An overview of high quality Cyber Security Training. There are many excellent Free, and Commercial Resources, Online Courses, and Labs available.
Cyber Security is a career that involves the practitioner to be in always learning mode. Spend your time and money wisely with these hand picked security resources. Each of these resources have either been used by one of our team or has been been a recommendation from someone we know.
Cyber Security Training Courses
Many of these courses are costly, especially if you are paying out of your own pocket. The primary advantage of a training course from the big 3 providers (SANS, Offensive-Security, INE) is that you get a lot of learning packed into a minimal amount of time. All have included labs that force you to make sure you understand the content.| Focus | Provider | Course | Cost | Cert | Notes |
|---|---|---|---|---|---|
| PentestDFIR | SANS | SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling | GCIH | A gentle introduction to hacker tools and techniques with a focus on Incident Handling. Identify an incident, securely handle forensic evidence and use a structured methodology to work through the incident. Great for people with a technical background but little experience in hacking techniques and cyber security. | |
| Basics | SANS | SEC401: Security Essentials - Network, Endpoint, and Cloud | GSEC | Suitable for anyone wanting to understand cyber security concepts, useful for non-technical backgrounds moving into roles that interact with cyber security professionals. | |
| DFIR | SANS | FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | GCFA | Digging deep into digital forensics and evidence collection. Understand the techniques and tools from the operating system to memory analysis and the network layer. | |
| Pentest | SANS | SEC560: Enterprise Penetration Testing | GPEN | A popular course for those getting started with penetration testing or working in government cyber security roles (good training budgets!). In depth knowledge of tools and techniques - jamming a lot of content into a one week course. Finishes up with a high quality CTF on day 6 to apply the new knowledge. | |
| Cloud | SANS | SEC549: Cloud Security Architecture | I have no knowledge of this course but recommend it based on experience with other SANS courses. Having played in the AWS, Azure & GCP sandboxes messing up security is easier than you would expect. Professional cyber security training within cloud environments is going to be huge over the next few years. A focus on keeping these environments secure is essential for any cloud operations team. | ||
| DFIR | SANS | SEC503: Network Monitoring and Threat Detection In-Depth | GCIA | Solid content from a course that has been around since Intrusion Detection Systems (IDS) were the new kids on the block. Learn to write custom Snort Rules and get an understanding of network traffic analysis. | |
| PentestWeb App | SANS | SEC542: Web App Penetration Testing and Ethical Hacking | GWAPT | Strong overview of common web application attacks and penetration testing. Get a broad range of knowledge and tools across this rapidly changing discipline. | |
| PentestExploit Dev | SANS | SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking | GXPN | In depth course on more advanced attack techniques than those covered in SEC560. Also has a deep focus on exploit writing from simple to buffer overflows to more advanced chained attacks. | |
| Pentest | Offensive Security | PEN-200: Penetration Testing with Kali | OSCP | Popular and well regarded technical penetration testing course. Has a 24 hour exam that is known to really test the students understanding (try harder!). Made by the folks who maintain the Kali Linux Distro. | |
| PentestWeb App | Offensive Security | WEB-300: Advanced Web Attacks and Exploitation | OSWE | Going in depth on the web application side of things this is often taken after completing the OSCP or for those with web application as a focus. | |
| Exploit Dev | Offensive Security | EXP-401: Advanced Windows Exploitation | OSEE | Want to write exploits for Windows. Dive into low level windows exploit development with this advanced course. Not recommended for noobs or those without low level programming skills. | |
| Pentest | INE Security | eJPT: Junior Penetration Tester | eJPT | A solid first step into the world of penetration testing. With a broad range of topics covered and a dedicated lab environment for testing those new skills. | |
