The best courses to learn how to simplify cyber security are open. So open access. Open access (OA) refers to freely available, digital, online information.
We prefer open access security courses that use a Creative Commons license.
Instead of creating yet another cyber security training or course, why not making an existing training resources better?
Basic course on security awareness#
This is not a course like many others. This digital security course (or “security awareness”) will allow you to find out what are the correct behaviors to keep to manage information securely.
Capture The Flag 101#
Capture The Flags, or CTFs, are a kind of computer security competition. Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill. In this guide/wiki/handbook you’ll learn the techniques, thought processes, and methodologies you need to succeed in Capture the Flag competitions.
Great site with an archive of many Capture The Flag (CTF) competitions. See the best teams, players and find competitions. A real complete archive of past and future CTF events.
Computer Networks: A Systems Approach#
Great resource for learning all about network security. For starters and full professionals. Sources of this book are on https://github.com/SystemsApproach/book Created by Larry Peterson and Bruce Davie. Read the latest version of this book on: https://book.systemsapproach.org/index.html
Basic Security Awareness Training. Slides are available in Dutch and in English on the github repository: https://github.com/radicallyopensecurity/Digitally-Aware
ENISA Cyber Security Trainings#
ENISA Cyber Security Training material can be used free of charge. The trainings are introduced in 2008 and have been complemented with new additions containing essential material for success in the CSIRT community and in the field of Cyber Security.
The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security.
The ENISA CERT training material covers four main areas:
Setting Up a CSIRT
Legal and Cooperation
Link to the ENSISA CERT trainings: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material
Developed and used by RPISEC to teach Malware Analysis. Free to use and to improve. See: https://github.com/RPISEC/Malware
MITRE:Cyber Threat Intelligence Training#
Great cyber threat intelligence (CTI) for everyone who is active in a large (governmental)organisation.
The training contains five modules that consist of videos and exercises. This training was designed to be completed in approximately 4 hours, and may be completed solo or as a team. All training material can be found at: https://attack.mitre.org/resources/training/cti/
Open-Source Phishing Framework#
Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Download the toolkit from: https://github.com/Ne0nd0g/gophish
More info on: https://getgophish.com/
OWASP Juice Shop#
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application. This application can be used in security trainings or awareness trainings. The Juice Shop encompasses vulnerabilities from the OWASP Top Ten along with many other security flaws as present in many real world applications…
So hack the Shop on: http://owasp-juice.shop
Sha256 algorithm explained#
Simple is often the best. This internet page is dedicated to learn you the SHA256 algorithm. The site sha256algorithm.com will help you understand how a sha256 hash is calculated from start to finish. All is done online in your browser and step by step visually.
The source code used for creating this site can be found on https://github.com/dmarman/sha256algorithm
Security awareness base course#
Nice awareness training. Created by the an Italian Govermental organisation. Note you need to install Hugo first in order to launch te course.
Security By Design#
This Security by Design playbook outlines the core elements of the Security by Design methodology. This playbook is initially created by the same team that started in 2015 with this open Security Reference Architecture.
or join this community and improve the content on: https://github.com/nocomplexity/securitybydesign
The Animated Elliptic Curve#
Visuals always help when learning a new concept. This page guides you with great visuals through the essentials of Elliptic Curve Cryptography.
The Illustrated TLS 1.3 Connection#
TLS can be black magic. So learning the details of the protocol helps. This great tutorial guides you with great visuals through your TLS journey. In this demonstration a client connects to a server, negotiates a TLS 1.3 session, sends “ping”, receives “pong”, and then terminates the session.
The Fuzzing Book#
Software has bugs, and catching bugs can involve lots of effort. This book addresses this problem by automating software testing, specifically by generating tests automatically. You can interact with chapters as Jupyter Notebooks. Great open book to spend some time on.
Git repository can be found on: https://github.com/uds-se/fuzzingbook/
But check the nice looking website on: https://www.fuzzingbook.org/
The Cyber Law Toolkit#
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The toolkit consists of hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis.
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. All OSS with the code on Github.
Check it out and play! - http://overthewire.org/wargames/