ggeorgeazevedo/Trilha-de-Cursos-Gratuitos-para-InfoSec
GitHub: ggeorgeazevedo/Trilha-de-Cursos-Gratuitos-para-InfoSec
信息安全免费课程的精选目录,汇集 150+ 官方课程并按难度分级,配合学习路线图和链接自动验证,解决优质安全学习资源分散难找的问题。
Stars: 0 | Forks: 0
# 🛡️ InfoSec 免费课程学习路径
**最大、最全的信息安全*免费*课程精选——从零基础到专家。**
这里列出的每一门课程都是**真实、免费且来自官方渠道**的。没有盗版,没有失效链接,没有任何捏造。






## 🎯 目标
在一个地方汇集一条完整的路径,供**任何人免费学习 Cyber Security**——从 IT 基础到 AppSec、Cloud Security、Red/Blue Team、Reverse Engineering 和 AI 安全等高级主题。本精选内容涵盖**初级、中级、高级和专家**阶段,旨在与社区共同发展。
## 📑 目录
- [如何使用](#-como-usar) · [图例](#-legenda)
- **基础:** [基础知识](#-fundamentos) · [安全入门](#-introdução-à-segurança-da-informação) · [安全编程](#-programação-para-segurança)
- **进攻方:** [Red Team / Pentest](#-red-team--pentest-web--mobile) · [Bug Bounty](#-bug-bounty) · [Reverse Engineering 与 Malware](#-reverse-engineering--malware-analysis)
- **防守方:** [Blue Team / SOC](#-blue-team--soc-dfir--defesa) · [Purple Team](#-purple-team) · [Incident Response 与 DFIR](#-incident-response--dfir) · [SIEM / SOAR](#-siem--soar) · [Threat Intelligence](#-threat-intelligence) · [OSINT](#-osint)
- **开发与云:** [AppSec 与 DevSecOps](#-appsec-devsecops--api-security) · [GitHub 与 DevSecOps 工具](#-github-security--devsecops-tooling) · [Cloud 与 Containers](#-cloud--container-security) · [Kubernetes 与 Container 安全](#-kubernetes--container-security)
- **专精领域:** [AI 与 LLM 安全](#-ai--llm-security) · [IAM 与身份](#-iam--identidade) · [密码学](#-criptografia) · [Windows](#-windows) · [GRC 与框架](#-grc-governança--frameworks)
- **实践:** [Labs 与 CTFs](#-labs-ctfs--hands-on) · [免费认证](#-certificações-gratuitas)
- **语言:** [西班牙语课程 🇪🇸](#-cursos-em-espanhol)
- **附加内容:** [学习路线图](#-roadmaps) · [排行榜](#-rankings-da-comunidade) · [如何贡献](#-como-contribuir) · [许可证](#-licença)
## 🚀 如何使用
1. 如果您是初学者,请从**[基础知识](#-fundamentos)**开始,或者直接跳转到您感兴趣的领域。
2. 遵循其中的一个**[学习路线图](#-roadmaps)**以获得理想的学习顺序。
3. 使用 **Ctrl/Cmd + F** 按语言 (🇧🇷 🇺🇸 🇪🇸)、提供商或技术进行筛选。
4. 找到了这里没有的优质课程?请查看**[如何贡献](#-como-contribuir)**。
## 🔤 图例
| 字段 | 值 |
|---|---|
| **语言** | 🇧🇷 葡萄牙语 · 🇺🇸 英语 · 🇪🇸 西班牙语 |
| **级别** | 🟢 初级 · 🟡 中级 · 🔴 高级 |
| **证书** | ✅ 有 · ❌ 无 · — 视情况而定/未确认 |
| **类型** | 💯 100% 免费 · 🎧 旁听(免费无证书) · 🔓 Freemium(部分免费) |
## 🧱 基础知识
### IT 与操作系统
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [技术入门](https://www.ev.org.br/trilhas-de-conhecimento/primeiros-passos-em-tecnologia) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 |
| [IT 基础:硬件与软件](https://www.ev.org.br/cursos/fundamentos-de-ti-hardware-e-software) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Linux Fundamentos](https://www.eucapacito.com.br/curso-ec/linux-fundamentos/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Linux 100: Fundamentals](https://tcm-sec.com/academy/linux-100-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 |
| [Introduction to Linux (LFS101)](https://training.linuxfoundation.org/training/introduction-to-linux/) | Linux Foundation | 🇺🇸 | 🟢 | ❌ | 💯 |
### 网络
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [网络基础概念](https://www.netacad.com/pt/courses/networking-basics?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 |
| [网络设备与初始配置](https://www.netacad.com/pt/courses/networking-devices-and-initial-configuration?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 |
| [IoT 与数字化转型简介](https://www.netacad.com/pt/courses/introduction-iot?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Network Basics](https://app.cybrary.it/browse/course/network-fundamentals-v2) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
| [Fundamentals of Network Security](https://www.paloaltonetworks.com/services/education) | Palo Alto Networks | 🇺🇸 | 🟢 | ✅ | 💯 |
### 编程
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Learn to Program](https://www.eucapacito.com.br/cursos/learn-to-program/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Python 基础](https://solyd.com.br/treinamentos/python-basico/) | Solyd Offensive Security | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Python 基础 1](https://www.netacad.com/pt/courses/python-essentials-1?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Python 编程语言 — 基础](https://www.ev.org.br/cursos/linguagem-de-programacao-python-basico) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 |
