An overview of high quality Cyber Security Training. There are many excellent Free, and Commercial Resources, Online Courses, and Labs available.
Cyber Security is a career that involves the practitioner to be in always learning mode. Spend your time and money wisely with these hand picked security resources. Each of these resources have either been used by one of our team or has been been a recommendation from someone we know.
Cyber Security Training Contents:
Cyber Security Training Courses
Many of these courses are costly, especially if you are paying out of your own pocket. The primary advantage of a training course from the big 3 providers (SANS, Offensive-Security, eLearnSecurity) is that you get a lot of learning packed into a minimal amount of time
. All have included labs that force you to make sure you understand the content.
|SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
|A gentle introduction to hacker tools and techniques with a focus on Incident Handling. Identify an incident, securely handle forensic evidence and use a structured methodology to work through the incident. Great for people with a technical background but little experience in hacking techniques and cyber security.
|SEC401: Security Essentials Bootcamp Style
|Suitable for anyone wanting to understand cyber security concepts, useful for non-technical backgrounds moving into roles that interact with cyber security professionals.
|FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
|Digging deep into digital forensics and evidence collection. Understand the techniques and tools from the operating system to memory analysis and the network layer.
|SEC560: Network Penetration Testing and Ethical Hacking
|A popular course for those getting started with penetration testing or working in government cyber security roles (good training budgets!). In depth knowledge of tools and techniques - jamming a lot of content into a one week course. Finishes up with a high quality CTF on day 6 to apply the new knowledge.
|SEC545: Cloud Security Architecture and Operations
|I have no knowledge of this course but recommend it based on experience with other SANS courses. Having played in the AWS, Azure & GCP sandboxes messing up security is easier than you would expect. Professional cyber security training within cloud environments is going to be huge over the next few years. A focus on keeping these environments secure is going to be essential for any cloud operations team.
|SEC503: Intrusion Detection In-Depth
|Solid content from a course that has been around since Intrusion Detection Systems (IDS) were the new kids on the block. Learn to write custom Snort Rules and get an understanding of network traffic analysis.
|SEC542: Web App Penetration Testing and Ethical Hacking
|Web App Pentest
|Strong overview of common web application attacks and penetration testing. Get a broad range of knowledge and tools across this rapidly changing discipline.
|SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
|Exploit Dev Pentest
|In depth course on more advanced attack techniques than those covered in SEC560. Also has a deep focus on exploit writing from simple to buffer overflows to more advanced chained attacks.
|PWK: Penetration Testing with Kali
|Popular and well regarded technical penetration testing course. Has a 24 hour exam that is known to really test the students understanding (try harder!). Made by the folks who maintain the Kali Linux Distro.
|AWAE: Advanced Web Attacks and Exploitation
|Web App Pentest
|Going in depth on the web application side of things this is often taken after completing the OSCP or for those with web application as a focus.
|AWE: Advanced Windows Exploitation
|Want to write exploits for Windows. Dive into low level windows exploit development with this advanced course. Not recommended for noobs or those without low level programming skills.
|eJPT: eLearnSecurity Junior Penetration Tester
|A solid first step into the world of penetration testing. With a broad range of topics covered and a dedicated lab environment for testing those new skills.
|eCPPT: eLearnSecurity Certified Professional Penetration Tester
|eLearnSecurity has recently been acquired by INE and the courses have been released in a new version. I have worked through the original penetration testing course and found it to be comprehensive and well presented. It comes in at a much more reasonable price than the equivalent SANS courses.
|Web Security Academy FREE
|Web App Pentest
|From the creators of BurpSuite and the Web Application Hackers Handbook this web application security courses covers a lot of ground. Pretty sure this course would be worthwhile simply based on prior works.
|Threat Hunting Training Course FREE
|A Free course that comes from an experienced and knowledgeable team.
|Using ATT&CK for Cyber Threat Intelligence Training FREE
|A number of training modules from the ATT&CK team on performing cyber threat intelligence analysis using ATT&CK-mapped data.
|BOOTCAMP: CoreLan Exploit Development
|Learn exploit development from the experts. Well regarded and highly technical - if you want to write exploits for modern Windows you should check this one out.
|Various Blue Team focused Courses
|Recommended training on open source tools and techniques for Blue Teams. Short courses on OSQuery, Threat Hunting, ELK, Zeek and Packet Analysis.
Online Training Labs and Cyber Ranges
Capture the Flag
(CTF) events and online Cyber Ranges
(labs) are a great way to hone cyber security skills
in areas that you may not touch everyday in your work. A well put together CTF should be fun and challenging for a wide range of abilities.
|Netwars is a highly polished CTF where you can progress through harder and harder challenges finding flags and gaining knowledge. Presented well enough that it feels more like a game than learning! A number of FREE 48 hour challenges have been on offer to the community since the lock downs of 2020.
|Another offering from SANS this very popular CTF runs over the Christmas / New Year period and is available for Free. It can be lot of fun and you might even learn a few things.
|Hack The Box
|Technical challenges based on a box (virtual machine) where the aim is to gain access and find a flag. Very well regarded and popular. High amount of Free content along with additional challenges for a small subscription.
|A google hosted web app for testing various vulnerabilities. Has been around for a long time but still covers a good deal of common web bugs.
|A challenge based CTF where you work through a number of challenges and earn badges. Some FREE challenges or can get a subscription for monthly or yearly fee.
|A serious of web application testing challenges from the Bug Bounty crew at HackerOne.
Cyber Security Based Linux Distributions
Whether you are on the job, working in your lab or training, these Linux based Cyber Security distributions will save you time.
Essentially a collection of preinstalled hacking tools. Which one is your proffered choice?
|A distribution similar in focus to Kali Linux this one has been developed by SANS. Often a pre-requisite for use with the training material in the SANS courses.
|Without a doubt, the most well-known penetration testing Linux distribution. The history of this distro can be traced back to Linux hobbyists of ages past (knoppix -> whoppix -> whax -> backtrack -> kali). Developed and maintained by Offensive Security.
|Another distribution maintained by SANS and used in their courses. This one is interesting for those who usually stick to Kali as it contains many different tools due to its focus on DFIR (forensics and incident response).
|A privacy focused distribution. Its primary goal is sending all the traffic from the virtual machine through the Tor anonymization network. Mozilla and the Tor project have been sponsors in the past. It is supported by various non-profit groups.
Free Cyber Security Resources
Performing Cyber Security research can seem like an endless rabbit hole of links.
Here are some high quality resources to explore.
Demand for skilled cyber security professionals is only going one way. Whether you are getting started in the field, or have a solid background there should be something in these Cyber Security Resources for you to keep improving.
Have a training recommendation, resource or a comment? Get in Contact
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.