Learning

Advanced pentesting platform with machines, challenges and a structured Academy with courses from beginner to expert.

Beginner-friendly platform with guided learning rooms covering hacking, networking and defence. Perfect for starting from scratch.

The go-to tracker for CTF competitions worldwide. Find upcoming events, follow team rankings, and browse past writeups.

Danish cybersecurity learning platform with courses and workshops aimed at both beginners and experienced security professionals.

Free, in-depth course platform from the creators of Burp Suite. Covers everything in web application security with labs and explanations.

Danish cybersecurity platform with hands-on labs and exercises. Focuses on practical learning in network security and hacking.

Practically focused courses in ethical hacking and pentesting. Known for the Practical Ethical Hacking course and affordable pricing.

Hands-on platform focused on web application security. Exercises built around real vulnerabilities such as SQL injection, XSS, XXE and deserialisation.

Classic open source practice app with vulnerabilities across difficulty levels. Perfect for practising SQL injection, brute force, file inclusion and command injection locally.

Interactive and visual platform that explains common attack types step by step. Ideal introduction to OWASP Top 10 for both developers and security professionals.

The most comprehensive guide to testing web application security. Covers everything from authentication and session management to API security and encryption.

Developer-focused security learning with lessons on vulnerable code in real programming languages. Covers injection, XXE, SSRF, insecure deserialization and much more.

Deliberately vulnerable web application designed to teach about security flaws in practice. Run locally and learn by exploiting OWASP Top 10 vulnerabilities in a safe environment.

The largest public database of exploits and vulnerable software. Maintained by Offensive Security and used by penetration testers to find known CVE exploits.

Curated list of Unix binaries that can be used to escalate privileges, bypass restrictions or establish reverse shells. Indispensable during Linux privilege escalation.

Comprehensive wiki with techniques, tricks and cheatsheets for penetration testing and CTF. Covers network, Active Directory, cloud, web and much more — used by professionals worldwide.

The Windows equivalent of GTFOBins. A collection of Windows binaries, scripts and libraries that can be abused by attackers to evade detection and escalate privileges.

The world's most recognised penetration testing course from Offensive Security. Hands-on lab environment focused on practical exploitation, privilege escalation and report writing.

Open GitHub repository with a huge collection of payloads and bypasses for use during penetration testing. Covers everything from SQLi and XSS to SSRF, XXE and file upload bypasses.

Aron Lange's blog on Governance, Risk and Compliance with practical insight into risk management, compliance frameworks and security policies.

Globally recognised knowledge base of attack techniques and tactics used by threat actors. An indispensable reference for threat modelling and SOC work.

Open source project with guidelines, documentation and resources on web security. OWASP Top 10 is the standard reference for web vulnerabilities.

In-depth threat intelligence reports and real-world incident response case studies covering malware, ransomware, and adversary techniques.

YouTube channel with detailed walkthroughs of Hack The Box machines. One of the best ways to learn pentesting methodology.

YouTube channel and blog with in-depth videos on CTF solutions, reverse engineering and bug bounty. Excellent for understanding low-level security.

Jack Rhysider's award-winning podcast about true stories from the dark side of the internet — hackers, data breaches, cybercrime and state-sponsored attacks. One of the best introductions to infosec.

Daily 5-minute podcast from SANS Internet Storm Center covering the latest threats, vulnerabilities and security news. Perfect for staying up to date on a daily basis.

Podcast from Cybereason telling the true stories behind major cyberattacks and security incidents. In-depth research and well-crafted narrative about APT groups and cybercrime.

Weekly podcast with Patrick Gray interviewing the most influential voices in the security industry. Focus on current events, policy and trends in cybersecurity.

Long-running weekly podcast with Steve Gibson and Leo Laporte going deep on technical security topics — encryption, protocols, vulnerabilities and current attacks.

Weekly podcast with Graham Cluley and Carole Theriault covering the latest cybersecurity news with humour and insight. A great mix of serious content and entertainment.