🌍 If English is not your native language...
- Videos:
- You may wish to slow down the video speed and enable subtitles (if available), as some of the speakers may talk a bit quickly.
- Text:
- While not perfect, you may wish to use a translation service to clarify any points that you may be stuck on
New to IT or Cybersecurity?
Are you a complete beginner to the field of Information Technology or Cybersecurity? Or, perhaps you have a bit of experience, but are looking for a review of the fundamentals. Either way, I've put together a learning path of high quality and free resources that will help you cement a solid foundation.
ℹ️
In the interest of keeping this page tidy and focused on the free informational resources found below, I've moved the learning path to its own dedicated page.
IT and Cybersecurity Learning Path
In this post, I suggest free resources that newcomers to IT and cybersecurity can use to build a solid set of foundational skills to secure their careers
0xBEN
Informational Resources
Systems Administration
Core Systems Concepts
- Storage
- CPU
- Memory
- Boot procedure
- System internals
- Core directories
- Filesystem hierarchy
- Windows Registry
- Event and audit logs
Shells and Terminals
This is a fantastic history lesson on the way humans have interacted with computer systems. It's a long read, but it is very educational and covers the primitive terminals with punch cards all the way to the current terminal emulators as we know them today.
A Guide to the Terminal, Console, and Shell
The terminal is the result of its history, from the telegram to our terminal emulators. What is the difference with a console? The shell?
Matthieu Cneude
Terminal Emulators
The terms console and terminal are used interchangeably to reference the software run by the user to emulate bygone physical terminals. Whether you choose to call it a terminal or a console, this piece of software presents to you the command-line interface via which your commands are passed to the shell.
GitHub - cdleon/awesome-terminals: Terminal Emulators
Terminal Emulators. Contribute to cdleon/awesome-terminals development by creating an account on GitHub.
cdleonUnix-like Shells
shbashcshfishkshshtcshzshpwsh— PowerShell
Windows Shells
powershellcmd— Legacy command prompt
Common Command Line Operations
Create, delete, modify files and directories
ls , mkdir , cd , touch , nano , cp , mv , rm , vim , Get-ChildItem , New-Item , Copy-Item , Move-Item , Rename-Item , Remove-Item
Manipulating file contents and text streams
grep , cat , sed , awk , tr , cut , paste
PowerShell: -split , -replace , -join
Managing processes and services
ps , kill , systemctl , service , strace , Get-Process , Stop-Process , Get-Service , Stop-Service , Restart-Service
Installing and uninstalling packages
apt , yum , pkg , pacman , zypper , winget , Install-Package , Uninstall-Package
Downloading files and interacting with the web
wget , curl , Invoke-WebRequest , Invoke-RestMethod , [System.Net.WebClient]::DownloadFile()
Systems Administration Resources
Cheat Sheets
- Linux command quick reference and examples — tl;dr
- Linux command parameter reference — ExplainShell
- Linux SysAdmin Quick Reference — Cheatography
- Interactive crontab schedule expression editor — Crontab.guru
- PowerShell cmdlet lookup — PDQ
- PowerShell cmdlet reference — SS64
- Ultimate sysadmin toolbox (PDF) — SpamTitan
Hands-On Labs
Free Linux Training
Free Windows Training
- Windows server deployment and administration — Microsoft Learn
- Learn PowerShell through challenges — UnderTheWire
Collections of Resources
Computer Networking
Core Networking Concepts
- IP addressing
- Subnetting
- Routing (ping, layer 3)
- Switching (ARP, layer 2)
- Firewalls
- TCP/UDP protocols & ports
- VLANs
- Tunnels
- Proxies
- DNS
- OSI model
- TCP/IP model
- Computer Networking Flowchart
- Computer Networking Fundamentals
Networking Tools
