Project Awesome project awesome

Cyber Security University

Free educational resources that focus on learning by doing.

Collection 2.9k stars GitHub

Contents

About
Free Beginner Red Team Path
Free Beginner Blue Team Path

About

Free Beginner Red Team Path

Level 4 - Web

OWASP top 10

Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.

DevelPy

Boot2root machine for FIT and bsides Guatemala CTF.

Inclusion

A beginner-level LFI challenge.

Injection

Walkthrough of OS Command Injection. Demonstrate OS Command Injection and explain how to prevent it on your servers.

Juiceshop

This room uses the OWASP juice shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.

Overpass

What happens when some broke CompSci students make a password manager.

Year of the Rabbit

Can you hack into the Year of the Rabbit box without falling down a hole.

Jack of all trades

Boot-to-root originally designed for Securi-Tay 2020.

Bolt

Bolt themed machine to root into.

CC Ghidra

This room teaches the basics of ghidra.

CC Radare2

This room teaches the basics of radare2.

Reverse Engineering

This room focuses on teaching the basics of assembly through reverse engineering.

Reversing ELF

Room for beginner Reverse Engineering CTF players.

Dumping Router Firmware

Reverse engineering router firmware.

Intro to pwntools

Introduction to popular pwn tools framework.

Pwnkit: CVE-2021-4034

Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package.

Sudo Security Bypass

A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series.

Sudo Buffer Overflow

A tutorial room exploring CVE-2019-18634 in the Unix Sudo Program. Room Two in the SudoVulns Series.

Windows Privesc Arena

Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.

Linux Privesc Arena

Students will learn how to escalate privileges using a very vulnerable Linux VM.

Windows Privesc

Students will learn how to escalate privileges using a very vulnerable Windows 7 VM.

Blaster

Metasploit Framework to get a foothold.

Ignite

A new start-up has a few security issues with its web server.

Kenobi

Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.

Capture the flag

Another beginner-level CTF challenge.

Pickle Rick

Rick and Morty themed LFI challenge.

OWASP top 10

Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.

DevelPy

Boot2root machine for FIT and bsides Guatemala CTF.

Level 3 - Crypto & Hashes with CTF practice

Bypassing UAC

Learn common ways to bypass User Account Control (UAC) in Windows hosts.

Level 2 - Tooling

Nmap Tutorials

Learn and practice the basics of network scanning using Nmap.

Free Beginner Blue Team Path

Level 5 - Malware and Reverse Engineering

Windows x64 Assembly

Introduction to x64 Assembly on Windows.

History of Malware

Intro to malware history.

Malware Introduction

Intro to malware.

Basic Malware Reverse Engineering

Intro to malware RE.

Intro Windows Reversing

Intro to Windows RE.

JVM reverse engineering

Learn Reverse Engineering for Java Virtual Machine bytecode.

Level 1 - Tools

Windows Fundamentals

Intro to Windows.

Nessus

Intro to nessus scan.

Mitre

Intro to Mitre attack framework.

Intro to Honeypots

Intro to honeypots.

Red Line

Learn how to use Redline to perform memory analysis and scan for IOCs on an endpoint.

Autopsy

Use Autopsy to investigate artifacts from a disk image.

Introduction to digital forensics

Intro to Digital Forensics.

Windows Fundamentals

Intro to Windows.

Nessus

Intro to nessus scan.

IntroSIEM

Introduction to SIEM.

Yara

Intro to yara for malware analysis.

OpenVAS

Intro to openvas.

Intro to Honeypots

Intro to honeypots.

Level 2 - Security Operations, Incident Response & Threat Hunting

Investigating Windows

Investigating Windows.

Juicy Details

A popular juice shop has been breached! Analyze the logs to see what had happened.

Carnage

Apply your analytical skills to analyze the malicious network traffic using Wireshark.

Squid Game

Squid game-themed CTF.

Splunk Boss of the SOC V1

Part of the Blue Primer series, learn how to use Splunk to search through massive amounts of information.

Hunt Conti with Splunk

An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server.

Hunt Conti with Splunk

An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server.

Splunk Boss of the SOC V3

Splunk analysis vol 3.

Hunting for Execution Tactic

Join Cyborg Security's expert threat hunters as they dive into the interesting MITRE ATT&CK Tactic of Execution (TA0002).

Hunting for Credential Access

Join Cyborg Security's expert threat hunters as they dive into the interesting MITRE ATT&CK Tactic of Credential Access (TA0006).

Hunting for Persistence Access

Join Cyborg Security's team of threat hunting instructors for a fun and hands-on-keyboard threat hunting workshop covering the topic of adversarial persistence (TA0003).

Hunting for Defense Evation

Join Cyborg Security's expert threat hunters as they dive into the interesting MITRE ATT&CK Tactic of Defense Evasion (TA0005).

Level 3 - Beginner Forensics, Threat Intel & Cryptography

Threat Intelligence 101

Introduction to Cyber Threat Intelligence.

Threat Intelligence Tools

Explore different OSINT tools used to conduct security threat assessments and investigations.