Top 50 Awesome List

brootware/awesome-cyber-security-university

Security  1 month ago  197
🎓 Because Education should be free. Contributions welcome! 🕵️
View byDAY/WEEK/README
View on Github

Aug 15th - Aug 21st, 2022

Extremely Hard Rooms to do

  • Year of the Owl - Owl-themed boot to root machine.
  • Jul 18th - Jul 24th, 2022

    Introduction and Pre-Security

    Level 1 - Intro

  • Hip Flask - An in-depth walkthrough covering pentest methodology against a vulnerable server.
  • Jun 6th - Jun 12th, 2022

    Free Beginner Red Team Path

    Level 4 - Web

  • Jack of all trades - Boot-to-root originally designed for Securi-Tay 2020.
  • Bolt - Bolt themed machine to root into.
  • Juiceshop - This room uses the OWASP juice shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.
  • Inclusion - A beginner-level LFI challenge.
  • Free Beginner Blue Team Path

    Level 3 - Beginner Forensics & Cryptography

  • The Glory of the Garden - Beginner image analysis challenge.
  • Emo - Medium level forensics challenge.
  • Obsecure - Medium level forensics challenge.
  • Free Beginner Red Team Path

    Level 6 - PrivEsc

  • Blaster - Metasploit Framework to get a foothold.
  • Ignite - A new start-up has a few security issues with its web server.
  • Capture the flag - Another beginner-level CTF challenge.
  • Free Beginner Blue Team Path

    Level 4 - Memory & Disk Forensics

  • Reminiscent - Medium level disk forensics challenge.
  • Detect Log4J - Medium level disk forensics challenge.
  • Free Beginner Blue Team Path

    Level 5 - Malware and Reverse Engineering

  • Get PDF (Malicious Document) - Reversing PDF malware.
  • Free Beginner Red Team Path

    Level 3 - Crypto & Hashes with CTF practice

  • Basic Pentesting - This is a machine that allows you to practice web app hacking and privilege escalation.
  • Free Beginner Red Team Path

    Level 5 - Reverse Engineering & Pwn

  • CC Ghidra - This room teaches the basics of ghidra.
  • CC Radare2 - This room teaches the basics of radare2.
  • Free Beginner Blue Team Path

    Level 1 - Tools

  • Red Line - Learn how to use Redline to perform memory analysis and scan for IOCs on an endpoint.
  • Windows Fundamentals - Intro to Windows.
  • Free Beginner Blue Team Path

    Level 2 - Security Operations & Incident Response

  • Squid Game - Squid game-themed CTF.
  • Investigating Windows - Investigating Windows.
  • Bonus CTF practice and Latest CVEs

  • Buffer Overflow Prep - Practice stack-based buffer overflows.
  • Smag Grotto - An obsecure boot to root machine.
  • Break out the cage - Help Cage bring back his acting career and investigate the nefarious going on of his agent.
  • Lian Yu - A beginner-level security challenge.
  • Bonus Windows

  • Retro - Breaking out of the retro-themed box.
  • Anthem - Exploit a Windows machine in this beginner-level challenge.
  • Extremely Hard Rooms to do

  • Carpe Diem 1 - Recover your client's encrypted files before the ransomware timer runs out.
  • EnterPrize - Enterprise-themed network to hack into.
  • Introduction and Pre-Security

    Level 1 - Intro

  • OpenVPN - Learn how to connect to a virtual private network using OpenVPN.
  • May 23rd - May 29th, 2022

    Free Beginner Blue Team Path

    Level 1 - Tools

  • Introduction to digital forensics - Intro to Digital Forensics.
  • May 16th - May 22nd, 2022

