Everything you need to start your cyber security journey. Curated platforms, tools and learning material from our members.
The best places to practice your skills, from beginner-friendly guided challenges to competitive ranked arenas.
Guided learning paths with browser-based VMs. Perfect for beginners. Start with the "Pre-Security" and "Complete Beginner" paths.
Beginner FriendlyRealistic penetration testing labs and challenges. The "Starting Point" machines are great for beginners, then move to ranked boxes.
IntermediateFree CTF platform by Carnegie Mellon. Excellent jeopardy-style challenges covering crypto, forensics, web, binary and more.
Beginner FriendlySSH-based wargames that teach Linux, networking and security fundamentals. Start with "Bandit" to learn the command line.
Beginner FriendlyThe global CTF event calendar. Find upcoming competitions, team rankings and writeups from past events.
All LevelsFree interactive labs for web security. Covers SQL injection, XSS, CSRF, SSRF and more. Industry-standard training from the makers of Burp Suite.
Web SecurityDownloadable vulnerable VMs to practice on your own machine. Great for offline practice and building your home lab.
IntermediateFree education platform from Arizona State University. Structured courses on binary exploitation, reverse engineering and program security.
Binary ExploitationThe tools we use in sessions and competitions. All free and open source.
Debian-based distro pre-loaded with hundreds of security tools. The industry standard for penetration testing.
kali.orgWeb application security testing toolkit. Intercept, modify and replay HTTP requests. Community edition is free.
portswigger.netNetwork protocol analyser. Capture and inspect traffic in real time. Essential for network forensics challenges.
wireshark.orgNSA's open-source reverse engineering framework. Decompile binaries, analyse malware, solve RE challenges.
ghidra-sre.orgPassword cracking tool supporting hundreds of hash formats. Pair with wordlists like rockyou.txt for CTF challenges.
openwall.com/johnGCHQ's "Cyber Swiss Army Knife". Encode, decode, encrypt, hash and analyse data in the browser. A CTF essential.
CyberChefThe gold standard network scanner. Discover hosts, open ports and running services. The first step in almost every pentest.
nmap.orgThe world's most used penetration testing framework. Exploit development, post-exploitation, and payload generation in one toolkit.
metasploit.comGPU-accelerated password recovery tool. Supports 300+ hash types with advanced rule-based and mask attacks.
hashcat.netFast directory and DNS brute-forcing tool written in Go. Essential for web enumeration and finding hidden paths on targets.
GitHubPython library for writing exploits. Makes binary exploitation, shellcode crafting and CTF scripting much easier.
docs.pwntools.comVideos, courses and reading material to build your foundations.
CTF walkthroughs, malware analysis and security tutorials. One of the best cyber security YouTubers for hands-on learning.
YouTubeDeep dives into binary exploitation, web security and CTF techniques. Excellent for understanding the "why" behind vulnerabilities.
YouTubeThe definitive list of the most critical web application security risks. Essential reading for anyone interested in web security.
ReferenceEngaging tutorials on networking, Linux, hacking and IT careers. Great for beginners wanting an energetic introduction to cyber security.
YouTubeComprehensive pentesting wiki. Cheat sheets and methodology for privilege escalation, AD attacks, web exploits and more. Bookmark this one.
ReferenceNetworking and ethical hacking tutorials. Covers Cisco, Python for networking, and interviews with industry professionals.
YouTubeIndustry-recognised certifications to boost your career. Many offer student discounts.
Hands-on red team certification from Zero Point Security. Covers Cobalt Strike, Active Directory attacks, evasion and C2 infrastructure. Highly practical.
AdvancedHack The Box Certified Penetration Testing Specialist. Hands-on exam covering the full pentest lifecycle from recon to reporting. Respected practical certification.
AdvancedSecurity Operations Analyst certification. Covers Microsoft Sentinel, Defender and threat hunting. Great for SOC analyst roles and blue team careers.
IntermediatePractical blue team certification covering SIEM, incident response, threat intelligence and digital forensics. Great for defensive security roles.
IntermediateFree entry-level certification from ISC2. Covers security principles, network security, and incident response. Free training and exam for the first million candidates.
Free / Entry LevelFree foundational badge from IBM covering security concepts, threats, incident response and compliance. A solid starting point for your CV.
Free / Entry LevelCisco's free ethical hacking certification covering penetration testing methodology, network exploitation and vulnerability assessment with industry-recognised credentials.
Free / IntermediatePast session materials, CTF writeups, challenge files and tools built by our members. Everything is open source.
Visit DMUHackers on GitHub