Useful cyber security learning sites: an essential top 10 list of platforms

Here is a short summary list of useful cyber security learning sites, suitable for all levels of experience ranging from novice, through to more advance levels of skills and expertise.

In no particular order:

1. The XSS Rat (https://thexssrat.podia.com/) provides material relating to penetration testing and web application security.

2. TryHackMe (https://tryhackme.com/) has various training paths and rooms relating to both offensive and defensive cyber security. Offers free and paid for content.

3. Security Blue Team (https://securityblue.team/) provides learning material for blue team defenders. Offers certification for working within a SOC environment.

4. OffSec (https://www.offsec.com/) formerly Offensive Security, that offers a premier platform within offensive security for training, certification and community-based activities.

5. Hack The Box (https://www.hackthebox.com/) is a useful platform that offers both free and paid for content, that allows CTF hobbyists to exploit vulnerable machines created by the community.

6. Portswigger (https://portswigger.net/) a professional web application software company that provides the well known BurpSuite tool, and offers a learning platform and certification.

7. PentesterLab (https://www.pentesterlab.com/) is a learning platform for web application testing and several other learning paths, covering learning material useful for cyber security.

8. Altered Security (https://www.alteredsecurity.com/) provides training and certification that focuses more on red teaming, penetration testing Microsoft Active Directory based networks.

9. Zero-Point Security (https://www.zeropointsecurity.co.uk/) is a learning platform that covers red teaming, such as targeting simulated users, using C2 infrastructure, and exploitation.

10. INE (https://ine.com/) a learning company that acquired the eLearnSecurity platform, offering cyber security certifications around penetration testing infrastructure, and web applications.

New CREST penetration testing certifications

CREST has recently announced several new penetration testing certifications:

  • CREST Registered Security Analyst (Penetration Testing) – CRSA
  • CREST Certified Security Consultant (Red Team) – CCSC RED
  • CREST Certified Security Consultant (Networks) – CCSC NET
  • CREST Certified Security Consultant (Web) – CCSC WEB

Further information can be found on the CREST website.

Alien Vault – How to Prepare to Take the OSCP

Offensive Security Certified Professional (OSCP) – Most recognized penetration testing certification in the industry.

  1. Earn after passing the 24-hour performance based exam
  2. Pre-requisite Course: Penetration Testing with Kali Linux (PWK)
  3. Certification proves you have a clear and practical understanding of the penetration testing process and life-cycle
  4. Virtual network containing targets of varying configurations and operating systems
  5. An OSCP is able to identify vulnerabilities and execute attacks in a controlled and focused manner.

Alien Vault – How to Prepare to Take the OSCP: Link

Popular Cybersecurity Certifications 2018

Offensive Security: OSCP, OSCE
EC-Council: CEH
GIAC: GREM, GCFA, GCFE, GNFA, GASF, GCTI, GSEC, GPEN
ISC(2): CISSP, SSCP, CCSP
ISACA: CISM, CRISC, CGEIT
CompTIA: Security+
SABSA Institute: SABSA
CESG: CCP IA
Cisco: CCNA Security, CCNP Security, CCIE Security, CCAr

Note: not a definitive list.

CISSP CPE Requirements

For certification cycles that began on or prior to December 1, 2014

CPE Type Annual Req. 3-Year Total
Group A 20 80
Group A or B N/A 40
Total Required 20 120

For certification cycles that began on or after January 1, 2015

CPE Type Annual Req. 3-Year Total
Group A 30 90
Group A or B 10 30
Total Required 40 120