Resources

A security education platform offering both free and paid subscription options, featuring a wide range of topics for both new and seasoned cybersecurity professionals to explore through over 900 training labs and learning pathways.

Hands-on cybersecurity training through real-world scenarios.

This is a free cybersecurity education platform from Arizona State University (ASU). The platform offers hands-on education through interactive challenges, designed around the concept of capture-the-flag competitions. Topics range from introductory cybersecurity concepts to advanced vulnerability research, with a focus on reverse engineering and binary exploitation.

CyberChef is a web app for performing many cybersecurity-related data operations in the browser. It supports encoding (like XOR and Base64), encryption (AES, DES, Blowfish), hashing, compression, binary/hex conversion, character encoding changes, and more. It helps both technical and non-technical users manipulate data without needing complex tools or deep technical knowledge.

Successful candidates demonstrate proficiency in identifying vulnerabilities, exploiting systems, escalating privileges, and documenting their findings in a real-world environment. The certification is relevant to roles such as penetration testers, security analysts, and consultants, confirming their ability to conduct comprehensive security assessments.

A cybersecurity education platform with free and paid subscription options and a focus on penetration testing skills development. HackTheBox Academy is more geared towards complete beginners in cybersecurity, with guided courses available, while HackTheBox Labs has a range of virtual labs/machines for beginners to professionals to practice their skills and techniques on.

picoCTF gamifies learning hacking with capture-the-flag puzzles created by trusted computer security and privacy experts at Carnegie Mellon University.

picoCTF and its picoGym is a non-competitive practice space where you can explore and solve challenges from previously released picoCTF competitions, find fresh challenges, and build a knowledge base of cybersecurity skills in a safe environment.

To guide cybersecurity career and skills development, CyberSeek provides detailed, actionable data, metrics and pathways across the cybersecurity workforce. CyberSeek lets you explore trends in cybersecurity job openings and the wide variety of available positions out there, with the categories of Oversight & Governance, Design & Development, Implementation & Operation, Protection & Defense, and Investigation.

This newsletter from Clint Gibler, the Head of Security Research @ Semgrep, is released every Thursday morning with the latest releases and news in the areas of application security, cloud security, supply chain, blue & red teaming, AI security, and more.