An overview of high quality Cyber Security Training. There are many excellent Free, and Commercial Resources, Online Courses, and Labs available.

Cyber Security is a career that involves the practitioner to be in always learning mode. Spend your time and money wisely with these hand picked security resources. Each of these resources have either been used by one of our team or has been been a recommendation from someone we know.

Cyber Security Training Courses

Many of these courses are costly, especially if you are paying out of your own pocket. The primary advantage of a training course from the big 3 providers (SANS, Offensive-Security, INE) is that you get a lot of learning packed into a minimal amount of time. All have included labs that force you to make sure you understand the content.
Focus Provider Course Cost Cert Notes
PentestDFIR SANS SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling GCIH A gentle introduction to hacker tools and techniques with a focus on Incident Handling. Identify an incident, securely handle forensic evidence and use a structured methodology to work through the incident. Great for people with a technical background but little experience in hacking techniques and cyber security.
Basics SANS SEC401: Security Essentials - Network, Endpoint, and Cloud GSEC Suitable for anyone wanting to understand cyber security concepts, useful for non-technical backgrounds moving into roles that interact with cyber security professionals.
DFIR SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics GCFA Digging deep into digital forensics and evidence collection. Understand the techniques and tools from the operating system to memory analysis and the network layer.
Pentest SANS SEC560: Enterprise Penetration Testing GPEN A popular course for those getting started with penetration testing or working in government cyber security roles (good training budgets!). In depth knowledge of tools and techniques - jamming a lot of content into a one week course. Finishes up with a high quality CTF on day 6 to apply the new knowledge.
Cloud SANS SEC549: Cloud Security Architecture I have no knowledge of this course but recommend it based on experience with other SANS courses. Having played in the AWS, Azure & GCP sandboxes messing up security is easier than you would expect. Professional cyber security training within cloud environments is going to be huge over the next few years. A focus on keeping these environments secure is essential for any cloud operations team.
DFIR SANS SEC503: Network Monitoring and Threat Detection In-Depth GCIA Solid content from a course that has been around since Intrusion Detection Systems (IDS) were the new kids on the block. Learn to write custom Snort Rules and get an understanding of network traffic analysis.
PentestWeb App SANS SEC542: Web App Penetration Testing and Ethical Hacking GWAPT Strong overview of common web application attacks and penetration testing. Get a broad range of knowledge and tools across this rapidly changing discipline.
PentestExploit Dev SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking GXPN In depth course on more advanced attack techniques than those covered in SEC560. Also has a deep focus on exploit writing from simple to buffer overflows to more advanced chained attacks.
Pentest Offensive Security PEN-200: Penetration Testing with Kali OSCP Popular and well regarded technical penetration testing course. Has a 24 hour exam that is known to really test the students understanding (try harder!). Made by the folks who maintain the Kali Linux Distro.
PentestWeb App Offensive Security WEB-300: Advanced Web Attacks and Exploitation OSWE Going in depth on the web application side of things this is often taken after completing the OSCP or for those with web application as a focus.
Exploit Dev Offensive Security EXP-401: Advanced Windows Exploitation OSEE Want to write exploits for Windows. Dive into low level windows exploit development with this advanced course. Not recommended for noobs or those without low level programming skills.
Pentest INE Security eJPT: Junior Penetration Tester eJPT A solid first step into the world of penetration testing. With a broad range of topics covered and a dedicated lab environment for testing those new skills.
Pentest INE Security eCPPT: Certified Professional Penetration Tester eCPPT INE Security acquired eLearnSecurity a few years back and released the courses in a new version. I have worked through the original penetration testing course and found it to be comprehensive and well presented. It comes in at a much more reasonable price than the equivalent SANS courses.
PentestWeb App PortSwigger Web Security Academy FREE From the creators of BurpSuite and the Web Application Hackers Handbook this web application security courses covers a lot of ground. Pretty sure this course would be worthwhile simply based on prior works.
Threat Hunting Active Counter Measures Threat Hunting Training Course FREE A Free course that comes from an experienced and knowledgeable team.
Threat Hunting ATT&CK Using ATT&CK for Cyber Threat Intelligence Training FREE A number of training modules from the ATT&CK team on performing cyber threat intelligence analysis using ATT&CK-mapped data.
Exploit Dev CoreLan CoreLan Exploit Development for Windows Learn exploit development from the experts. Well regarded and highly technical - if you want to write exploits for modern Windows you should check this one out.
Blue Team Applied Network Defence Various Blue Team focused Courses Recommended training on open source tools and techniques for Blue Teams. Short courses on OSQuery, Threat Hunting, ELK, Zeek and Packet Analysis.
PentestBlue Team Antisyphon Training Various Curriculum Powered by Black Hills Information Security (BHIS) this training spans both blue team and offensive security with strong coverage of DFIR, threat hunting, and SOC operations, as well as hands-on pentesting and tooling workflows delivers live and on-demand courses taught by industry practitioners. It also includes a 'pay forward what you can' entry-level training.
LLM Offsec LLM Red Teaming New Learning Path Released in April 2025. Content aims to teach understanding and attacking Large Language Models (LLMs).

