Cybersecurity learning/training
YouTube Learning
Here are the clickable YouTube links for your learnings
- Hak5 - Ethical hacking channel
- Infosec - General Cybersecurity Knowledge
- Simply Cyber- Cybersecurity career, cybersecurity updates
- The Cyber Mentor - Cybersecurity Education
- DC CyberSec — Cybersecurity career, mentorship
- Level Effect - General Cybersecurity Knowledge and Training
- HackerRats - Bug bounty and ethical hacking
- Network Chuck — IT, cybersecurity, hacking
- Professor Messer — IT, Cybersecurity, certifications training and guide
- Hammond – Practical CTFs, malware analysis, beginner-friendly hacking
- LiveOverflow – Hands-on hacking challenges explained (CTFs, low-level)
- IppSec – In-depth Hack The Box and CTF solution walkthroughs
- Computerphile – Cybersecurity concepts explained simply
- Security Weekly – News, discussions, and interviews in cyber
- 13Cubed – Forensics, DFIR, and niche tool tutorials
- Hackersploit – Ethical hacking, tutorials, cybersecurity fundamentals
- PowerDMARC – Focused on email security and DMARC best practices
- MalwareTechBlog – Malware research, threat analysis, reverse engineering
- Security Onion Solutions – Security Onion training, Threat hunting and tool demos
- The CyberWire – Daily cybersecurity news summaries
- The Cyber Chronicle – Weekly cyber news roundups and commentaries
- SANS Institute – Advanced webinars and training from top professionals
- Cloud Security Podcast – Cloud security trends from experienced CISOs
- The PC Security Channel — cybersecurity education, tutorials
- Cyberspatial — Cybersecurity education and training
- Null Byte — ethical hacking, infosec, computer science
- Cybrary — cybersecurity podcast
- Black Hat - information security research, development, and trends
Podcasts
Cybersecurity headlines - . Produced by the CISO Series, it's designed for busy professionals who want to stay informed without the fluff.
Cybersecurity today - this podcast (from IT World Canada) covers the latest cyber threats, data breaches, security best practices, and industry updates.
Darknet Diaries - Hosted by Jack Rhysider, this podcast dives into real-life stories of hackers, breaches, cybercrime, and digital espionage.
Cyberwire Daily - A fast-paced daily news briefing on cyber threats, security updates, and interviews with industry leaders.
DISCARDED: Tales from the Threat Research Trenches
SANS Daily StormCast - provides a rapid-fire update on critical cybersecurity threats, vulnerabilities, and incidents happening around the world. It's perfect for professionals wanting to stay current without a big time commitment.
Daily Cyber Threat Brief by Simply Cyber
Security Now - it covers everything from new vulnerabilities to foundational cybersecurity concepts.
Risky Business - focused on cybersecurity news, in-depth interviews, and analysis of the latest incidents.
Hacked
A tech podcast exploring strange and interesting stories in the world of cybersecurity, privacy, and digital culture.
The Privacy, Security & OSINT Show - focuses on privacy strategies, open-source intelligence (OSINT), and security techniques. It’s highly respected among privacy advocates and investigators.
No Such Podcast (NSA) - An official podcast from the U.S. National Security Agency (NSA), it provides insights into national security, cryptology, cybersecurity policy, and careers within the agency.
CISO Series Podcast - A podcast network built for cybersecurity professionals in leadership and decision-making roles.
Cyber Rants - The Refreshingly Real Cybersecurity Podcasts
Smashing Security - Lighthearted and humorous takes on serious cybersecurity topics, hosted by security veterans Graham Cluley and Carole Theriault.
Malicious Life - Tells fascinating stories behind the most significant cyber attacks in history. Produced by Cybereason.
Microsoft Threat Intelligence Podcast - Provides analysis on nation-state actors, malware campaigns, and how Microsoft handles global cyber threats.
Talos Takes - Produced by Cisco Talos, it offers quick 5–10 minute episodes on vulnerabilities and threat actor behavior.
Defensive Security Podcast- Weekly commentary on current security events, breach analysis, and practical defense strategies.
