brootware/awesome-cyber-security-university

Extremely Hard Rooms to do

Year of the Owl - Owl-themed boot to root machine.

Introduction and Pre-Security

Level 1 - Intro

Hip Flask - An in-depth walkthrough covering pentest methodology against a vulnerable server.

Free Beginner Red Team Path

Level 4 - Web

Jack of all trades - Boot-to-root originally designed for Securi-Tay 2020.

Bolt - Bolt themed machine to root into.

Juiceshop - This room uses the OWASP juice shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.

Inclusion - A beginner-level LFI challenge.

Free Beginner Blue Team Path

Level 3 - Beginner Forensics & Cryptography

The Glory of the Garden - Beginner image analysis challenge.

Emo - Medium level forensics challenge.

Obsecure - Medium level forensics challenge.

Free Beginner Red Team Path

Level 6 - PrivEsc

Blaster - Metasploit Framework to get a foothold.

Ignite - A new start-up has a few security issues with its web server.

Capture the flag - Another beginner-level CTF challenge.

Free Beginner Blue Team Path

Level 4 - Memory & Disk Forensics

Reminiscent - Medium level disk forensics challenge.

Detect Log4J - Medium level disk forensics challenge.

Free Beginner Blue Team Path

Level 5 - Malware and Reverse Engineering

Get PDF (Malicious Document) - Reversing PDF malware.

Free Beginner Red Team Path

Level 3 - Crypto & Hashes with CTF practice

Basic Pentesting - This is a machine that allows you to practice web app hacking and privilege escalation.

Free Beginner Red Team Path

Level 5 - Reverse Engineering & Pwn

CC Ghidra - This room teaches the basics of ghidra.

CC Radare2 - This room teaches the basics of radare2.

Free Beginner Blue Team Path

Level 1 - Tools

Red Line - Learn how to use Redline to perform memory analysis and scan for IOCs on an endpoint.

Windows Fundamentals - Intro to Windows.

Free Beginner Blue Team Path

Level 2 - Security Operations & Incident Response

Squid Game - Squid game-themed CTF.

Investigating Windows - Investigating Windows.

Bonus CTF practice and Latest CVEs

Buffer Overflow Prep - Practice stack-based buffer overflows.

Smag Grotto - An obsecure boot to root machine.

Break out the cage - Help Cage bring back his acting career and investigate the nefarious going on of his agent.

Lian Yu - A beginner-level security challenge.

Bonus Windows

Retro - Breaking out of the retro-themed box.

Anthem - Exploit a Windows machine in this beginner-level challenge.

Extremely Hard Rooms to do

Carpe Diem 1 - Recover your client's encrypted files before the ransomware timer runs out.

EnterPrize - Enterprise-themed network to hack into.

Introduction and Pre-Security

Level 1 - Intro

OpenVPN - Learn how to connect to a virtual private network using OpenVPN.

Free Beginner Blue Team Path

Level 1 - Tools

Introduction to digital forensics - Intro to Digital Forensics.

Bonus CTF practice and Latest CVEs

Bandit - Aimed at absolute beginners and teaches the basics of remote server access.

Natas - Teaches the basics of serverside web-security.

Post Exploitation Basics - Learn the basics of post-exploitation and maintaining access with mimikatz, bloodhound, powerview and msfvenom.

Dogcat - I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container.

Insecure Kubernetes - Exploiting Kubernetes by leveraging a Grafana LFI vulnerability.

The Great Escape (docker) - Escaping docker container.

Solr Exploiting Log4j - Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.

Spring4Shell - Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework.

Most Recent threats - Learn about the latest industry threats. Get hands-on experience identifying, exploiting, and mitigating critical vulnerabilities.

Free Beginner Blue Team Path

Level 2 - Security Operations & Incident Response

Juicy Details - A popular juice shop has been breached! Analyze the logs to see what had happened.

Carnage - Apply your analytical skills to analyze the malicious network traffic using Wireshark.

Splunk Boss of the SOC V1 - Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.

Splunk Boss of the SOC V2 - Splunk analysis vol 2.

Splunk Boss of the SOC V3 - Splunk analysis vol 3.

Free Beginner Blue Team Path

Level 3 - Beginner Forensics & Cryptography

Bucket - Cloud Security Forensics - Medium level cloud security challenge.

Martryohka doll - Beginner file analysis challenge.

Packets Primer - Beginner packet analysis challenge.

Wireshark doo doo doo - Beginner packet analysis challenge.

Wireshark two two two - Beginner packet analysis challenge.

Trivial flag transfer protocol - Beginner packet analysis challenge.

What Lies within - Beginner decoding analysis challenge.

Illumination - Medium level forensics challenge.

Introduction to Cryptohack - Medium level cryptography challenge.

Free Beginner Blue Team Path

Level 5 - Malware and Reverse Engineering

Intro Windows Reversing - Intro to Windows RE.