    Bonus CTF practice and Latest CVEs

  • Bandit - Aimed at absolute beginners and teaches the basics of remote server access.
  • Natas - Teaches the basics of serverside web-security.
  • Post Exploitation Basics - Learn the basics of post-exploitation and maintaining access with mimikatz, bloodhound, powerview and msfvenom.
  • Dogcat - I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container.
  • Insecure Kubernetes - Exploiting Kubernetes by leveraging a Grafana LFI vulnerability.
  • The Great Escape (docker) - Escaping docker container.
  • Solr Exploiting Log4j - Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.
  • Spring4Shell - Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework.
  • Most Recent threats - Learn about the latest industry threats. Get hands-on experience identifying, exploiting, and mitigating critical vulnerabilities.
  • Free Beginner Blue Team Path

    Level 2 - Security Operations & Incident Response

  • Juicy Details - A popular juice shop has been breached! Analyze the logs to see what had happened.
  • Carnage - Apply your analytical skills to analyze the malicious network traffic using Wireshark.
  • Splunk Boss of the SOC V1 - Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.
  • Splunk Boss of the SOC V2 - Splunk analysis vol 2.
  • Splunk Boss of the SOC V3 - Splunk analysis vol 3.
  • Free Beginner Blue Team Path

    Level 3 - Beginner Forensics & Cryptography

  • Bucket - Cloud Security Forensics - Medium level cloud security challenge.
  • Martryohka doll - Beginner file analysis challenge.
  • Packets Primer - Beginner packet analysis challenge.
  • Wireshark doo doo doo - Beginner packet analysis challenge.
  • Wireshark two two two - Beginner packet analysis challenge.
  • Trivial flag transfer protocol - Beginner packet analysis challenge.
  • What Lies within - Beginner decoding analysis challenge.
  • Illumination - Medium level forensics challenge.
  • Introduction to Cryptohack - Medium level cryptography challenge.
  • Free Beginner Blue Team Path

    Level 5 - Malware and Reverse Engineering

  • Intro Windows Reversing - Intro to Windows RE.
  • JVM reverse engineering - Learn Reverse Engineering for Java Virtual Machine bytecode.
  • History of Malware - Intro to malware history.
  • Malware Introduction - Intro to malware.
  • Basic Malware Reverse Engineering - Intro to malware RE.
  • Windows x64 Assembly - Introduction to x64 Assembly on Windows.
  • Introduction and Pre-Security

    Level 1 - Intro

  • Welcome - Learn how to use a TryHackMe room to start your upskilling in cyber security.
  • Intro to Researching - A brief introduction to research skills for pentesting.
  • Linux Fundamentals 1 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
  • Linux Fundamentals 2 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
  • Linux Fundamentals 3 - Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
  • Pentesting fundamentals - Fundamentals of penetration testing.
  • Principles of security - Principles of security.
  • Red Team Engagements - Intro to red team engagements.
  • Free Beginner Red Team Path

    Level 2 - Tooling

  • Tmux - Learn to use tmux, one of the most powerful multi-tasking tools on linux.
  • Nmap - Get experience with Nmap, a powerful network scanning tool.
  • Web Scanning - Learn the basics of automated web scanning.
  • Sublist3r - Learn how to find subdomains with Sublist3r.
  • Metasploit - An introduction to the main components of the Metasploit Framework.
  • Hydra - Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.
  • Linux Privesc - Practice your Linux Privilege Escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root! SSH is available.
  • Red Team Fundamentals - Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements.
  • Red Team Recon - Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target.
  • Free Beginner Red Team Path

    Level 3 - Crypto & Hashes with CTF practice

  • Crack the hash - Cracking hash challenges.
  • Agent Sudo - You found a secret server located under the deep sea. Your task is to hack inside the server and reveal the truth.
  • The Cod Caper - A guided room taking you through infiltrating and exploiting a Linux system.
  • Ice - Deploy & hack into a Windows machine, exploiting a very poorly secured media server.
  • Lazy Admin - Easy linux machine to practice your skills.
  • Free Beginner Red Team Path