| Pentest | INE Security | eCPPT: Certified Professional Penetration Tester | eCPPT | INE Security acquired eLearnSecurity a few years back and released the courses in a new version. I have worked through the original penetration testing course and found it to be comprehensive and well presented. It comes in at a much more reasonable price than the equivalent SANS courses. | |
| PentestWeb App | PortSwigger | Web Security Academy | FREE | From the creators of BurpSuite and the Web Application Hackers Handbook this web application security courses covers a lot of ground. Pretty sure this course would be worthwhile simply based on prior works. | |
| Threat Hunting | Active Counter Measures | Threat Hunting Training Course | FREE | A Free course that comes from an experienced and knowledgeable team. | |
| Threat Hunting | ATT&CK | Using ATT&CK for Cyber Threat Intelligence Training | FREE | A number of training modules from the ATT&CK team on performing cyber threat intelligence analysis using ATT&CK-mapped data. | |
| Exploit Dev | CoreLan | CoreLan Exploit Development for Windows | Learn exploit development from the experts. Well regarded and highly technical - if you want to write exploits for modern Windows you should check this one out. | ||
| Blue Team | Applied Network Defence | Various Blue Team focused Courses | Recommended training on open source tools and techniques for Blue Teams. Short courses on OSQuery, Threat Hunting, ELK, Zeek and Packet Analysis. | ||
| PentestBlue Team | Antisyphon Training | Various Curriculum | Powered by Black Hills Information Security (BHIS) this training spans both blue team and offensive security with strong coverage of DFIR, threat hunting, and SOC operations, as well as hands-on pentesting and tooling workflows delivers live and on-demand courses taught by industry practitioners. It also includes a 'pay forward what you can' entry-level training. | ||
| LLM | Offsec | LLM Red Teaming | New Learning Path Released in April 2025. Content aims to teach understanding and attacking Large Language Models (LLMs). |
Online Training Labs and Cyber Ranges
Capture the Flag (CTF) events and online Cyber Ranges (labs) are a great way to hone cyber security skills in areas that you may not touch everyday in your work. A well put together CTF should be fun and challenging for a wide range of abilities.| Focus | Provider | Name | Cost | Notes |
|---|---|---|---|---|
| Pentest DFIR | SANS | Netwars Continuous | Netwars is a highly polished CTF where you progress through harder and harder challenges finding flags and gaining knowledge. Presented well enough that it feels more like a game than learning!. | |
| Pentest DFIR | SANS | Holiday Hack | FREE | Another offering from SANS this very popular CTF runs over the Christmas / New Year period and is available for Free. It can be lot of fun and you might even learn a few things. |
| Pentest DFIR | HackTheBox | HTB Hack The Box |
FREE + | Technical challenges based on a box (virtual machine) where the aim is to gain access and find a flag. Very well regarded and popular. High amount of Free content along with additional challenges for a subscription. |
| Web App | Google Gruyere | FREE | A google hosted web app for testing various vulnerabilities. Has been around for a long time but still covers a good deal of common web bugs. | |
| Pentest | PentesterLab | PentesterLab | FREE + | A challenge-based CTF platform focused on web and app exploitation. Earn badges as you complete hands-on exercises. Includes free content, with more advanced labs available via paid subscription. |
| Web App | HackerOne | HackerOne CTF | FREE | A series of web application testing challenges from the Bug Bounty crew at HackerOne. |
| Pentest DFIR | TryHackMe | THM Try Hack Me |
FREE + | A gamified learning environment to develop hacking skills and understand security practices. Hands on learning for beginners and advanced users. Includes labs and challenges. |
| Blue Team | Let's Defend | Let's Defend | FREE + | Investigate real cyber attacks inside a simulated SOC. Includes specialised learning paths with focus on network security, digital forensics and others. |
Cyber Security Based Linux Distributions
Whether you're on the job, working in your lab or training, these Linux based cybersecurity distributions will save you time. Essentially collections of preinstalled hacking tools. Which one is your preferred choice?| Provider | Name | Notes |
|---|---|---|
| SANS | Slingshot Linux | A distribution similar in focus to Kali Linux this one has been developed by SANS. Often a pre-requisite for use with the training material in the SANS courses. |
