FYI I don't get paid for any of these recommendations. Just putting them out there because I have used them personally or heard great things about them.
Cyber Range
Hack The Box
- Free up to $20/month if you want a private instance
- Must have VIP to access challenges and retired machines
- My favorite for offensive skills
- Tons of lab walkthroughs for older machines
TryHackMe
- Free up to $10/month for private instances and premium content
- My favorite for beginners and all around infosec skills
- Recommended for blue teamers
Black Hills ANTISYPHON Cyber Range
- $30/month
- Haven't used but would like to try
- Have seen good feedback on social media
Training Providers
These are training providers I have had great experiences with and most of all, their content is top notch.
InfoSec
Black Hills Antisyphon
It is hard not to recommend this team. They have several courses that are "pay what you can" and are introductory. I haven't taken any courses with them yet but I have heard great things. If you are trying to break into infosec sign up for one of the introductory ones.
Offensive Security
Home of the OSCP and many other awesome courses. If you are on the pen test route, this is one of the top trainers. I have completed the OSCP with them and am currently working on the OSEP.
Sektor7
I have gone through some of their malware dev content and really enjoyed it. If you are looking at malware dev or customizing payloads check them out.
Zero Point Security
I went enjoyed the Red Team Ops course but they do have some other offerings now as well. If you have a solid pen test foundation and want to grow your skills, check them out. I would say Red Team Ops is a good post OSCP course.
It is hard not to recommend this team. They have several courses that are "pay what you can" and are introductory. I haven't taken any courses with them yet but I have heard great things. If you are trying to break into infosec sign up for one of the introductory ones.
Offensive Security
Home of the OSCP and many other awesome courses. If you are on the pen test route, this is one of the top trainers. I have completed the OSCP with them and am currently working on the OSEP.
Sektor7
I have gone through some of their malware dev content and really enjoyed it. If you are looking at malware dev or customizing payloads check them out.
Zero Point Security
I went enjoyed the Red Team Ops course but they do have some other offerings now as well. If you have a solid pen test foundation and want to grow your skills, check them out. I would say Red Team Ops is a good post OSCP course.
Coding
CodeAcademy.com ($0 to 17.49/month)
I like the way the explain concepts and then have you immediately code. For my work as an analyst, pen tester, and purple teamer I have to pick up different languages quickly and this is one of the resources I use when I am trying to get a foundational understanding of a new language. They have a number of free courses but if you want to access all the courses you have to pay 17.49 per month. Not a terrible deal. Students get a discount as well. The bad news is they may bill annually, I am not completely sure. I will find some other low cost training to place here.
Team Tree House ($25/month)
They are more web focused but have really solid content. I used them to study JavaScript mostly but they have courses on most predominate web oriented languages.
I like the way the explain concepts and then have you immediately code. For my work as an analyst, pen tester, and purple teamer I have to pick up different languages quickly and this is one of the resources I use when I am trying to get a foundational understanding of a new language. They have a number of free courses but if you want to access all the courses you have to pay 17.49 per month. Not a terrible deal. Students get a discount as well. The bad news is they may bill annually, I am not completely sure. I will find some other low cost training to place here.
Team Tree House ($25/month)
They are more web focused but have really solid content. I used them to study JavaScript mostly but they have courses on most predominate web oriented languages.
Certifications
Offensive
OSCP (Price: Starts at $1499)
This course changed the way I think offensively. It is by no means easy but your knowledge will grow significantly if you make it through the coveted journey. Highly recommended for you future or junior level pen testers.
This course changed the way I think offensively. It is by no means easy but your knowledge will grow significantly if you make it through the coveted journey. Highly recommended for you future or junior level pen testers.
SOC
CompTIA Security+ (Price:$392)
The gold standard for entry-level general infosec knowledge. This certification is found in more job listings than any other certification for entry-level roles.
CompTIA CySA+ ($392)
Another option if you are looking at going into the SOC. This course has much of the Sec+ stuff but focuses more on SOC analyst skills. I recommend choosing this certification or the Sec+ but not both.
The gold standard for entry-level general infosec knowledge. This certification is found in more job listings than any other certification for entry-level roles.
CompTIA CySA+ ($392)
Another option if you are looking at going into the SOC. This course has much of the Sec+ stuff but focuses more on SOC analyst skills. I recommend choosing this certification or the Sec+ but not both.
Malware Analysis
Great malware analysis courses are hard to find so I wanted to highlight some I have done or have been recommended.
Zero2Automated (Price: Starts at £150 or about $200)
I haven't taken this course but based on one of the creators, students should learn a ton of relevant info. Don't take this expecting it to help your resume. It won't because it isn't well known. If you are looking to learn a few things about malware analysis, this is for you. Thanks @AliceCliment for recommending!
SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques (Price: $8,589 for the course and exam)
This is the companion course for GIAC Reverse Engineering Malware (GREM). Although expensive, at one point this was the best course for malware analysis. The material is great and the certification is well known. If you can get your employer to pay, then definitely worth the money.
Targeted Malware Reverse Engineering (Price: $1400)
Intermediate course from Kaspersky that uses real samples in the labs. I haven't taken this course but it came recommended from @0x_saudi on Twitter. Thanks for the recommendation!
Zero2Automated (Price: Starts at £150 or about $200)
I haven't taken this course but based on one of the creators, students should learn a ton of relevant info. Don't take this expecting it to help your resume. It won't because it isn't well known. If you are looking to learn a few things about malware analysis, this is for you. Thanks @AliceCliment for recommending!
SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques (Price: $8,589 for the course and exam)
This is the companion course for GIAC Reverse Engineering Malware (GREM). Although expensive, at one point this was the best course for malware analysis. The material is great and the certification is well known. If you can get your employer to pay, then definitely worth the money.
Targeted Malware Reverse Engineering (Price: $1400)
Intermediate course from Kaspersky that uses real samples in the labs. I haven't taken this course but it came recommended from @0x_saudi on Twitter. Thanks for the recommendation!