Hacker Valley Studio - Features interviews with cybersecurity professionals and explores the human side of cyber careers.
SANS Blueprint Podcast - Practical episodes focused on blue teaming, SOC operations, and security architecture.
Security Stormcast
Down the Security Rabbithole Podcast
Recorded Future - Inside Security Intelligence
Defensive Security Podcast
Brakeing Down Security
Malicious Life
Hacking Humans
Caveat - Cyber Law and Policy
SANS Blueprint
Training Platforms & Labs
- TryHackMe - Interactive, gamified cybersecurity labs for beginners to advanced learners.
- Hack The Box - Realistic penetration testing labs and challenges focused on ethical hacking.
- Cybrary - Offers a wide variety of cybersecurity courses, career paths, and labs.
- INE (formerly eLearnSecurity) - Known for advanced hands-on training in penetration testing, cloud, and incident response
- TCM Security Academy - Offers affordable, beginner-friendly and practical ethical hacking and blue team courses
- Blue Team Labs Online - Labs and challenges specifically for blue teamers (defensive security roles)
- PentesterLab - Teaches web app hacking via real-world vulnerabilities. Great for OWASP skills.
- TryHackMe Paths (Red Team / Blue Team / SOC) - Dedicated structured paths for beginners, SOC Analysts, and offensive security roles
- Pluralsight - Professional-grade cybersecurity and cloud security courses https://www.pluralsight.com
- Udemy (Cybersecurity Courses)- Affordable, broad range of cybersecurity courses by various instructors.🔗 https://www.udemy.com
- PortSwigger Web Security Academy - Free, world-class training focused on web application security. 🔗 https://portswigger.net/web-security
- Security Blue Team - Certifications and labs focused purely on blue team skills and roles. 🔗 https://securityblue.team
- Open Security Training - In-depth technical courses on topics like reverse engineering and exploitation. 🔗 http://opensecuritytraining.info
- SANS Cyber Aces - Free foundational training from the highly respected SANS Institute. 🔗 https://www.cyberaces.org
- HTB Academy (by Hack The Box) -Structured learning paths from beginner to expert-level ethical hacking. 🔗 https://academy.hackthebox.com
- AttackIQ Academy offers free courses taught by experienced cybersecurity practitioners. These include intermediate training paths on the MITRE ATT&CK framework, purple teaming, and breach-and-attack simulation. https://www.academy.attackiq.com
- Level Effect provides immersive cybersecurity training tailored to real-world defensive security roles. Also offers free cybersecurity training for beginners on their YouTube channel. https://www.leveleffect.com
- CyberDefenders delivers hands-on blue team training through CTF-style challenges simulating real-world threat scenarios. https://cyberdefenders.org
- LetsDefend offers an interactive SOC analyst training platform that simulates investigating real cyberattacks within a SOC environment. https://letsdefend.io
- RangeForce offers a free version with hands-on challenges and exercises in areas such as malware analysis, incident response, email analysis, and reverse engineering. https://www.rangeforce.com
- ACE Responder is designed to enhance blue team skills. It focuses on scenario-based challenges that cover incident detection, investigation, and response. https://aceresponder.com
- 𝗢𝘃𝗲𝗿𝗧𝗵𝗲𝗪𝗶𝗿𝗲 offers interactive war game challenges to help learners explore and practice core cybersecurity concepts, making it great for beginners. https://overthewire.org/wargames
- Microsoft Learn is a free learning platform designed to help learners gain expertise in Microsoft technologies with several learning paths for roles like Security Analyst, Security Engineer etc. https://www.linkedin.com/company/microsoftlearn
- splunk free training - https://www.splunk.com/en_us/training/free-courses/overview.html
- CyberTalents - https://cybertalents.com/challenges
- HackXpert - Free labs and training.
- Root Me - Over 400 cybersecurity challenges.
- Vuln Hub - Material for practical hands-on experience.