| SANS | Kali Linux | Without a doubt, the most well-known penetration testing Linux distribution. The history of this distro can be traced back to Linux hobbyists of ages past (knoppix -> whoppix -> whax -> backtrack -> kali). Developed and maintained by Offensive Security. |
| SANS | SIFT Linux | Another distribution maintained by SANS and used in their courses. This one is interesting for those who usually stick to Kali as it contains many different tools due to its focus on DFIR (forensics and incident response). |
| NA | Tails Linux | A privacy focused distribution. Its primary goal is sending all the traffic from the virtual machine through the Tor anonymization network. Mozilla and the Tor project have been sponsors in the past. It is supported by various non-profit groups. |
Bite Size
Short on time Brushing up on tools, exploring a new technique, or prepping for a cert, bite-sized training modules are designed for quick, focused learning perfect for squeezing in skills between tasks| Provider | Name | Best For | Notes |
|---|---|---|---|
| CyberDefenders | Blue Team Labs & Training | SOC analysts, threat hunders, Blue teams DFRIR | Access a library of blue team labs and training exercises designed to enhance your skills. |
| Just Hacking | Upskill Challengers | Offensive security, Red Teams | Self-contained learning modules focusing on a single tool or concept, including quiz or test at the end. 10-30mns and no VM's required. |
Free Cyber Security Resources
Performing Cyber Security research can seem like an endless rabbit hole of links. Here are some high quality resources to explore.| Resource | Format | Notes |
|---|---|---|
| Antisyphon Training (YouTube) | Video tutorials | Offers live webcasts, course previews, CTF challenge solutions, and training deep dives. Real-time tool demos, live cyber range walkthroughs, and cyber challenge deep dives. it’s a high-value channel for both blue team and entry-level red team. |
| ippsec (YouTube) | Video tutorials | ippsec makes high-quality walk-through's of Hack The Box challenges. Great to watch not only the solution but his methodology for working through issues. He shows the kind of troubleshooting and breadth of knowledge used by experienced penetration testers. Don't forget ippsec.rocks an index of the videos. |
| OWASP Testing Guide | Video tutorials | A comprehensive guide to web application testing. Highly detailed and well presented. You can really step through the web application testing process. In addition, there is a great checklist that can be used in conjunction with a web application test. |
| C2 Matrix - How to Guides | Documentation + video demos | A matrix of Command and Control software for Red Team Operations and Adversary Training. |
| APT Notes | Incident report archive | Dig into the techniques of advanced adversaries (APT) and the Incident Response Team that investigate them. Compilation of published reports from hundreds of intrusions. |
| Trail of Bits Publications | Github Repository | Trail of Bits security publications, including academic papers, white papers, conference talks, vulnerability analyses, security reviews, and more |
| HackerSploit (YouTube) | Video tutorials | Cybersecurity tutorials covering Linux, pentesting, and infrastructure security. Great for structured, lecture-style learning |
| BugCrowd University (Archived) | Slide Decks + code | Presentation's and tutorials on various web application and bug bounty focused testing. |
| HackerOne Bug Bounty Writeups | Articles + video recaps | Bug Bounty write ups are an underrated resource when it comes to learning. Step through the process of someone who found a vulnerability and scored a bounty. Great for understanding complicated chained vulnerabilities. |
| HackTricks | Wiki + code snippets | An excellent compilation of hacking tricks and tips from recon to exploitation and lateral movement. Highly recommended. Similar to the popular Red Team Field Manual (RTFM), Blue Team Field Manual (BTFM), Purple Team Field Manual (PTFM), and the Operator Handbook hard copy books. |
| DetectionLab | Curated Github repos | Build a configured Cyber Security Training Lab with a few commands. Uses Vagrant to deploy a Windows 2016 Active Directory, Windows 10, and Linux host. Splunk, OSquery, Windows Event Forwarding and Velociraptor are all configured. It is crazy good! No need to hunt down iso's and spend days getting everything up and running. The number 1 reason to learn a bit of Vagrant. |
| Open Source Security Tools for Blue Teams | Blog | Our own hand picked list of 20 Open Source Tools for Blue Teams. Powerful tools for defenders of networks and systems. |
| Awesome Lists are Awesome! Here is selection of the best I have found in the Cyber. |
|