    Level 4 - Web

  • OWASP top 10 - Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
  • Injection - Walkthrough of OS Command Injection. Demonstrate OS Command Injection and explain how to prevent it on your servers.
  • Overpass - What happens when some broke CompSci students make a password manager.
  • Year of the Rabbit - Can you hack into the Year of the Rabbit box without falling down a hole.
  • DevelPy - Boot2root machine for FIT and bsides Guatemala CTF.
  • Free Beginner Red Team Path

    Level 5 - Reverse Engineering & Pwn

  • Intro to x86 64 - This room teaches the basics of x86-64 assembly language.
  • Reverse Engineering - This room focuses on teaching the basics of assembly through reverse engineering.
  • Reversing ELF - Room for beginner Reverse Engineering CTF players.
  • Dumping Router Firmware - Reverse engineering router firmware.
  • Intro to pwntools - Introduction to popular pwn tools framework.
  • Pwnkit: CVE-2021-4034 - Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package.
  • Free Beginner Red Team Path

    Level 6 - PrivEsc

  • Sudo Security Bypass - A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series.
  • Sudo Buffer Overflow - A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series.
  • Windows Privesc Arena - Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.
  • Linux Privesc Arena - Students will learn how to escalate privileges using a very vulnerable Linux VM.
  • Windows Privesc - Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.
  • Kenobi - Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.
  • Pickle Rick - Rick and Morty themed LFI challenge.
  • Free Beginner Blue Team Path

    Level 1 - Tools

  • Nessus - Intro to nessus scan.
  • Mitre - Intro to Mitre attack framework.
  • Yara - Intro to yara for malware analysis.
  • OpenVAS - Intro to openvas.
  • Intro to Honeypots - Intro to honeypots.
  • Volatility - Intro to memory analysis with volatility.
  • Autopsy - Use Autopsy to investigate artifacts from a disk image.
  • Free Beginner Blue Team Path

    Level 4 - Memory & Disk Forensics

  • Sleuthkit Intro - Medium level disk forensics challenge.
  • Hunter - Windows Disk Image Forensics - Medium level disk forensics challenge.
  • Spotlight - Mac Disk Image Forensics - Medium level disk forensics challenge.
  • Ulysses - Linux Disk Image Forensics - Medium level disk forensics challenge.
  • Banking Troubles - Windows Memory Image Forensics - Medium level memory forensics challenge.
  • Bonus Windows

  • Attacktive Directory - Learn about 99% of Corporate networks that run off of AD.
  • Blue Print - Hack into this Windows machine and escalate your privileges to Administrator.
  • Relevant - Penetration Testing Challenge.
  • Extremely Hard Rooms to do

  • Ra - You have found WindCorp's internal network and their Domain Controller. Pwn the network.
  • CCT2019 - Legacy challenges from the US Navy Cyber Competition Team 2019 Assessment sponsored by US TENTH Fleet.
  • Theseus - The first installment of the SuitGuy series of very hard challenges.
  • IronCorp - Get access to Iron Corp's system.
  • Borderlands - Compromise a perimeter host and pivot through this network.
  • Jeff - Hack into Jeff's web server.
  • Anonymous Playground - Want to become part of Anonymous? They have a challenge for you.
  • Racetrack Bank - It's time for another heist.
  • Python Playground - Use python to pwn this room.
  • Last Checked At: 2022-09-21T14:40:39.312Z
    Previous
    apsdehal/awesome-ctf
    Next
    rshipp/awesome-malware-analysis

    About

    Track your favorite github awesome repo, not just star it. trackawesomelist.com provides website, newsletter, RSS for tracking the popular awesome list by daily and weekly.
    Contact us: [email protected]
    Track Awesome List - Track your favorite Github awesome repos, not just star them | Product Hunt

    Subscribe

    Subscribe to our weekly newsletter to receive the awesome updates! We never send spam and you can unsubscribe instantly with one click. Here's past issues.

    Links

    Follow us on TwitterSubscribe us on TelegramSubmit awesome list repoNewsletterDonateSitemap