ggeorgeazevedo/Trilha-de-Cursos-Gratuitos-para-InfoSec

GitHub: ggeorgeazevedo/Trilha-de-Cursos-Gratuitos-para-InfoSec

信息安全免费课程的精选目录,汇集 150+ 官方课程并按难度分级,配合学习路线图和链接自动验证,解决优质安全学习资源分散难找的问题。

Stars: 0 | Forks: 0

# 🛡️ InfoSec 免费课程学习路径 **最大、最全的信息安全*免费*课程精选——从零基础到专家。** 这里列出的每一门课程都是**真实、免费且来自官方渠道**的。没有盗版,没有失效链接,没有任何捏造。 ![Awesome](https://img.shields.io/badge/awesome-yes-8a2be2?style=flat-square) ![Cursos](https://img.shields.io/badge/cursos-150%2B-3fb950?style=flat-square) ![Idiomas](https://img.shields.io/badge/idiomas-PT_·_EN_·_ES-4b91f1?style=flat-square) ![Licença](https://img.shields.io/badge/licença-CC_BY_4.0-blue?style=flat-square) ![PRs](https://img.shields.io/badge/PRs-bem--vindos-8a63d2?style=flat-square) ![Link Check](https://static.pigsec.cn/wp-content/uploads/repos/cas/c4/c46405d66b8752e55d820f0a0def3ecfbb43026f3528a1f02204abcfe24f0cac.svg)
## 🎯 目标 在一个地方汇集一条完整的路径,供**任何人免费学习 Cyber Security**——从 IT 基础到 AppSec、Cloud Security、Red/Blue Team、Reverse Engineering 和 AI 安全等高级主题。本精选内容涵盖**初级、中级、高级和专家**阶段,旨在与社区共同发展。 ## 📑 目录 - [如何使用](#-como-usar) · [图例](#-legenda) - **基础:** [基础知识](#-fundamentos) · [安全入门](#-introdução-à-segurança-da-informação) · [安全编程](#-programação-para-segurança) - **进攻方:** [Red Team / Pentest](#-red-team--pentest-web--mobile) · [Bug Bounty](#-bug-bounty) · [Reverse Engineering 与 Malware](#-reverse-engineering--malware-analysis) - **防守方:** [Blue Team / SOC](#-blue-team--soc-dfir--defesa) · [Purple Team](#-purple-team) · [Incident Response 与 DFIR](#-incident-response--dfir) · [SIEM / SOAR](#-siem--soar) · [Threat Intelligence](#-threat-intelligence) · [OSINT](#-osint) - **开发与云:** [AppSec 与 DevSecOps](#-appsec-devsecops--api-security) · [GitHub 与 DevSecOps 工具](#-github-security--devsecops-tooling) · [Cloud 与 Containers](#-cloud--container-security) · [Kubernetes 与 Container 安全](#-kubernetes--container-security) - **专精领域:** [AI 与 LLM 安全](#-ai--llm-security) · [IAM 与身份](#-iam--identidade) · [密码学](#-criptografia) · [Windows](#-windows) · [GRC 与框架](#-grc-governança--frameworks) - **实践:** [Labs 与 CTFs](#-labs-ctfs--hands-on) · [免费认证](#-certificações-gratuitas) - **语言:** [西班牙语课程 🇪🇸](#-cursos-em-espanhol) - **附加内容:** [学习路线图](#-roadmaps) · [排行榜](#-rankings-da-comunidade) · [如何贡献](#-como-contribuir) · [许可证](#-licença) ## 🚀 如何使用 1. 如果您是初学者,请从**[基础知识](#-fundamentos)**开始,或者直接跳转到您感兴趣的领域。 2. 遵循其中的一个**[学习路线图](#-roadmaps)**以获得理想的学习顺序。 3. 使用 **Ctrl/Cmd + F** 按语言 (🇧🇷 🇺🇸 🇪🇸)、提供商或技术进行筛选。 4. 找到了这里没有的优质课程?请查看**[如何贡献](#-como-contribuir)**。 ## 🔤 图例 | 字段 | 值 | |---|---| | **语言** | 🇧🇷 葡萄牙语 · 🇺🇸 英语 · 🇪🇸 西班牙语 | | **级别** | 🟢 初级 · 🟡 中级 · 🔴 高级 | | **证书** | ✅ 有 · ❌ 无 · — 视情况而定/未确认 | | **类型** | 💯 100% 免费 · 🎧 旁听(免费无证书) · 🔓 Freemium(部分免费) | ## 🧱 基础知识 ### IT 与操作系统 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [技术入门](https://www.ev.org.br/trilhas-de-conhecimento/primeiros-passos-em-tecnologia) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 | | [IT 基础:硬件与软件](https://www.ev.org.br/cursos/fundamentos-de-ti-hardware-e-software) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 | | [Linux Fundamentos](https://www.eucapacito.com.br/curso-ec/linux-fundamentos/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 | | [Linux 100: Fundamentals](https://tcm-sec.com/academy/linux-100-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 | | [Introduction to Linux (LFS101)](https://training.linuxfoundation.org/training/introduction-to-linux/) | Linux Foundation | 🇺🇸 | 🟢 | ❌ | 💯 | ### 网络 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [网络基础概念](https://www.netacad.com/pt/courses/networking-basics?