Obviously, this list isn’t exhaustive and I haven’t gone through all of these myself, so if anyone has experience with one of the links listed, or has another (quality) source of learning that was not mentioned, please share it in a comment below. If it seems like a worthwhile study tool, I’ll add it to this article.
I just wanted to provide a starting list for those who are like me and wishes there were more sites that brought together the many great training tools out there to one place.
There are so many resources out there, it’s sometimes hard to sort through what’s actually worthy of your time.
This article is especially helpful for those who don’t even know where to begin looking for information or what they should be looking for.
I expect this list to get much larger over time, so keep this page bookmarked for the next time you get bored and want to learn some new aspect about security, and once again, please contribute!
Let’s start with the free ones:
General Hand’s-on/informational experience for various topics
- https://picoctf.com/: This CTF (“Capture the Flag” for those who might not know) is meant for high schoolers, but I felt it was a great way for me to start learning hacking concepts. It’s also fun as it video-gamifies the challenges.
- https://www.vulnhub.com/: This is a great site that puts together the many legally ‘breakable, hackable & exploitable’ items out there on the internet for you to become fully immersed in security concepts.
- https://www.hackthissite.org/: Provides many challenges of varying categories where you can learn to hack in a safe and legal environment.
- https://ringzer0team.com: I’ve never used this one, but the site description describes it as a “CTF [that] offers you tons of challenges designed to test and improve your hacking skills through hacking challenges”. I’ve had this site recommended to me by several other cyber security enthusiasts.
- http://www.enigmagroup.org/: It looks like they’ve changed the layout of the site since I last used their resources, but this is a great site for learning all about web application security.
- http://overthewire.org/wargames/: I’d start with the Bandit exercises just to get a good idea of how the Linux command line works and how commands can be tailored to specific needs using different flags.
- http://opensecuritytraining.info/Training.html: This site has training for many different topics for beginners to those with a lot more experience under their belts. Pick one that looks interesting to you and work through the materials they have.
- http://www.securitytube.net/: See their “Megaprimers” for very comprehensive looks and hands-on instruction for categories ranging from Wi-Fi Security to Linux Assembly lessons.
- https://www.youtube.com/playlist?list=PLkRo97mCIn9lgvE7AskNsmwJVOlJX2zaI: This video series recently came out and explains many security-related concepts. It even walks through how to use programs such as Metasploit and Wireshark.
- http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/: If you just want a basic overview of networking or security concepts (or are looking to pass either of these CompTIA exams), his free videos are a great place to go.
- https://www.udemy.com/cyber-security/?dtcode=RKccYWu2UiWM: This is a free course which covers a “broad overview of cyber security concepts and practices” and includes information about the cyber security industry as a whole.
- https://www.cybrary.it/: Cybrary is one of my favorite sites as it includes so many topics to learn and is a great example of how the open source community can benefit everybody. Pick a topic of interest and become an expert in it!
- https://www.offensive-security.com/metasploit-unleashed: I’ve worked through the first part of this tutorial and have found it to be an excellent, hands-on overview of Metasploit.
Create a web scraper
- http://scrapy.org/: See their documentation (http://scrapy.org/doc/) and wiki (https://github.com/scrapy/scrapy/wiki) for tutorials on how to use Scrapy and learn how to extract valuable data from websites.
Just Plain Interesting
- http://webkay.robinlinus.com/: This page is really eye-opening as it shows you how much your web browser can know about you without even needing your permission. It is also eerily accurate (although it was unable to guess some of my hardware specs accurately…), so definitely try this if you’re bored or just curious like me.
Agree with them or not, these are documents that are pretty well known to those interested in hacking or to the IT community in general
$ Training that costs $
- https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441?ie=UTF8&keywords=computer%20hacking&qid=1433297851&ref_=sr_1_3&s=books&sr=1-3: There are a ton of great books on hacking and security. One of my favorites is called Hacking: The Art of Exploitation. This book is about $27 dollars on Amazon, but I really liked it. It begins by taking you to the command line and running some C code and analyzing some Assembly, giving you hands-on experience throughout the book.
- Udemy has several interesting courses on hacking and computer security, including https://www.udemy.com/it-security-beginner-certified-hacking-training/ and https://www.udemy.com/it-security-and-ethical-hacking/
- Offensive Security has a lot of great (yet pricey) courses including “Pentesting with Kali” (PWK). If you’re really looking into going into cyber security, I’d strongly suggest looking into getting their OSCP certification, as it is very hands-on.
- https://www.cbtnuggets.com/: It costs $84 for a one person subscription, but there are a ton of courses, from networking to security, including courses to help you study for certifications like the Security+. I’ve never used it, but have seen it mentioned mostly positively in forums.
More Resource Lists (May contain duplicate resources to this page, but they have a lot of quality stuff to look at. I’m just listing the links so I don’t have to rewrite what’s already on another website and also to give them credit for compiling their resources)
- https://github.com/infoslack/awesome-web-hacking#docker-images-for-penetration-testing: Here’s a cool page I discovered at a college lecture I was recently in. It has a very extensive list of resources to learn from, but also contains some Docker images for Pen-Testing. Definitely check this one out!
- http://yhack.byu.edu/resources/: This is a really great compilation of hacking/security learning tools and resources. Also, see their CTF page for a list of CTF’s you can participate in! These are great opportunities to put into practice what you know about hacking as well as to learn while trying to work through various challenges.
- https://heimdalsecurity.com/blog/50-cyber-security-online-courses-you-should-know-about/: Andra Zaharia seems to have had the same idea as me, although her sources seem more directed toward general cyber security topics, whereas I’ve tried to list sources that require a more hands on approach (some of the video sources I’ve listed cover general cyber security knowledge as well though). She lists some other great free starting courses such as Khan Academy.
- https://www.quora.com/What-are-best-tutorials-to-learn-about-hacking: One of the responders listed a ton of sources that are worth looking into.
- https://captf.com/practice-ctf/: This is a compilation I found with several of CTF’s to start out with.
Of course, the Internet is full of resources, so like I said, this is in no way meant to be exhaustive. But now there’s no excuse not to start. So pick a resource that looks interesting, and begin your journey towards becoming an expert!
(If you have other topics in security/hacking you’d like to see sources for, comment below and I’ll see what I can do. Thanks!)