| [使用 HTML、CSS 和 JavaScript 创建网站](https://www.ev.org.br/cursos/crie-um-site-simples-usando-html-css-e-javascript) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 |
| [通过 Python 学习](https://www.escolavirtual.gov.br/curso/629) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Intro to Python](https://app.cybrary.it/browse/course/python) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
| [CS50: Introduction to Computer Science](https://cs50.harvard.edu/x/) | Harvard University | 🇺🇸 | 🟢 | 🎧 | 🎧 |
| [CC50: 计算机科学导论](https://materiais.napratica.org.br/cc50) | Fundação Estudar (CS50 PT) | 🇧🇷 | 🟢 | 🎧 | 🎧 |
| [Programming 100: Fundamentals](https://tcm-sec.com/academy/programming-100-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 |
### Cloud 与通用
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Cloud Fundamentals, Administration and Solution Architect](https://www.eucapacito.com.br/cursos/cloud-fundamentals/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Practical Help Desk](https://tcm-sec.com/academy/practical-help-desk/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 |
| [Soft Skills for the Job Market](https://tcm-sec.com/academy/soft-skills-for-the-job-market/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 |
## 🖥️ Windows
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Windows Security (learning path)](https://ost2.fyi/) | OpenSecurityTraining2 | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Windows Fundamentals](https://letsdefend.io/) | LetsDefend | 🇺🇸 | 🟢 | — | 🔓 |
| [Endpoint 安全](https://www.netacad.com/pt/courses/endpoint-security?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 |
## 🛡️ 信息安全简介
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [网络安全简介](https://www.netacad.com/pt/courses/introduction-to-cybersecurity?courseLang=pt-BR) | Cisco Networking Academy | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Certified in Cybersecurity (CC)](https://www.isc2.org/landing/1MCC) | ISC² | 🇺🇸 | 🟢 | ✅ | 💯 |
| [Practical Security Fundamentals](https://tcm-sec.com/academy/practical-security-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 |
| [信息技术安全](https://www.ev.org.br/cursos/seguranca-em-tecnologia-da-informacao) | Fundação Bradesco | 🇧🇷 | 🟢 | ✅ | 💯 |
| [CyberSecurity](https://www.eucapacito.com.br/cursos/cybersecurity/) | FIAP / EuCapacito | 🇧🇷 | 🟢 | ✅ | 💯 |
| [面向大众的信息安全](https://www.escolavirtual.gov.br/curso/1256) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 |
| [数字化转型中的信息安全基础](https://www.escolavirtual.gov.br/curso/916) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Fortinet Certified Fundamentals (FCF) Cybersecurity](https://training.fortinet.com/local/staticpage/view.php?page=fcf_cybersecurity) | Fortinet | 🇺🇸 | 🟢 | ✅ | 💯 |
| [Fortinet Certified Associate (FCA) Cybersecurity](https://training.fortinet.com/local/staticpage/view.php?page=fca_cybersecurity) | Fortinet | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Entry-Level Cybersecurity Training](https://app.cybrary.it/browse/course/entry-level-cybersecurity-training) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
| [Cyber Security 101 (learning path)](https://tryhackme.com/path/outline/introtocyber) | TryHackMe | 🇺🇸 | 🟢 | — | 🔓 |
## 🐍 安全编程
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [PowerShell for Security Professionals](https://app.cybrary.it/browse/course/powershell-for-security-professionals) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
| [Python for Cybersecurity Professionals](https://app.cybrary.it/browse/course/python-for-cybersecurity-professionals) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
## 🔴 Red Team — Pentest、Web 与 Mobile
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Web Security Academy](https://portswigger.net/web-security) | PortSwigger | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Hacking 与 Pentest 2.0 简介](https://solyd.com.br/treinamentos/introducao-ao-hacking-e-pentest-2/) | Solyd Offensive Security | 🇧🇷 | 🟢 | ✅ | 💯 |
| [实践 Pentest 简介](https://desecsecurity.com/curso/introducao-pentest) | Desec Security | 🇧🇷 | 🟢 | ✅ | 💯 |