JVM reverse engineering - Learn Reverse Engineering for Java Virtual Machine bytecode.

History of Malware - Intro to malware history.

Malware Introduction - Intro to malware.

Basic Malware Reverse Engineering - Intro to malware RE.

Windows x64 Assembly - Introduction to x64 Assembly on Windows.

Introduction and Pre-Security

Level 1 - Intro

Welcome - Learn how to use a TryHackMe room to start your upskilling in cyber security.

Intro to Researching - A brief introduction to research skills for pentesting.

Linux Fundamentals 1 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.

Linux Fundamentals 2 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.

Linux Fundamentals 3 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.

Pentesting fundamentals - Fundamentals of penetration testing.

Principles of security - Principles of security.

Red Team Engagements - Intro to red team engagements.

Free Beginner Red Team Path

Level 2 - Tooling

Tmux - Learn to use tmux, one of the most powerful multi-tasking tools on linux.

Nmap - Get experience with Nmap, a powerful network scanning tool.

Web Scanning - Learn the basics of automated web scanning.

Sublist3r - Learn how to find subdomains with Sublist3r.

Metasploit - An introduction to the main components of the Metasploit Framework.

Hydra - Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.

Linux Privesc - Practice your Linux Privilege Escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root! SSH is available.

Red Team Fundamentals - Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements.

Red Team Recon - Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target.

Free Beginner Red Team Path

Level 3 - Crypto & Hashes with CTF practice

Crack the hash - Cracking hash challenges.

Agent Sudo - You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.

The Cod Caper - A guided room taking you through infiltrating and exploiting a Linux system.

Ice - Deploy & hack into a Windows machine, exploiting a very poorly secured media server.

Lazy Admin - Easy linux machine to practice your skills.

Free Beginner Red Team Path

Level 4 - Web

OWASP top 10 - Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.

Injection - Walkthrough of OS Command Injection. Demonstrate OS Command Injection and explain how to prevent it on your servers.

Overpass - What happens when some broke CompSci students make a password manager.

Year of the Rabbit - Can you hack into the Year of the Rabbit box without falling down a hole.

DevelPy - Boot2root machine for FIT and bsides Guatemala CTF.

Free Beginner Red Team Path

Level 5 - Reverse Engineering & Pwn

Intro to x86 64 - This room teaches the basics of x86-64 assembly language.

Reverse Engineering - This room focuses on teaching the basics of assembly through reverse engineering.

Reversing ELF - Room for beginner Reverse Engineering CTF players.

Dumping Router Firmware - Reverse engineering router firmware.

Intro to pwntools - Introduction to popular pwn tools framework.

Pwnkit: CVE-2021-4034 - Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package.

Free Beginner Red Team Path

Level 6 - PrivEsc

Sudo Security Bypass - A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series.

Sudo Buffer Overflow - A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series.

Windows Privesc Arena - Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.

Linux Privesc Arena - Students will learn how to escalate privileges using a very vulnerable Linux VM.

Windows Privesc - Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.

Kenobi - Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.

Pickle Rick - Rick and Morty themed LFI challenge.

Free Beginner Blue Team Path

Level 1 - Tools

Nessus - Intro to nessus scan.

Mitre - Intro to Mitre attack framework.

Yara - Intro to yara for malware analysis.

OpenVAS - Intro to openvas.

Intro to Honeypots - Intro to honeypots.

Volatility - Intro to memory analysis with volatility.

Autopsy - Use Autopsy to investigate artifacts from a disk image.

Free Beginner Blue Team Path

Level 4 - Memory & Disk Forensics

Sleuthkit Intro - Medium level disk forensics challenge.

Hunter - Windows Disk Image Forensics - Medium level disk forensics challenge.

Spotlight - Mac Disk Image Forensics - Medium level disk forensics challenge.

Ulysses - Linux Disk Image Forensics - Medium level disk forensics challenge.

Banking Troubles - Windows Memory Image Forensics - Medium level memory forensics challenge.

Bonus Windows

Attacktive Directory - Learn about 99% of Corporate networks that run off of AD.

Blue Print - Hack into this Windows machine and escalate your privileges to Administrator.

Relevant - Penetration Testing Challenge.

Extremely Hard Rooms to do

Ra - You have found WindCorp's internal network and their Domain Controller. Pwn the network.

CCT2019 - Legacy challenges from the US Navy Cyber Competition Team 2019 Assessment sponsored by US TENTH Fleet.

Theseus - The first installment of the SuitGuy series of very hard challenges.

IronCorp - Get access to Iron Corp's system.

Borderlands - Compromise a perimeter host and pivot through this network.

Jeff - Hack into Jeff's web server.

Anonymous Playground - Want to become part of Anonymous? They have a challenge for you.

Racetrack Bank - It's time for another heist.

Python Playground - Use python to pwn this room.