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 | | [网络设备与初始配置](https://www.netacad.com/pt/courses/networking-devices-and-initial-configuration?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 | | [IoT 与数字化转型简介](https://www.netacad.com/pt/courses/introduction-iot?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 | | [Network Basics](https://app.cybrary.it/browse/course/network-fundamentals-v2) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | | [Fundamentals of Network Security](https://www.paloaltonetworks.com/services/education) | Palo Alto Networks | 🇺🇸 | 🟢 | ✅ | 💯 | ### 编程 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Learn to Program](https://www.eucapacito.com.br/cursos/learn-to-program/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 | | [Python 基础](https://solyd.com.br/treinamentos/python-basico/) | Solyd Offensive Security | 🇧🇷 | 🟢 | ✅ | 💯 | | [Python 基础 1](https://www.netacad.com/pt/courses/python-essentials-1?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 | | [Python 编程语言 — 基础](https://www.ev.org.br/cursos/linguagem-de-programacao-python-basico) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 | | [使用 HTML、CSS 和 JavaScript 创建网站](https://www.ev.org.br/cursos/crie-um-site-simples-usando-html-css-e-javascript) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 | | [通过 Python 学习](https://www.escolavirtual.gov.br/curso/629) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 | | [Intro to Python](https://app.cybrary.it/browse/course/python) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | | [CS50: Introduction to Computer Science](https://cs50.harvard.edu/x/) | Harvard University | 🇺🇸 | 🟢 | 🎧 | 🎧 | | [CC50: 计算机科学导论](https://materiais.napratica.org.br/cc50) | Fundação Estudar (CS50 PT) | 🇧🇷 | 🟢 | 🎧 | 🎧 | | [Programming 100: Fundamentals](https://tcm-sec.com/academy/programming-100-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 | ### Cloud 与通用 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Cloud Fundamentals, Administration and Solution Architect](https://www.eucapacito.com.br/cursos/cloud-fundamentals/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 | | [Practical Help Desk](https://tcm-sec.com/academy/practical-help-desk/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 | | [Soft Skills for the Job Market](https://tcm-sec.com/academy/soft-skills-for-the-job-market/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 | ## 🖥️ Windows | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Windows Security (learning path)](https://ost2.fyi/) | OpenSecurityTraining2 | 🇺🇸 | 🟡 | ❌ | 💯 | | [Windows Fundamentals](https://letsdefend.io/) | LetsDefend | 🇺🇸 | 🟢 | — | 🔓 | | [Endpoint 安全](https://www.netacad.com/pt/courses/endpoint-security?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 | ## 🛡️ 信息安全简介 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [网络安全简介](https://www.netacad.com/pt/courses/introduction-to-cybersecurity?