- CyberSecLabs - High quality training labs. https://www.cyberseclabs.org
ctfs
Cybersecurity Updates
- IT Security Guru
- Security Weekly
- The Hacker News
Infosecurity Magazine
The State of Security - Tripwire
The Last Watchdog
Naked Security
Graham Cluley
Cyber Magazine
WeLiveSecurity
Dark Reading
Threatpost
Krebs on Security
Help Net Security
HackRead
SearchSecurity
TechWorm
GBHackers On Security
CyberWire
Cyber Defense Magazine
Hacker Combat
Cybers Guards
Cybersecurity Insiders
Information Security Buzz
The Security Ledger
Security Gladiators
Infosec Land
Cyber Security Review
Comodo News
Internet Storm Center | SANS
Daniel Miessler
TaoSecurity
Reddit
All InfoSec News
CVE Trends
Securibee
Twitter
threatABLE
Troy Hunt's Blog
Errata Security
Data Breach Today
Cyberdaily
Bleeping Computer
Help Net Security
OSINT
VirusTotal – Scans files/URLs with 70+ antivirus engines to detect malicious content → https://www.virustotal.com
Hybrid Analysis – Deep malware analysis tool with behavioral reports and sandboxing → https://www.hybrid-analysis.com
ANY.RUN – Interactive malware sandbox and live process visualizer → https://any.run
Joe Sandbox – Advanced malware behavior analysis and threat intelligence tool → https://www.joesandbox.com
Cuckoo Sandbox – Open-source automated malware analysis system → https://cuckoosandbox.org
Talos Intelligence (Cisco) – Reputation data, IP/domain/URL lookup, threat intelligence → https://talosintelligence.com
AlienVault OTX – Real-time threat intelligence sharing and indicator search → https://otx.alienvault.com
AbuseIPDB – Crowd-sourced database of malicious IPs for abuse and attack detection → https://www.abuseipdb.com
IPVoid – Check IP reputation, DNS, blacklist status, and open ports → https://www.ipvoid.com
URLVoid – Analyze websites and check URL reputation using multiple sources → https://www.urlvoid.com
CVE Details – Browse and research vulnerabilities by product, CVE, vendor, etc. → https://www.cvedetails.com
National Vulnerability Database (NVD) – U.S. government repository for CVEs and metrics → https://nvd.nist.gov
Exploit-DB – Archive of public exploits, proof-of-concepts, and offensive security tools → https://www.exploit-db.com
Shodan – Search engine for internet-connected devices, services, ports, and banners → https://www.shodan.io
Maltego – Link analysis and relationship mapping tool for OSINT and investigations → https://www.maltego.com
DNSTwist – Identifies phishing domains by generating and checking typo-squatted versions → https://github.com/elceef/dnstwist
Creepy – Tool for geolocation and social media footprinting based on shared content → https://github.com/ilektrojohn/creepy
FOCA – Extracts metadata and hidden info from documents for footprinting → https://www.elevenpaths.com/labstools/foca/index.html
ExifTool – Extracts metadata from image, PDF, DOC, and other file types → https://exiftool.org
Twint – Twitter scraper to extract tweets and metadata without needing API keys → https://github.com/twintproject/twint
Google Dorks – Advanced Google search operators for locating sensitive files and pages → https://www.exploit-db.com/google-hacking-database
Onyphe – Cyber threat intelligence engine for IPs, leaks, exposures, and ports → https://www.onyphe.io
MalwareBazaar (abuse.ch) – Malware sample repository for hash-based searches and threat data → https://bazaar.abuse.ch
ThreatFox (abuse.ch) – IOCs feed (IPs, domains, URLs, hashes) related to malware infrastructure → https://threatfox.abuse.ch
URLScan.io – Visual scan of any website for identifying redirects, phishing, or embedded resources → https://urlscan.io
MetaDefender – Multiscanning and sanitization tool for files and URLs → https://metadefender.opswat.com