IP Configuration
ip address,ip neighbor,ip linkGet-NetAdapterGet-NetIPConfigoripconfigGet-NetIPAddressGet-NetNeighbor- IP Subnet Calculator
Host Discovery
pingarp-scannmap
Packet Capture and Analysis
- Wireshark and
tshark tcpdump
Sockets
netcatorncsocatnetstatorss
DNS Troubleshooting
nslookupordig/etc/resolv.confResolve-DnsNameGet-DnsClientServerAddressGet-DnsClientCache- DNS Dumpster
- MXToolbox
Remote Connectivity
- OpenVPN
- Wireguard
- IPsec
sshscp- plink.exe
Firewalls
firewalldiptablespf- Windows Firewall (PowerShell
NetSecuritymodule ornetsh)
Proxies
HTTP Inspection & Tampering
HTTP Proxy & Filtering
SOCKS Proxy
- Apache (TCP / UDP streams)
- microsocks
- Nginx (TCP / UDP streams)
Privacy
Computer Networking Resources
Routing and Switching
TCP/IP
- Well-known port numbers and services list — MeridianOutpost
Encapsulation
Network Address Translation (NAT)
Domain Name System (DNS)
- Learn how DNS works — YouTube
Subnetting
- Quick subnetting — TechExams Community
- IP Addressing and Subnetting
Cryptography
- TLS Handshake Explained — CloudFlare
- SSH protocol overview — YouTube
Proxies
- Comparing forward and reverse proxies — CloudFlare
Onion Routing
- How Tor works — YouTube
Free Networking Courses
Free Hands-On Labs
- GNS3 Computer Networking Lab — University of the Pacific
- Wireshark Tutorial for Beginners — YouTube
Collections of Resources
Web
Core Web Concepts
- HTTP methods and headers
- Web servers
- Proxies
- Directories and files
- HTML
- CSS
- JavaScript
- Databases
- Inputs and parameters
Web Tools
CLI HTTP Clients
curlwgetInvoke-WebRequestInvoke-RestMethod
DOM Inspection
- Browser developer tools (F12 key)
Content Discovery
gobusterferoxbuster
Brute Force
hydraffuf
Web Stack Analyzers
Web Application Firewalls (WAF)
Web Resources
HTTP Fundamentals
- HTTP request methods reference — Mozilla Developers
- HTTP headers reference — Wikipedia
Web Development
- Learn HTML interactively — Codecademy
- Learn CSS interactively — Codecademy
- Learn JavaScript interactively — Codecademy
- Learn SQL interactively — Codecademy
- Learn Node.js interactively — Codecademy
Web Server Administration
Web Security
- Web Security Academy — PortSwigger
- The web in depth — Hacker101
- Exploit Database (not exclusively web) — OffSec
Search Engine Cheat Sheets
- Google search operators reference — Kinsta
Computer Programming
Core Programming Concepts
- Object-oriented programming (OOP)
- Data types
- Variables
- Flow logic (if/else)
- Loops
- Functions
- Source code review
- Modifying exploits
REPL
- Read
- An interpreter reads your input
- Evaluate
- An interpreter executes (evaluates) your instructions
- Print
- An interpreter prints any output or errors
- Loop
- An interpreter loops back to repeat the process
Example Programming Languages with a REPL
- Python
- PowerShell
- JavaScript (Node.js)
💡
Learning to code first with a REPL as a beginner can be highly beneficial, as you can run and change your code on the fly without waiting for a compiler or debugger, getting instant feedback on your input
Computer Programming Resources
Compiled & Scripting Languages
Overview of Compiled and Interpreted Languages
Example Interpreted (Scripting) Languages
- Bash
- JavaScript
- PowerShell
- Python
- Ruby
Example Compiled Languages
- C
- C++
- C#
- Java
Multi-language Training
- Extensive list of programming language tutorials — Exercism.org
Free Bash Training
- Learn the basics of shell scripting — shellscript.sh
- Interactive shell scripting tutorial — learnshell.org
Free PowerShell Training
- Introduction to PowerShell
- Learn PowerShell through Challenges — UnderTheWire
- Automate tasks using PowerShell — Microsoft Learn
Free Python Training
- Intro to Python — Udacity
- Free interactive Python tutorial — learnpython.org
- Full intro to Python course — YouTube
L337 Coding Challenges
- Competitive coding challenges in multiple languages — Codewars