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 | | [Certified in Cybersecurity (CC)](https://www.isc2.org/landing/1MCC) | ISC² | 🇺🇸 | 🟢 | ✅ | 💯 | | [Practical Security Fundamentals](https://tcm-sec.com/academy/practical-security-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 | | [信息技术安全](https://www.ev.org.br/cursos/seguranca-em-tecnologia-da-informacao) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 | | [CyberSecurity](https://www.eucapacito.com.br/cursos/cybersecurity/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 | | [面向大众的信息安全](https://www.escolavirtual.gov.br/curso/1256) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 | | [数字化转型中的信息安全基础](https://www.escolavirtual.gov.br/curso/916) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 | | [Fortinet Certified Fundamentals (FCF) Cybersecurity](https://training.fortinet.com/local/staticpage/view.php?page=fcf_cybersecurity) | Fortinet | 🇺🇸 | 🟢 | ✅ | 💯 | | [Fortinet Certified Associate (FCA) Cybersecurity](https://training.fortinet.com/local/staticpage/view.php?page=fca_cybersecurity) | Fortinet | 🇺🇸 | 🟡 | ✅ | 💯 | | [Entry-Level Cybersecurity Training](https://app.cybrary.it/browse/course/entry-level-cybersecurity-training) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | | [Cyber Security 101 (learning path)](https://tryhackme.com/path/outline/introtocyber) | TryHackMe | 🇺🇸 | 🟢 | — | 🔓 | ## 🐍 安全编程 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [PowerShell for Security Professionals](https://app.cybrary.it/browse/course/powershell-for-security-professionals) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | | [Python for Cybersecurity Professionals](https://app.cybrary.it/browse/course/python-for-cybersecurity-professionals) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | ## 🔴 Red Team — Pentest、Web 与 Mobile | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Web Security Academy](https://portswigger.net/web-security) | PortSwigger | 🇺🇸 | 🟡 | ❌ | 💯 | | [Hacking 与 Pentest 2.0 简介](https://solyd.com.br/treinamentos/introducao-ao-hacking-e-pentest-2/) | Solyd Offensive Security | 🇧🇷 | 🟢 | ✅ | 💯 | | [实践 Pentest 简介](https://desecsecurity.com/curso/introducao-pentest) | Desec Security | 🇧🇷 | 🟢 | ✅ | 💯 | | [Getting Started in API Pen-Testing](https://www.apisecuniversity.com/courses/) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [API Penetration Testing](https://www.apisecuniversity.com/courses/api-penetration-testing) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [Free Android Application Security / Pentest](https://www.mobilehackinglab.com/course/free-android-application-security-course) | Mobile Hacking Lab | 🇺🇸 | 🟡 | — | 💯 | | [Free iOS Application Security / Pentest](https://www.mobilehackinglab.com/course/free-ios-application-security-course) | Mobile Hacking Lab | 🇺🇸 | | — | 💯 | | [Android Frida Labs](https://www.mobilehackinglab.com/course/android-frida-labs) | Mobile Hacking Lab | 🇺🇸 | 🔴 | — | 💯 | | [Offensive Security Operations](https://app.cybrary.it/browse/course/offensive-security-operations) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | | [Android 课程图谱 (Pentest Mobile)](https://app.hextree.io/map/android) | Hextree.io | 🇺🇸 | 🟡 | — | 🔓 | | [Offensive Android Programming](https://www.mobilehackinglab.com/course/offensive-android-programming) | Mobile Hacking Lab | 🇺🇸 | 🔴 | — | 💯 | | [Offensive iOS Programming](https://www.mobilehackinglab.com/course/offensive-ios-programming) | Mobile Hacking Lab | 🇺🇸 | 🔴 | — | 💯 | ## 🎯 Bug Bounty | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Hacker101](https://www.hacker101.com/) | HackerOne | 🇺🇸 | 🟢 | ❌ | 💯 | | [Bug Hunter University](https://bughunters.google.com/learn) | Google | 🇺🇸 | 🟡 | ❌ | 💯 | | [Web Security Academy](https://portswigger.net/web-security) | PortSwigger | 🇺🇸 | 🟡 | ❌ | 💯 | ## 🧬 Reverse Engineering 与 Malware 分析 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Reverse Engineering & Malware Analysis (learning paths)](https://ost2.fyi/) | OpenSecurityTraining2 | 🇺🇸 | 🟡 | ❌ | 💯 | | [Reverse Engineering 101](https://malwareunicorn.org/workshops/re101.html) | Malware Unicorn | 🇺🇸 | 🟡 | ❌ | 💯 | | [Reverse Engineering 102](https://malwareunicorn.org/workshops/re102.html) | Malware Unicorn | 🇺🇸 | 🔴 | ❌ | 💯 | ## 🔵 Blue Team — SOC、DFIR 与防御 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Fundamentals of SOC](https://www.paloaltonetworks.com/services/education) | Palo Alto Networks | 🇺🇸 | 🟢 | ✅ | 💯 | | [Blue Team Junior Analyst Pathway](https://www.securityblue.team/courses/blue-team-junior-analyst-pathway-bundle) | Security Blue Team | 🇺🇸 | 🟢 | ✅ | 🔓 | | [Defensive Security Operations](https://app.cybrary.it/browse/course/defensive-security-operations) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | | [Defensive Security and Cyber Risk](https://app.cybrary.it/browse/course/defensive-security-and-cyber-risk) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | | [ICS Cybersecurity (ICS300)](https://ics-training.inl.gov/learn/courses/352/industrial-control-system-cybersecurity-ics300-training) | Idaho National Laboratory (INL) | 🇺🇸 | 🔴 | ✅ | 💯 | ## 🚨 Incident Response 与 DFIR | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [SOC Fundamentals / Phishing Email Analysis](https://letsdefend.io/) | LetsDefend | 🇺🇸 | 🟢 | — | 🔓 | | [Digital Forensics Basics](https://app.cybrary.it/browse/course/digital-forensics-basics) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | ## 🟣 Purple Team | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Foundations of Purple Teaming](https://www.academy.attackiq.com/courses/foundations-of-purple-teaming) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 | | [Foundations of Breach & Attack Simulation](https://www.academy.attackiq.com/courses/foundations-of-breach-attack-simulation) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 | | [Foundations of Operationalizing MITRE ATT&CK v13](https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck-v13) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 | ## 🧠 Threat Intelligence | 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [MITRE ATT&CK](https://attack.mitre.org/) | MITRE | 🇺🇸 | 🟡 | ❌ | 💯 | | [Foundations of Operationalizing MITRE ATT&CK](https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck-v13) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 | ## 🕵️ OSINT | 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [OSINT Framework](https://osintframework.com/) | OSINT Framework | 🇺🇸 | 🟢 | ❌ | 💯 | | [OSINT rooms](https://tryhackme.com/) | TryHackMe | 🇺🇸 | 🟢 | — | 🔓 | ## 🧩 AppSec、DevSecOps 与 API 安全 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [OWASP Top 10](https://owasp.org/www-project-top-ten/) | OWASP | 🇺🇸 | 🟢 | ❌ | 💯 | | [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 | | [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) | OWASP | 🇺🇸 | 