In todays world of cyber, there are so many resources out there to learn from, both paid and free. This page will predominantly cover freebies I’ve stumbled across over the years, however, I’ll throw in my two cents worth on any paid trainings or certs I think are valuable or I’ve managed to attend.
Side note: Certs are not the be all and end all. Sure they appear on many job posts but for a lot of people, the cash to get certs is unattainable without an employer contribution. If you have the skills, it’s just as valuable as that sheet of paper (or digi cert)- you just need to back yourself up and evidence it at an interview…or maybe a blog?
CTFs
I thoroughly enjoy a good CTF. I’m in a fortunate position work wise right now where I’ve got a team who also like competing in them now and again, something I’ve never had before. To me they can be extremely useful, and frustrating at times, but overall being able to practice skills you don’t get to utilise regularly is a win-win. They can also be an opportunity to explore the “other” side, be that red or blue.
I’ve utilised CTFs or sites that host CTF style challenges to refresh my knowledge and identify gaps I want to work on. In recent times, they’ve led me to pick up some new and extremely useful tools as well!
CTF / Challenge Sites
This list is far from exhaustive (given I’ve only added 7 links so far!) and I’ll be honest and say I’ll not be regularly checking if sites are still active. Links are loosely categorised and generally posted top down based on what I use most often.
Blue
CyberDefenders - Brilliant free platform for Blue Team training. Contains challenges in areas such as:
- Host Forensics
- Windows
- Linux
- Reverse Engineering
- Malware Analysis
- Excel
- Word
- Javascript
- Network Forensics
- Memory Forensics
More recently added their Certified CyberDefender Blue Team Training & Certification for those interested in that sort of thing.
Blue Team Labs Online - Mixed platform for defenders with a small section of free Security Challenges and 4 hour limit on lab access. There are paid options for this one to unlock additional content and unlimited lab access.
Red
HackTheBox - This was one of the first sites I discovered that had the gamified training and learning setup. With boxes to ‘pop’ and CTF like challenges to attempt, it has a very good selection of things to distract from a work day! HackTheBox offers a wide variety of free machines and challenges but also paid VIP offerings at a reasonable price that allow access to retired machines and give better virtual instance experiences.
TryHackMe - I see this a lot on peoples Twitter/LinkedIn accounts and even on CV/Resume’s- “Top 1% on THM”. The site itself is popular and reminds me of Immersive Labs in its general format. Users can choose predefined Learning Paths or specific modules which is a mix of free vs subscription content. *note that not all learning paths are available on the free tier
General and everything all at once
CTF Time Upcoming Events - A useful site for finding CTF competitions and teams our there all across the world.
CTFLEARN - A good range of challenges with a nice simple interface.
- Web
- Forensics
- Binary
- Reverse Engineering
- Cryptography
- Programming
- Misc
Root Me - A solid mix of CTF style challenges in categories such as:
- App
- Crypt Analysis
- Forensics
- Network
- Programming
- Realist
- Stego
- Web
Paid Learning / Certs
SANS FOR710: Reverse-Engineering Malware: Advanced Code Analysis
Details to follow