Build a home hacker lab using SecGen

SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events.

Cyber Springboard | Card

Experiment with unicode homoglyphs

Homoglyphs or homographs are characters (letter and number) that look alike. A homoglyph attack is where a threat actor uses characters that look alike to deceive users into trusting an email or website when they should not.

Cyber Springboard | Card

Explore OSINT tools on OSINT Framework

OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.

Cyber Springboard | Card

Explore Python's Faker library

Faker is a Python package that generates fake data for you. Adversaries may use such tools to generate test data, for example when conducting phishing.

Cyber Springboard | Card

Explore Shodan

Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions.

Cyber Springboard | Card

Learn about the MITRE ATT&CK framework

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Cyber Springboard | Card

Learn hacking skills using HackTheBox

Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.

Cyber Springboard | Card

Listen to the Risky Business podcast

Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.

Cyber Springboard | Card

Play around with Objective-See's macOS security tools

Objective-See is a non-profit that creates simple, effective macOS security tools. Their tools are free and open-source.

Cyber Springboard | Card

Play the Citadel Programming Lab from CyBOK

The Citadel Programming Lab is an online virtual secure coding game-based computer lab. The Lab combines a tower defence game with 6 security programming tasks. The lab is based on a serious game approach to join learning and playfulness. The lab’s platform combines a Unity game linked with a coding environment based on an instance of GitLab. The game elements and coding exercises are linked to CyBOK, the Cybersecurity Body of Knowledge, to map its cybersecurity content.

Cyber Springboard | Card

Read an NCSC guidance document

The UK's National Cyber Security Centre (NCSC) publish guidance and reports across a wide range of topics. Reading one of these guides will give you insight into the challenges faced in the real world.

Cyber Springboard | Card

Read a Project Zero write up

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. They provide comprehensive write-ups of the vulnerabilities they discover, and their work to work with the wide community to remediate them.

Cyber Springboard | Card

Read PagerDuty's 'Security Training for Everyone'

This is an open-source version of "Security Training for Everyone", PagerDuty's internal employee security training, given to all PagerDuty employees as part of our annual security training program. The main topics covered in this training are: Social Engineering - Primarily phishing and how to detect and report such attacks. Passwords - A crash course in how passwords are cracked, and why it’s important to have strong passwords. Physical Security - Guidelines for maintaining the security of our offices and equipment. Data Handling - The different types of data we have and how to properly handle that data. Compliance - How compliance affects our day-to-day operations.

Cyber Springboard | Card

Read the CyBOK Adversarial Behaviours Knowledge Area introduction

The Cyber Security Body Of Knowledge is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic. The project, funded by the National Cyber Security Programme, is led by the University of Bristol's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor Steve Schneider, Dr Yulia Cherdantseva, Dr Rod Chapman and Dr Marina Krotofil.

Cyber Springboard | Card

Try an online OSINT tutorial

Open-Source Intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce intelligence.

Cyber Springboard | Card

Try out bWAPP

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP. Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.

Cyber Springboard | Card

Try The Backdoor Factory (BDF)

The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

Cyber Springboard | Card

Use Frida

Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts.

Cyber Springboard | Card

Use Metapsloit to compromise a virtual machine

Metasploit is the world’s most used penetration testing framework.

Cyber Springboard | Card

Use sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Cyber Springboard | Card