I’m not going to spend a lot of time building this section out because my focus is on DFIR, however, I do think that learning some hacking helps to better detect and defend.
For this category, “Beginner” assumes that you have a general understanding of the four core training categories listed on the home page.
| Name & Direct Link | Platform | For Beginners | Hands-On Component | Proof of Completion | Topics |
|---|---|---|---|---|---|
| Hackers Arise | Hackers Arise | Various Ethical Hacking Tutorials (Wireless, Password Cracking, Evading AV, Anti-Forensics, WebApp Hacking, Bluetooth Hacking, etc) | |||
| SecurityTube | SecurityTube | Various Ethical Hacking Videos | |||
| Free Short Course: Pen Testing | Charles Sturt University | Yes | Yes - Certificate of Completion | Scoping, Enumeration and Vulnerability Scanning, Exploitation and Password Cracking, Report Writing and Risk Analysis | |
| Kali Linux Revealed | Offensive Security | Linux Fundamentals, Installing Kali, Configuring Kali, Debian Package Management, Kali Linux in the Enterprise, Intro to Security Assessments | |||
| Metasploit Unleashed | Offensive Security | Metasploit Architecture, Exploits, Payloads, Databases, Meterpreter, Nessus, Password Sniffing, Python Extension, Privilege Escalation, Packet Sniffing, Pivoting, Making a Log Entry, Timestomp, Keylogging, John the Ripper, Maintaining Access, Backdoors, and more. | |||
| WebSecurity Academy | PortSwigger | Yes | Web Cache Poisoning, Information Disclosure, XXE Injection, XSS, SQL Injection, CSRF, HTTP Request Smuggling, OS Command Injection, Directory Traversal, Access Control Vulnerabilities, Authentication, Business Logic, Vulnerabilities and more. | ||
| HackerSploit | YouTube - HackerSploit | Yes - Some things such as the Penetration Testing Bootcamp and How to Set Up a Pentesting Lab. | Kali Linux, BlackArch Linux, Metasploitable, Python for Penetration Testing, Burp Suite, OWASP Juice Shop, Recon-ng, Arch Linux, Network Sniffing & Spoofing, NMAP, VulnHub, HTB, TryHackMe, OpenVAS, Bug Bounty | ||
| Hack The Box, HTB Academy & Hacking Battlegrounds | Hack The Box | Yes - HTB Academy has training modules for beginners. Hacking Battlegrounds and Hack The Box require you to hack your way in to be able to create an account. | Yes | Hacking (I hear they also have some forensics challenges but you have to hack your way in to do them). | |
| Offensive Software Exploitation (OSE) Course | GitHub - ashemery | Yes | PE Format, DLLS, Bug Hunting, Fuzzing, Buffer Overflows, Metasploit, Mitigation Techniques, Egghunter, Post Exploitation, x86 and x64 Assembly, Reverse Engineering. | ||
| Hacking Techniques and Intrusion Detection | Open Security Training - Ali Hadi | Yes | Social Engineering, Physical Pentesting, Backtrack Basics, Scoping, Recon, Footprinting, Fingerprinting, Scanning, Software Exploitation, Client Side Attacks, Post Exploitation, Metasploit | ||
| INE Starter Pass (Penetration Testing) | INE | Yes | Yes | Yes | Burp Suite, HTTP Protocols, Wireshark, TCP, UDP, Programming, OSINT, NMAP, Vulnerability Assessment, Nessus, XSS, SQL Injections, Google Hacking, Malware, Web Attacks, System Attacks, Network Attacks, Metasploit |