Pulsedive – IOC enrichment, threat intelligence search engine for domains, IPs, and URLs → https://pulsedive.com
GreyNoise – Detects internet-wide scans and provides context for noisy IPs → https://www.greynoise.io
ThreatMiner – Passive DNS, malware analysis, and IOC enrichment platform → https://www.threatminer.org
Censys – Scan and explore live internet-facing hosts, certs, and services → https://censys.io
RiskIQ Community – Surface web, WHOIS, and passive DNS lookup tool → https://community.riskiq.com
Have I Been Pwned – Check email address for breaches or data leaks → https://haveibeenpwned.com
Spyse (now part of SecurityTrails) – Cybersecurity search engine for IPs, domains, DNS, and certs → https://securitytrails.com
Leak-Lookup – Search for leaked credentials (usernames/emails/passwords) in past breaches → https://leak-lookup.com
SecurityTrails – Real-time asset discovery and threat surface visibility platform → https://securitytrails.com
IntelligenceX – Search engine for archives, leaks, darknet, domains, and emails → https://intelx.io
WhoisXML API – WHOIS, DNS, and IP intelligence data for enrichment and investigations → https://www.whoisxmlapi.com
SpiderFoot – Automated OSINT tool for IPs, emails, domains, and more → https://www.spiderfoot.net
CERT.at Passive DNS – Passive DNS lookup for domains and IPs → https://www.cert.at/pdns
Sherlock – OSINT tool to find usernames across many social media sites → https://github.com/sherlock-project/sherlock
OTX AlienVault Passive DNS – Passive DNS database via OTX for domain/IP history → https://otx.alienvault.com
Recon-ng – Web reconnaissance framework for open-source discovery → https://github.com/lanmaster53/recon-ng
Hunter.io – Finds email addresses and contact info based on domain → https://hunter.io
theHarvester – Collects emails, subdomains, hosts from search engines and public sources → https://github.com/laramies/theHarvester
EmailRep.io – Checks email address reputation and risk factors → https://emailrep.io
Tools
Security Information & Event Management (SIEM)
Splunk
Elastic SIEM (ELK Stack)
Microsoft Sentinel
ArcSight
LogRhythm
Endpoint Detection & Response (EDR) / Antivirus
CrowdStrike Falcon
SentinelOne
Carbon Black (VMware)
Microsoft Defender for Endpoint
Sophos Intercept X
ESET Enterprise Inspector
Trend Micro Apex One
Network Monitoring & Traffic Analysis
Wireshark
Zeek
Nmap
tcpdump
NetFlow
Snort
Suricata
Vulnerability Scanning & Management
Qualys
Nessus
OpenVAS
Rapid7 InsightVM
Burp Suite (for web apps)
Nexpose
Firewall & IDS/IPS
pfSense
Palo Alto NGFW
Snort
Check Point
Suricata
Fortinet FortiGate
Cisco ASA/Firepower
Threat Intelligence Platforms (TIP) & IOC Lookup
AlienVault OTX
MISP (Open Source Threat Intel Platform)
VirusTotal
GreyNoise
Cisco Talos Intelligence
ThreatFox
AbuseIPDB
Digital Forensics & Incident Response (DFIR)
Autopsy/Sleuth Kit
KAPE (Kroll Artifact Parser and Extractor)
Volatility
Magnet AXIOM
FTK Imager
Redline (FireEye)
X-Ways Forensics
Penetration Testing & Exploitation
Kali Linux (OS with pre-installed tools)
Cobalt Strike (red team use)
Metasploit Framework
Empire
Burp Suite
Nikto
SQLMap
Hydra
Nmap
John the Ripper
Security Automation & Orchestration (SOAR)
Splunk SOAR (Phantom)
TheHive Project (open source)
Cortex XSOAR (Palo Alto)
IBM Resilient
Swimlane
Operating Systems & Environments
Linux (Ubuntu, Kali, CentOS)
Virtualization Tools (VMware, VirtualBox, Hyper-V)
Windows (Server + Client)
PowerShell & Bash
Active Directory
Reverse Engineering & Malware Analysis
IDA Pro
Apktool (for Android)
Ghidra
PEStudio
x64dbg
OllyDbg
Radare2
Cyberchef
Asset & Configuration Management
Ansible
Microsoft SCCM
Chef
OpenSCAP
Puppet
Rudder
Documentation, Ticketing & Collaboration
Jira
RTIR (Request Tracker for Incident Response)
ServiceNow
TheHive
Confluence