🔴 | ❌ | 💯 | | [OWASP SAMM Fundamentals](https://owaspsamm.thinkific.com/courses/samm) | OWASP | 🇺🇸 | 🟡 | ✅ | 💯 | | [Developing Secure Software (LFD121)](https://openssf.org/training/courses/) | OpenSSF / Linux Foundation | 🇺🇸 | 🟡 | ✅ | 💯 | | [OWASP Top 10 — 2021](https://app.cybrary.it/browse/course/owasp) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | | [DevSecOps](https://app.cybrary.it/browse/course/devsecops) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | | [Fundamentals of Cybersecurity Architecture](https://app.cybrary.it/browse/course/fundamentals-of-cybersecurity-architecture) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 | | [API Security Fundamentals](https://www.apisecuniversity.com/courses/api-security-fundamentals) | APIsec University | 🇺🇸 | 🟢 | ✅ | 💯 | | [OWASP API Security Top 10 and Beyond!](https://www.apisecuniversity.com/courses/owasp-api-security-top-10-and-beyond) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [Securing API Servers](https://www.apisecuniversity.com/courses/securing-api-servers) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [API Security in the World of DevSecOps](https://www.apisecuniversity.com/courses/api-security-devsecops) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [API Authentication Best Practices](https://www.apisecuniversity.com/courses/api-authentication) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [Start Left: API SecDevOps](https://www.apisecuniversity.com/courses/start-left-api-secdevops) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | ## 🐙 GitHub Security 与 DevSecOps 工具 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Secure Code Game](https://github.com/skills/secure-code-game) | GitHub | 🇺🇸 | 🟡 | ❌ | 💯 | | [GitHub Skills](https://skills.github.com/) | GitHub | 🇺🇸 | 🟢 | ❌ | 💯 | ## ☁️ Cloud 与 Container 安全 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Fundamentals of Cloud Security](https://www.paloaltonetworks.com/services/education) | Palo Alto Networks | 🇺🇸 | 🟢 | ✅ | 💯 | | [Microsoft Learn — 安全 (Azure)](https://learn.microsoft.com/training/browse/?products=azure&subjects=security) | Microsoft Learn | 🇺🇸 | 🟢 | 🎧 | 💯 | | [Google Cloud Skills Boost](https://www.cloudskillsboost.google/) | Google Cloud | 🇺🇸 | 🟢 | 🔓 | 🔓 | | [AWS Skill Builder](https://skillbuilder.aws/) | AWS | 🇺🇸 | 🟢 | 🔓 | 🔓 | ## ☸️ Kubernetes 与 Container 安全 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Introduction to Kubernetes (LFS158)](https://training.linuxfoundation.org/training/introduction-to-kubernetes/) | Linux Foundation | 🇺🇸 | 🟢 | ❌ | 💯 | | [OWASP Kubernetes Top 10](https://owasp.org/www-project-kubernetes-top-ten/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 | ## 🤖 AI 与 LLM 安全 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [OWASP Top 10 for LLM Applications](https://genai.owasp.org/llm-top-10/) | OWASP GenAI | 🇺🇸 | 🟡 | ❌ | 💯 | | [Secure Code Game — LLM & Agentic AI](https://github.com/skills/secure-code-game) | GitHub | 🇺🇸 | 🟡 | ❌ | 💯 | | [Building Security into AI](https://www.apisecuniversity.com/courses/building-security-into-ai) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [Securing LLM & NLP APIs](https://www.apisecuniversity.com/courses/securing-llm-nlp-apis) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [MCP Security