Here is a list of sites we find nice and good for learning more cyber security.
- Hacksplaining explains common vulnerabilities, and describes how to prevent them when coding.
- Computerphile is a YouTube channel containing lots of videos about "computers and computer stuff".
- Ippsec is another YouTube channel explaining walkthroughs for retired "HackTheBox" machines. He also offers great tips and tricks for penetration testing and how to get better at CTFs in general. See the section below for more info about the pentesting lab "HackTheBox".
- Liveoverflow is a YouTube channel with loads of hacking and CTF videos.
- GynvaelEN is a YouTuber from the CTF team Dragon Sector.
- John Hammond another YouTuber with CTF writeups.
- How HTTPS Works is a funny web page explaining how HTTPS works through a nice comic.
- Hacking Arena is the university of Oslo's web page for hacking tasks. Some tasks contains solutions.
- BlackHoodie offers free, women only workshops within the security and hacking domain. We definitely recommend all women and non-binary people to check out their workshops.
- UiO-CTF's practical workshops are very nice to learn how to solve CTF tasks. Every workshop takes a CTF category as a topic, and go through the steps of one or a few tasks within that category. Each workshop ends with a mini CTF with tasks of the topic. The workshops take place at the Department of Informatics, at University of Oslo, and are posted as events on their facebook page.
- University teams:
- NTNU Trondheim has Itemize.
- University of Oslo has UiO-CTF.
- University of Tromsø has UiT Hack.
- University of Agder has ??.
- University of Bergen has ??.
- Norwegian Cyber Security Challenge has an open Jeopardy styled CTF once a year. The top teams under the age of 25 are invited to a final round having different challenges. The ones with hacking skills and the ability to hack in teams, are invited to join the Norwegian team for the European Cyber Security Challenge.
- BlackHoodie-2018-Workshop: supernice slides and challenges for learning introductions to pwn. Stack overflows, stack frame and short on ROP (return oriented programming)
- CTFtime is a page containing most CTFs in the world. Most of these are quite hard, but sometimes there are very nice beginner CTFs here as well.
- Major Cyber League, a new site like CTFtime, where CTF's are posted and teams and users are ranked. It seems like it is brand new, so some functionality is missing.
- CTF Norge on Discord posts a few university CTFs now and then in the #ctf channel.
- Pico CTF is a free computer security game targeted at middle and high school students, created by security experts at Carnegie Mellon University.
- Overthewire is a very nice website for different puzzles. The category bandit has terminal puzzles and narnia contains exploit intro puzzles.
- Google gruyere is a cheesy vulnerable web app to learn web application exploits and defenses.
- pwnable.kr contains exploit puzzles.
- pwnable.tv contains exploit puzzles.
- cryptopals crypto challenges contains, as its name says, crypto challenges.
- Juice shop, an intentionally insecure web page.
- Hackthebox, "Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests."
- TG:HACK's old tasks on github.
- OWASP Secure Coding Dojo is a very nice resource for secure development training. It is easy to set up locally and has documentation to set up as a workshop for several participant using the cloud. This is a resource that may be presented to development teams to spread the word about secure development!
- Secure Code Warrior is a platform to spot security issues in several programming languages. The downside is that is seems to be focused on enterprise. However, we've heard that universities may get some deals, so it is worth the try to contact them if you want to host something for a university group!
If someone know about some nice web pages for learning more security and ethical hacking, please tell us! You may make a PR to our public repository with suggestions for additions to this page.