engine that provides a configurable platform for cybersecurity training through gamified wargames and competitions.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
Online hacking game with realistic hacking experience and player interaction.
Online hacking game with realistic hacking experience and player interaction.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical and artefact analysis fundamentals.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical and artefact analysis fundamentals.
Live and on-demand cybersecurity training programs for all levels.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
A deliberately vulnerable GraphQL application designed for security testing and educational purposes, containing multiple intentional flaws for learning GraphQL attack and defense techniques.
FARA is a repository of purposefully erroneous Yara rules for training security analysts.
Leading provider of free cybersecurity training resources
A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.
A hands-on cybersecurity laboratory environment for Gray Hat Hacking Chapter 29 that creates virtualized Docker and Kali Linux machines using Terraform for practical security training exercises.
A non-profit organization focused on improving the security of software through resources and training.
A non-profit organization focused on improving the security of software through resources and training.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
An educational codelab that demonstrates web application vulnerabilities including XSS, XSRF, and code execution attacks along with their corresponding defensive measures.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
An educational workshop providing hands-on training materials, lab environments, and tools for learning local privilege escalation techniques on Windows and Linux systems.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.
SANS Institute provides cyber security training, certifications, and degrees to empower cyber security practitioners and teams.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
MemLabs provides CTF-styled memory forensics challenges designed to teach students and security researchers how to analyze memory dumps using tools like Volatility.
A community-maintained glossary that defines and explains cybersecurity acronyms and terminology to help users understand security concepts beyond buzzwords.
A community-maintained glossary that defines and explains cybersecurity acronyms and terminology to help users understand security concepts beyond buzzwords.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
InsecureBankv2 is an intentionally vulnerable Android application with a Python back-end server designed for educational purposes in mobile security testing and Android vulnerability research.
Cybrary is an online learning platform that provides accessible and affordable training in cybersecurity skills.
Cybrary is an online learning platform that provides accessible and affordable training in cybersecurity skills.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.