Fundamentals](https://www.apisecuniversity.com/courses/mcp-security-fundamentals) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | | [AI 100: Fundamentals](https://tcm-sec.com/academy/ai-100-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 | ## 🔑 IAM 与身份 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Security, Compliance, and Identity Fundamentals (SC-900)](https://learn.microsoft.com/credentials/certifications/security-compliance-and-identity-fundamentals/) | Microsoft Learn | 🇺🇸 | 🟢 | 🎧 | 💯 | | [OAuth 2.0 Simplified](https://www.oauth.com/) | Aaron Parecki / Okta | 🇺🇸 | 🟡 | ❌ | 💯 | ## 🔐 密码学 | 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [CryptoHack](https://cryptohack.org/) | CryptoHack | 🇺🇸 | 🟡 | ❌ | 💯 | | [Crypto 101](https://www.crypto101.io/) | Crypto 101 | 🇺🇸 | 🟢 | ❌ | 💯 | ## 📊 SIEM / SOAR | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Splunk Free Courses (incl. Enterprise Security & SOAR)](https://www.splunk.com/en_us/training/free-courses/overview.html) | Splunk | 🇺🇸 | 🟢 | — | 💯 | ## 📋 GRC、治理与框架 | 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Governance Basics](https://app.cybrary.it/browse/course/governance-basics) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | | [Compliance Basics](https://app.cybrary.it/browse/course/compliance-basics) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 | | [通用数据保护法 (LGPD) 基础](https://www.escolavirtual.gov.br/curso/603) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 | | [LGPD 中负责人的职责](https://www.escolavirtual.gov.br/curso/1041) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 | | [如何实施 LGPD](https://www.escolavirtual.gov.br/curso/529) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 | | [CIS Controls 简介](https://www.escolavirtual.gov.br/curso/1153) | Escola Virtual Gov (ENAP) | 🇧 | 🟢 | ✅ | 💯 | | [CIS Controls 1 至 6](https://www.escolavirtual.gov.br/curso/1073) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 | | [CIS Controls 7 至 12](https://www.escolavirtual.gov.br/curso/1132) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 | | [CIS Controls 13 至 18](https://www.escolavirtual.gov.br/curso/1154) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 | | [API Security for PCI Compliance](https://www.apisecuniversity.com/courses/api-security-for-pci-compliance) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 | ## 🧪 Labs、CTFs 与动手实践 | 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:|:--:| | [Web Security Academy (labs)](https://portswigger.net/web-security/all-labs) | PortSwigger | 🇺🇸 | 🟡 | ❌ | 💯 | | [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 | | [OWASP WebGoat](https://owasp.org/www-project-webgoat/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 | | [Hacker101 CTF](https://ctf.hacker101.com/) | HackerOne | 🇺🇸 | 🟡 | ❌ | 💯 | | [CryptoHack](https://cryptohack.org/) | CryptoHack | 🇺🇸 | 🟡 | ❌ | 💯 | | [TryHackMe (free rooms)](https://tryhackme.com/) | TryHackMe | 🇺🇸 | 🟢 | — | 🔓 | | [Hack The Box Academy (free tier)](https://academy.hackthebox.com/) | Hack The Box | 🇺🇸 | 🟡 | — | 🔓 | | [LetsDefend (free tier)](https://letsdefend.io/) | LetsDefend | 🇺🇸 | 🟢 | — | 🔓 | ## 🎓 免费认证 公认的**培训和/或考试免费**的认证: | 认证 | 提供商 | 语言 | 涵盖内容 | |---|---|:--:|---| | [Certified in Cybersecurity (CC)](https://www.isc2.org/landing/1MCC) | ISC² | 🇺🇸 | 安全基础(通过 1MCC 计划提供免费培训+考试) | | [Fortinet Certified Fundamentals (FCF)](https://training.fortinet.com/local/staticpage/view.php?page=fcf_cybersecurity) | Fortinet | 🇺🇸 | 网络安全与威胁基础 | | [网络安全简介 (badge)](https://www.netacad.com/pt/courses/introduction-to-cybersecurity?courseLang=pt-BR) | Cisco | 🇧🇷 | 概念、威胁与防御——颁发 badge | | [BTJA — Blue Team Junior Analyst](https://www.securityblue.team/courses/blue-team-junior-analyst-pathway-bundle) | Security Blue Team | 🇺🇸 | 防御基础,约 30 小时,提供结业证书 | | [Foundations of Operationalizing MITRE ATT&CK](https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck-v13) | AttackIQ | 🇺🇸 | ATT&CK 应用,附带证书 | ## 🇪🇸 西班牙语课程 | 课程 | 提供商 | 级别 | 证书 | 类型 | |---|---|:--:|:--:|:--:| | [Introducción a la Ciberseguridad](https://www.netacad.com/es/courses/introduction-to-cybersecurity?courseLang=es-XL) | Cisco Networking Academy | 🟢 | ✅ | 💯 | | [Redes: conceptos básicos](https://www.netacad.com/es/courses/networking-basics?courseLang=es-XL) | Cisco Networking Academy | 🟢 | ✅ | 💯 | | [#AprendeCiberseguridad (cursos, guías y talleres)](https://www.incibe.es/aprendeciberseguridad) | INCIBE (España) | 🟢 | — | 💯 | | [Python Essentials 1](https://www.netacad.com/es/courses/python-essentials-1?courseLang=es-XL) | Cisco Networking Academy | 🟢 | ✅ | 💯 | ## 🗺️ 学习路线图 包含**理想学习顺序**、预计时间以及何时进阶的路径。每个路线图都引用了此列表中的课程: - [🧩 AppSec 路线图](roadmaps/appsec.md) - [🔵 Blue Team / SOC 路线图](roadmaps/blue-team-soc.md) - [🔴 Red Team / Pentest 路线图](roadmaps/red-team-pentest.md) - [☁️ Cloud Security 路线图](roadmaps/cloud-security.md) - [⚙️ DevSecOps 路线图](roadmaps/devsecops.md) - [🎯 Bug Bounty 路线图](roadmaps/bug-bounty.md) - [📋 GRC 路线图](roadmaps/grc.md) - [🔑 IAM 与身份路线图](roadmaps/iam.md) - [🤖 AI 与 LLM 安全路线图](roadmaps/ai-security.md) ## 🏆 社区排行榜 备受广泛推荐的精选内容(出于精挑细选,非赞助): **AppSec 必修 Top 榜(免费)** 1. [PortSwigger Web Security Academy](https://portswigger.net/web-security) 2. [OWASP Top 10](https://owasp.org/www-project-top-ten/) 3. [Developing Secure Software — OpenSSF LFD121](https://openssf.org/training/courses/) 4. [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/) 5. [Secure Code Game — GitHub](https://github.com/skills/secure-code-game) **从零开始最佳 Top 榜** 1. [网络安全简介 — Cisco](https://www.netacad.com/pt/courses/introduction-to-cybersecurity?courseLang=pt-BR) 2. [Certified in Cybersecurity (CC) — ISC²](https://www.isc2.org/landing/1MCC) 3. [Cyber Security 101 — TryHackMe](https://tryhackme.com/path/outline/introtocyber) **最佳动手实践 Top 榜** 1. [PortSwigger Web Security Academy](https://portswigger.net/web-security/all-labs) 2. [Hacker101 CTF](https://ctf.hacker101.com/) 3. [LetsDefend](https://letsdefend.io/) · [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/) **最佳 Red Team / RE Top 榜** 1. [OpenSecurityTraining2](https://ost2.fyi/) 2. [Malware Unicorn — RE101](https://malwareunicorn.org/workshops/re101.html) 3. [Hack The Box Academy](https://academy.hackthebox.com/) ## 🤝 如何贡献 非常欢迎您推荐课程!在提交 PR 或 issue 之前,请查看**[CONTRIBUTING.md](CONTRIBUTING.md)** 中的标准和卡片模板。简而言之,我们只收录**官方、免费、最新、无盗版且无失效链接**的课程。 - 💡 推荐课程:请提交一个[推荐 issue](.github/ISSUE_TEMPLATE/sugerir-curso.md)。 - 🔧 直接添加:请遵循 [PR 模板](.github/PULL_REQUEST_TEMPLATE.md)。 - 📇 详细的课程卡片存放在 [`courses/`](courses/) 中。 ## 📄 许可证 内容基于 **[CC BY 4.0](LICENSE)** 许多——可自由分享与修改,但需注明出处。所链接的课程归其各自的提供商所有。 ## 🙏 致谢 致谢巴西及全球的信息安全社区,以及所有**免费**提供优质教育的提供商。本项目由社区创建,并为社区服务。
由社区用 💜 维护。发现失效链接或变成收费的课程?请提交一个 issue
标签:awesome, IPv6支持, meg, 信息安全, 学习资源, 安全教育, 开源, 链接检查, 防御加固