Online Training Labs and Cyber Ranges

Capture the Flag (CTF) events and online Cyber Ranges (labs) are a great way to hone cyber security skills in areas that you may not touch everyday in your work. A well put together CTF should be fun and challenging for a wide range of abilities.
Focus Provider Name Cost Notes
Pentest DFIR SANS Netwars Continuous Netwars is a highly polished CTF where you progress through harder and harder challenges finding flags and gaining knowledge. Presented well enough that it feels more like a game than learning!.
Pentest DFIR SANS Holiday Hack FREE Another offering from SANS this very popular CTF runs over the Christmas / New Year period and is available for Free. It can be lot of fun and you might even learn a few things.
Pentest DFIR HackTheBox HTB
Hack The Box
FREE + Technical challenges based on a box (virtual machine) where the aim is to gain access and find a flag. Very well regarded and popular. High amount of Free content along with additional challenges for a subscription.
Web App Google Google Gruyere FREE A google hosted web app for testing various vulnerabilities. Has been around for a long time but still covers a good deal of common web bugs.
Pentest PentesterLab PentesterLab FREE + A challenge-based CTF platform focused on web and app exploitation. Earn badges as you complete hands-on exercises. Includes free content, with more advanced labs available via paid subscription.
Web App HackerOne HackerOne CTF FREE A series of web application testing challenges from the Bug Bounty crew at HackerOne.
Pentest DFIR TryHackMe THM
Try Hack Me
FREE + A gamified learning environment to develop hacking skills and understand security practices. Hands on learning for beginners and advanced users. Includes labs and challenges.
Blue Team Let's Defend Let's Defend FREE + Investigate real cyber attacks inside a simulated SOC. Includes specialised learning paths with focus on network security, digital forensics and others.

Cyber Security Based Linux Distributions

Whether you're on the job, working in your lab or training, these Linux based cybersecurity distributions will save you time. Essentially collections of preinstalled hacking tools. Which one is your preferred choice?
Provider Name Notes
SANS Slingshot Linux A distribution similar in focus to Kali Linux this one has been developed by SANS. Often a pre-requisite for use with the training material in the SANS courses.
SANS Kali Linux Without a doubt, the most well-known penetration testing Linux distribution. The history of this distro can be traced back to Linux hobbyists of ages past (knoppix -> whoppix -> whax -> backtrack -> kali). Developed and maintained by Offensive Security.
SANS SIFT Linux Another distribution maintained by SANS and used in their courses. This one is interesting for those who usually stick to Kali as it contains many different tools due to its focus on DFIR (forensics and incident response).
NA Tails Linux A privacy focused distribution. Its primary goal is sending all the traffic from the virtual machine through the Tor anonymization network. Mozilla and the Tor project have been sponsors in the past. It is supported by various non-profit groups.

Bite Size

Short on time Brushing up on tools, exploring a new technique, or prepping for a cert, bite-sized training modules are designed for quick, focused learning perfect for squeezing in skills between tasks
Provider Name Best For Notes
CyberDefenders Blue Team Labs & Training SOC analysts, threat hunders, Blue teams DFRIR Access a library of blue team labs and training exercises designed to enhance your skills.
Just Hacking Upskill Challengers Offensive security, Red Teams Self-contained learning modules focusing on a single tool or concept, including quiz or test at the end. 10-30mns and no VM's required.

Free Cyber Security Resources

Performing Cyber Security research can seem like an endless rabbit hole of links. Here are some high quality resources to explore.
Resource Format Notes
Antisyphon Training (YouTube) Video tutorials Offers live webcasts, course previews, CTF challenge solutions, and training deep dives. Real-time tool demos, live cyber range walkthroughs, and cyber challenge deep dives. it’s a high-value channel for both blue team and entry-level red team.
ippsec (YouTube) Video tutorials ippsec makes high-quality walk-through's of Hack The Box challenges. Great to watch not only the solution but his methodology for working through issues. He shows the kind of troubleshooting and breadth of knowledge used by experienced penetration testers. Don't forget ippsec.rocks an index of the videos.
OWASP Testing Guide Video tutorials A comprehensive guide to web application testing. Highly detailed and well presented. You can really step through the web application testing process. In addition, there is a great checklist that can be used in conjunction with a web application test.
C2 Matrix - How to Guides Documentation + video demos A matrix of Command and Control software for Red Team Operations and Adversary Training.
APT Notes Incident report archive Dig into the techniques of advanced adversaries (APT) and the Incident Response Team that investigate them. Compilation of published reports from hundreds of intrusions.
Trail of Bits Publications Github Repository Trail of Bits security publications, including academic papers, white papers, conference talks, vulnerability analyses, security reviews, and more
HackerSploit (YouTube) Video tutorials Cybersecurity tutorials covering Linux, pentesting, and infrastructure security. Great for structured, lecture-style learning
BugCrowd University (Archived) Slide Decks + code Presentation's and tutorials on various web application and bug bounty focused testing.
HackerOne Bug Bounty Writeups Articles + video recaps Bug Bounty write ups are an underrated resource when it comes to learning. Step through the process of someone who found a vulnerability and scored a bounty. Great for understanding complicated chained vulnerabilities.
HackTricks Wiki + code snippets An excellent compilation of hacking tricks and tips from recon to exploitation and lateral movement. Highly recommended. Similar to the popular Red Team Field Manual (RTFM), Blue Team Field Manual (BTFM), Purple Team Field Manual (PTFM), and the Operator Handbook hard copy books.
DetectionLab Curated Github repos Build a configured Cyber Security Training Lab with a few commands. Uses Vagrant to deploy a Windows 2016 Active Directory, Windows 10, and Linux host. Splunk, OSquery, Windows Event Forwarding and Velociraptor are all configured. It is crazy good! No need to hunt down iso's and spend days getting everything up and running. The number 1 reason to learn a bit of Vagrant.
Open Source Security Tools for Blue Teams Blog Our own hand picked list of 20 Open Source Tools for Blue Teams. Powerful tools for defenders of networks and systems.
Awesome Lists are Awesome!
Here is selection of the best I have found in the Cyber.