Awesome Cyber Security University

A curated list of awesome and free educational resources that focuses on learn by doing.

Because education should be free.

Contents

• About
• Introduction and Pre-Security - (Completed/In Progress)
• Free Beginner Red Team Path - (Add your badge here. The badge code is hidden in this repo)
• Free Beginner Blue Team Path - (Add your badge here. The badge code is hidden in this repo)
• Bonus CTF practice and Latest CVEs - (Completed/In Progress)
• Bonus Windows - (Completed/In Progress)
• Extremely Hard Rooms to do - (Completed/In Progress)

About

Cyber Security University is A curated list of awesome and free educational resources that focus on learning by doing.

There are 6 parts to this.

1. Introduction and Pre-security
2. Free Beginner Red Team Path
3. Free Beginner Blue Team Path
4. Bonus practices
5. Latest CVEs
6. Extremely Hard rooms The tasks are linear in nature of the difficulty. So it's recommended to do it in order. But you can still jump around and skip some rooms If you find that you are already familiar with the concepts.

As you go through the curriculum, you will find completion badges that are hidden within this README.md for both red and blue team path completion badges. You can copy the HTML code for them and add it to the content page below once you have completed them.

↑

Contributing

Pull requests are welcome with the condition that the resource should be free! Please read the contribution guide in the wiki if you wish to add tools or resources.

Introduction and Pre-Security

Level 1 - Intro

• OpenVPN - Learn how to connect to a virtual private network using OpenVPN.
• Welcome - Learn how to use a TryHackMe room to start your upskilling in cyber security.
• Intro to Researching - A brief introduction to research skills for pentesting.
• Linux Fundamentals 1 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
• Linux Fundamentals 2 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
• Linux Fundamentals 3 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
• Pentesting fundamentals - Fundamentals of penetration testing.
• Principles of security - Principles of security.
• Red Team Engagements - Intro to red team engagements.
• Hip Flask - An in-depth walkthrough covering pentest methodology against a vulnerable server.

Introductory CTFs to get your feet wet

• Google Dorking - Explaining how Search Engines work and leveraging them into finding hidden content!
• Osint - Intro to Open Source Intelligence.
• Shodan.io - Learn about Shodan.io and how to use it for device enumeration.

↑

Free Beginner Red Team Path

Level 2 - Tooling

• Tmux - Learn to use tmux, one of the most powerful multi-tasking tools on linux.
• Nmap,Curl and Netcat - Get experience with Nmap, Curl and Netcat for network communications.
• Web Scanning - Learn the basics of automated web scanning.
• Sublist3r - Learn how to find subdomains with Sublist3r.
• Metasploit - An introduction to the main components of the Metasploit Framework.
• Hydra - Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.
• Linux Privesc - Practice your Linux Privilege Escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root! SSH is available.
• Red Team Fundamentals - Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements.
• Red Team Recon - Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target.

Red Team Intro CTFs

• Vulnversity - Learn about active recon, web app attacks and privilege escalation.
• Blue - Deploy & hack into a Windows machine, leveraging common misconfigurations issues.
• Simple CTF - Beginner level CTF.
• Bounty Hacker - A space cowboy-themed boot to root machine.

↑

Level 3 - Crypto & Hashes with CTF practice

• Crack the hash - Cracking hash challenges.
• Agent Sudo - You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
• The Cod Caper - A guided room taking you through infiltrating and exploiting a Linux system.
• Ice - Deploy & hack into a Windows machine, exploiting a very poorly secured media server.
• Lazy Admin - Easy linux machine to practice your skills.
• Basic Pentesting - This is a machine that allows you to practice web app hacking and privilege escalation.
• Bypassing UAC - Learn common ways to bypass User Account Control (UAC) in Windows hosts.

↑

Level 4 - Web

• OWASP top 10 - Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
• Inclusion - A beginner-level LFI challenge.
• Injection - Walkthrough of OS Command Injection. Demonstrate OS Command Injection and explain how to prevent it on your servers.
• Juiceshop - This room uses the OWASP juice shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.
• Overpass - What happens when some broke CompSci students make a password manager.
• Year of the Rabbit - Can you hack into the Year of the Rabbit box without falling down a hole.
• DevelPy - Boot2root machine for FIT and bsides Guatemala CTF.
• Jack of all trades - Boot-to-root originally designed for Securi-Tay 2020.
• Bolt - Bolt themed machine to root into.

↑

Level 5 - Reverse Engineering & Pwn

• Intro to x86 64 - This room teaches the basics of x86-64 assembly language.
• CC Ghidra - This room teaches the basics of ghidra.
• CC Radare2 - This room teaches the basics of radare2.
• Reverse Engineering - This room focuses on teaching the basics of assembly through reverse engineering.
• Reversing ELF - Room for beginner Reverse Engineering CTF players.
• Dumping Router Firmware - Reverse engineering router firmware.
• Intro to pwntools - Introduction to popular pwn tools framework.
• Pwnkit: CVE-2021-4034 - Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package.

↑

Level 6 - PrivEsc

• Sudo Security Bypass - A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series.
• Sudo Buffer Overflow - A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series.
• Windows Privesc Arena - Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.
• Linux Privesc Arena - Students will learn how to escalate privileges using a very vulnerable Linux VM.
• Windows Privesc - Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.
• Blaster - Metasploit Framework to get a foothold.
• Ignite - A new start-up has a few security issues with its web server.
• Kenobi - Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.
• Capture the flag - Another beginner-level CTF challenge.
• Pickle Rick - Rick and Morty themed LFI challenge.

Congratulations! If you have finished until here. You deserve a badge! Put this in your writeups or git profile. You can continue doing the below CTFs.

↑

Free Beginner Blue Team Path

Level 1 - Tools

• Introduction to digital forensics - Intro to Digital Forensics.
• Windows Fundamentals - Intro to Windows.
• Nessus - Intro to nessus scan.
• Mitre - Intro to Mitre attack framework.
• IntroSIEM - Introduction to SIEM.
• Yara - Intro to yara for malware analysis.
• OpenVAS - Intro to openvas.
• Intro to Honeypots - Intro to honeypots.
• Volatility - Intro to memory analysis with volatility.
• Red Line - Learn how to use Redline to perform memory analysis and scan for IOCs on an endpoint.
• Autopsy - Use Autopsy to investigate artifacts from a disk image.

↑

Level 2 - Security Operations, Incident Response & Threat Hunting

• Investigating Windows - Investigating Windows.
• Juicy Details - A popular juice shop has been breached! Analyze the logs to see what had happened.
• Carnage - Apply your analytical skills to analyze the malicious network traffic using Wireshark.
• Squid Game - Squid game-themed CTF.
• Splunk Boss of the SOC V1 - Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.
• Splunk Boss of the SOC V2 - Splunk analysis vol 2.
• Splunk Boss of the SOC V3 - Splunk analysis vol 3.
• Hunt Conti with Splunk - An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server.
• Hunting for Execution Tactic - Join Cyborg Security's