Security Courses#

The best courses to learn how to simplify cyber security are open. So open access. Open access (OA) refers to freely available, digital, online information.

We prefer open access security courses that use a Creative Commons license.

Instead of creating yet another cyber security training or course, why not making an existing training resources better?

Basic course on security awareness#

This is not a course like many others. This digital security course (or “security awareness”) will allow you to find out what are the correct behaviors to keep to manage information securely.

Check: https://teamdigitale.github.io/security-awareness/en/

Capture The Flag 101#

Capture The Flags, or CTFs, are a kind of computer security competition. Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill. In this guide/wiki/handbook you’ll learn the techniques, thought processes, and methodologies you need to succeed in Capture the Flag competitions.

Check: https://ctf101.org/

CTFtime#

Great site with an archive of many Capture The Flag (CTF) competitions. See the best teams, players and find competitions. A real complete archive of past and future CTF events.

Check: https://ctftime.org/

Computer Networks: A Systems Approach#

Great resource for learning all about network security. For starters and full professionals. Sources of this book are on SystemsApproach/book Created by Larry Peterson and Bruce Davie. Read the latest version of this book on: https://book.systemsapproach.org/index.html

Digitally Aware#

Basic Security Awareness Training. Slides are available in Dutch and in English on the github repository: radicallyopensecurity/Digitally-Aware

ENISA Cyber Security Trainings#

ENISA Cyber Security Training material can be used free of charge. The trainings are introduced in 2008 and have been complemented with new additions containing essential material for success in the CSIRT community and in the field of Cyber Security.

The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security.

The ENISA CERT training material covers four main areas:

  • Technical

  • Operational

  • Setting Up a CSIRT

  • Legal and Cooperation

Link to the ENSISA CERT trainings: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material

Malware Analysis#

Developed and used by RPISEC to teach Malware Analysis. Free to use and to improve. See: RPISEC/Malware

MITRE:Cyber Threat Intelligence Training#

Great cyber threat intelligence (CTI) for everyone who is active in a large (governmental)organisation.

The training contains five modules that consist of videos and exercises. This training was designed to be completed in approximately 4 hours, and may be completed solo or as a team. All training material can be found at: https://attack.mitre.org/resources/training/cti/

Open-Source Phishing Framework#

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Download the toolkit from: Ne0nd0g/gophish

More info on: https://getgophish.com/

OWASP Juice Shop#

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application. This application can be used in security trainings or awareness trainings. The Juice Shop encompasses vulnerabilities from the OWASP Top Ten along with many other security flaws as present in many real world applications…

So hack the Shop on: http://owasp-juice.shop

Sha256 algorithm explained#

Simple is often the best. This internet page is dedicated to learn you the SHA256 algorithm. The site sha256algorithm.com will help you understand how a sha256 hash is calculated from start to finish. All is done online in your browser and step by step visually.

The source code used for creating this site can be found on dmarman/sha256algorithm

Security awareness base course#

Nice awareness training. Created by the an Italian Govermental organisation. Note you need to install Hugo first in order to launch te course.

See: teamdigitale/security-awareness

Security By Design#

This Security by Design playbook outlines the core elements of the Security by Design methodology. This playbook is initially created by the same team that started in 2015 with this open Security Reference Architecture.

See: https://nocomplexity.com/documents/securitybydesign/

or join this community and improve the content on: nocomplexity/securitybydesign

The Animated Elliptic Curve#

Visuals always help when learning a new concept. This page guides you with great visuals through the essentials of Elliptic Curve Cryptography.

Check: https://curves.xargs.org/

The Illustrated TLS 1.3 Connection#

TLS can be black magic. So learning the details of the protocol helps. This great tutorial guides you with great visuals through your TLS journey. In this demonstration a client connects to a server, negotiates a TLS 1.3 session, sends “ping”, receives “pong”, and then terminates the session.

Check: https://tls13.xargs.org/

The Fuzzing Book#

Software has bugs, and catching bugs can involve lots of effort. This book addresses this problem by automating software testing, specifically by generating tests automatically. You can interact with chapters as Jupyter Notebooks. Great open book to spend some time on.

Git repository can be found on: uds-se/fuzzingbook

But check the nice looking website on: https://www.fuzzingbook.org/

The Cyber Law Toolkit#

The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. The toolkit consists of hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis.

Check: https://cyberlaw.ccdcoe.org/wiki/Main_Page

Wargames#

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. All OSS with the code on Github.

Check it out and play! - http://overthewire.org/wargames/

Wireshark Labs#

This course is a Supplement to the book Computer Networking: A Top-Down Approach, 8th ed., J.F. Kurose and K.W. Ross The version 8.1 Wireshark labs have been significantly modernized and updated in 2021, and come with new Wireshark traces files taken in 2021.

Check and the the course Wireshark Labs.