- Online coding tests — HackerRank
Cybersecurity
Offensive Security
Training Platforms
- 247CTF — Test your hacking skills on a variety of challenges
- Cryptopals — Learn about cryptography and associated attacks
- Hacker101 CTF — CTF challenges by Hacker1
- HackingHub — Collection of cloud-hosted hacking challenges
- HackTheBox — Practice your ethical hacking skills
- HackTheBox Academy — Learn and practice cybersecurity in depth
- HackSplaining — Overview of mitigating and exploiting common vulnerabilities
- Malware Bible by Malcore — Intro to Malware Development
- OverTheWire — Linux security challenges
- picoCTF — Computer security challenges by Carnegie Mellon University
- PentesterLab — Learn web application security and source code review
- PortSwigger Web Security Academy — Learn web security interactively
- Proving Grounds — OffSec official ethical hacking practice
- pwn.college — Challenges spanning a wide variety of security topics
- pwnable.kr — Interactive security challenges
- PWNED LABS — Free tier and paid tier cloud security challenges
- TryHackMe — Learn and practice cybersecurity
- The Cyber Mentor Academy — Free and subscription tiers
- Unescape() Room — XSS Challenges by Jober Tabma
Cheat Sheets
- Active Directory Exploitation Cheat Sheet
- GTFOBins — Check if a Linux binary can be abused
- HackTricks — Extensive list of quick hacking tips and tricks
- ired.team — A large knowledge base of red teaming tips and tricks
- Hacking Tools Cheat Sheet (PDF) — Compass Security
- LOLBAS — Check if a Windows binary can be abused
- netsec.ws Metasploit payloads list
- netsec.ws List of TTY generators
- pentestmonkey — Reverse Shell Cheat Sheet
- The Hacker Recipes — Yet another extensive list of hacking tips
- WADComs — Check if a Windows / AD binary can be abused
Collections of Resources
Defensive Security
Training Platforms
- Blue Team Labs Online
- Crackmes Binary analysis practice
- Cryptopals — Learn about cryptography and associated attacks
- CyberDefenders — Interactive blue team training
- HackSplaining — Overview of mitigating and exploiting common vulnerabilities
- HackTheBox Academy — Learn and practice cybersecurity in depth
- LetsDefend — Hands-on blue team training and simulated investigations
- pwn.college — Challenges spanning a wide variety of security topics
- The Cyber Mentor Academy — Free and subscription tiers
Defense Frameworks
- MITRE ATT&CK — Adversary TTPs at various stages
- MITRE Engage — Learn how to engage the adversary
- Lockheed Martin Cyber Kill Chain
- NIST Cybersecurity Framework
Cheat Sheets
Collections of Resources
- GitHub repo with an extensive list of blue team tools and resources
- GitHub repo with an extensive list of system hardening resources
- GitHub repo with an extensive list of threat hunting resources
- GitHub repo with an extensive list of cyber Threat Intel resources
- Large list of various cybersecurity cheat sheets — Reddit
- SANS Blue Team Operations (Lots of good stuff buried in menus)
- Ultimate sysadmin toolbox (PDF) — SpamTitan
From the Community
Sorted alphabetically and not by any specific preference
Community Links
- https://b1g-b33f.github.io/
- https://bl34chig0.github.io/
- https://brittwhite.io/
- https://croclius.com/
- https://emptybutter.github.io/
- https://forfoxsake.dev/
- https://gatari.dev/
- https://gereshknw.com/
- https://github.com/0xarun/Active-Directory
- https://github.com/b1g-b33f
- https://github.com/bmurrtech/how-to-homelab
- https://github.com/U53RW4R3/SCPA
- https://grimmie.net/
- https://hacksmarter.org/
- https://ip3c4c.com/
- https://jacobheater.com/
- https://medium.com/@cham3leon
- https://niraj.page/index.html
- https://ph.dj.je/en/miscellaneous/teach-yourself-infosec
- https://ping-sec.com/
- https://slyf0x.blog/
- https://truck-2-tech.com/
- https://www.andrewbellini.com/
- https://www.hooperlabs.xyz/index.php
- https://zweilosec.gitbook.io/hackers-rest
