Skip to main content

Comprehensive information security learning resources

infosec
A curated collection of high-quality information security learning resources including websites, podcasts, tutorials, and video content.

The field of information security encompasses a vast range of topics and technologies. This guide compiles valuable resources across different learning formats to help security professionals and enthusiasts develop their knowledge and skills.

Online learning platforms

Interactive learning

  1. TryHackMe

    • Guided learning paths for different security roles
    • Hands-on labs with browser-based attack boxes
    • Beginner-friendly CTF-style challenges
    • Active community forums for support

  2. HackTheBox

    • Advanced penetration testing challenges
    • Retired machines for practice
    • Professional labs for enterprise training
    • Active Discord community

  3. PortSwigger Web Security Academy

    • Comprehensive web security training
    • Interactive labs for each vulnerability type
    • Detailed explanations of web security concepts
    • Free access to learning materials

Tip

Start with TryHackMe if you're new to hands-on security training, then progress to HackTheBox as your skills develop.

Video courses

  1. INE Security

    • Professional-grade penetration testing courses
    • Advanced network security training
    • Preparation for GIAC certifications
    • Lab environments included

  2. Offensive Security

    • Official OSCP certification training
    • Extensive lab environments
    • Practical exploitation techniques
    • Industry-recognised certifications

  3. Udemy Security Courses

    • Wide range of security topics
    • Regular course updates
    • Affordable entry-level training
    • Varied instructor perspectives

Security news and research

Technical blogs

  1. PortSwigger Research

    • Web security vulnerability research
    • New attack technique demonstrations
    • Detailed technical analysis
    • Tool development insights

  2. Project Zero Blog

    • Zero-day vulnerability research
    • Detailed exploit analysis
    • High-quality technical writing
    • Industry impact assessments

  3. Trail of Bits Blog

    • Smart contract security
    • Tool development posts
    • Technical deep dives
    • Security engineering insights

  4. Orange Tsai's Blog

    • Web security research
    • Novel attack techniques
    • Vulnerability discoveries
    • Detailed technical analysis

News aggregators

  1. The Hacker News

    • Current security news
    • Vulnerability announcements
    • Industry developments
    • Tool releases

  2. Packet Storm Security

    • Security tool archives
    • Vulnerability databases
    • Security news
    • Research papers

  3. Security Weekly

    • Technical news coverage
    • Tool reviews
    • Research discussions
    • Industry analysis

YouTube channels

Technical content

  1. IppSec

    • HackTheBox walkthroughs
    • Detailed exploitation explanations
    • Tool usage demonstrations
    • Real-world techniques

  2. LiveOverflow

    • Binary exploitation
    • Game hacking
    • Web security
    • Research-focused content

  3. John Hammond

    • CTF walkthroughs
    • Tool demonstrations
    • Security news analysis
    • Programming tutorials

Note

Consider watching videos at increased playback speed and taking notes to maximise learning efficiency.

Security news and analysis

  1. Security Now

    • Weekly security updates
    • Technical deep dives
    • Historical context
    • Industry analysis

  2. The PC Security Channel

    • Malware analysis
    • Threat intelligence
    • Security news
    • Protection strategies

Podcasts

Technical focus

  1. Malicious Life

    • Historical security incidents
    • Attack analysis
    • Technical details
    • Industry impact

  2. Security Weekly

    • Technical discussions
    • Tool reviews
    • Expert interviews
    • Industry news

  3. Risky Business

    • Security news analysis
    • Product reviews
    • Industry developments
    • Technical updates

Threat intelligence

  1. SANS Internet Storm Center

    • Daily security updates
    • Threat analysis
    • Technical discussions
    • Defensive strategies

  2. CyberWire Daily

    • Industry news
    • Threat updates
    • Company developments
    • Policy changes

GitHub resources

Tools and scripts

  1. PayloadsAllTheThings

    • Comprehensive payload lists
    • Attack techniques
    • Tool collections
    • Testing methodologies

  2. OWASP CheatSheetSeries

    • Security best practices
    • Implementation guides
    • Defensive techniques
    • Framework-specific guidance

  3. SecLists

    • Discovery wordlists
    • Password lists
    • Pattern matching
    • Fuzzing payloads

Learning resources

  1. Awesome-Hacking

    • Curated resource lists
    • Tool collections
    • Learning materials
    • Reference documentation

  2. Awesome-Bug-Bounty

    • Methodology guides
    • Tool recommendations
    • Write-up collections
    • Program resources

Important

Always review and test security tools in a controlled environment before using them in production or on authorised targets.

Reference documentation

Standards and guidelines

  1. OWASP Web Security Testing Guide

    • Comprehensive testing methodology
    • Tool recommendations
    • Risk assessment guidelines
    • Remediation strategies

  2. NIST Cybersecurity Framework

    • Security program development
    • Risk management
    • Control implementation
    • Assessment guidelines

  3. MITRE ATT&CK

    • Threat actor techniques
    • Defensive strategies
    • Tool mappings
    • Incident response guidance

Vulnerability databases

  1. CVE Details

    • Detailed vulnerability information
    • Affected versions
    • CVSS scores
    • Reference links

  2. Exploit Database

    • Proof-of-concept exploits
    • Security papers
    • Application documentation
    • Author submissions

Getting started

For newcomers to information security, consider this learning progression:

  1. Begin with TryHackMe's beginner paths
  2. Follow technical YouTube channels for concepts and demonstrations
  3. Practice with retired HackTheBox machines
  4. Participate in bug bounty programs
  5. Contribute to open source security tools

Tip

Create a structured learning plan that combines theoretical knowledge from documentation and practical experience from hands-on platforms.

Remember to:

  • Document your learning progress
  • Join security communities for support
  • Practice responsible disclosure
  • Stay updated with security news
  • Share knowledge with others

Information security is a continuously evolving field. Regular engagement with these resources will help maintain current knowledge and develop new skills as technologies and threats evolve.