| [Getting Started in API Pen-Testing](https://www.apisecuniversity.com/courses/) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [API Penetration Testing](https://www.apisecuniversity.com/courses/api-penetration-testing) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Free Android Application Security / Pentest](https://www.mobilehackinglab.com/course/free-android-application-security-course) | Mobile Hacking Lab | 🇺🇸 | 🟡 | — | 💯 |
| [Free iOS Application Security / Pentest](https://www.mobilehackinglab.com/course/free-ios-application-security-course) | Mobile Hacking Lab | 🇺🇸 | | — | 💯 |
| [Android Frida Labs](https://www.mobilehackinglab.com/course/android-frida-labs) | Mobile Hacking Lab | 🇺🇸 | 🔴 | — | 💯 |
| [Offensive Security Operations](https://app.cybrary.it/browse/course/offensive-security-operations) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
| [Android 课程图谱 (Pentest Mobile)](https://app.hextree.io/map/android) | Hextree.io | 🇺🇸 | 🟡 | — | 🔓 |
| [Offensive Android Programming](https://www.mobilehackinglab.com/course/offensive-android-programming) | Mobile Hacking Lab | 🇺🇸 | 🔴 | — | 💯 |
| [Offensive iOS Programming](https://www.mobilehackinglab.com/course/offensive-ios-programming) | Mobile Hacking Lab | 🇺🇸 | 🔴 | — | 💯 |
## 🎯 Bug Bounty
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Hacker101](https://www.hacker101.com/) | HackerOne | 🇺🇸 | 🟢 | ❌ | 💯 |
| [Bug Hunter University](https://bughunters.google.com/learn) | Google | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Web Security Academy](https://portswigger.net/web-security) | PortSwigger | 🇺🇸 | 🟡 | ❌ | 💯 |
## 🧬 Reverse Engineering 与 Malware 分析
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Reverse Engineering & Malware Analysis (learning paths)](https://ost2.fyi/) | OpenSecurityTraining2 | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Reverse Engineering 101](https://malwareunicorn.org/workshops/re101.html) | Malware Unicorn | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Reverse Engineering 102](https://malwareunicorn.org/workshops/re102.html) | Malware Unicorn | 🇺🇸 | 🔴 | ❌ | 💯 |
## 🔵 Blue Team — SOC、DFIR 与防御
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Fundamentals of SOC](https://www.paloaltonetworks.com/services/education) | Palo Alto Networks | 🇺🇸 | 🟢 | ✅ | 💯 |
| [Blue Team Junior Analyst Pathway](https://www.securityblue.team/courses/blue-team-junior-analyst-pathway-bundle) | Security Blue Team | 🇺🇸 | 🟢 | ✅ | 🔓 |
| [Defensive Security Operations](https://app.cybrary.it/browse/course/defensive-security-operations) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
| [Defensive Security and Cyber Risk](https://app.cybrary.it/browse/course/defensive-security-and-cyber-risk) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
| [ICS Cybersecurity (ICS300)](https://ics-training.inl.gov/learn/courses/352/industrial-control-system-cybersecurity-ics300-training) | Idaho National Laboratory (INL) | 🇺🇸 | 🔴 | ✅ | 💯 |
## 🚨 Incident Response 与 DFIR
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [SOC Fundamentals / Phishing Email Analysis](https://letsdefend.io/) | LetsDefend | 🇺🇸 | 🟢 | — | 🔓 |
| [Digital Forensics Basics](https://app.cybrary.it/browse/course/digital-forensics-basics) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
## 🟣 Purple Team
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Foundations of Purple Teaming](https://www.academy.attackiq.com/courses/foundations-of-purple-teaming) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Foundations of Breach & Attack Simulation](https://www.academy.attackiq.com/courses/foundations-of-breach-attack-simulation) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Foundations of Operationalizing MITRE ATT&CK v13](https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck-v13) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 |
## 🧠 Threat Intelligence
| 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [MITRE ATT&CK](https://attack.mitre.org/) | MITRE | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Foundations of Operationalizing MITRE ATT&CK](https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck-v13) | AttackIQ Academy | 🇺🇸 | 🟡 | ✅ | 💯 |
## 🕵️ OSINT
| 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [OSINT Framework](https://osintframework.com/) | OSINT Framework | 🇺🇸 | 🟢 | ❌ | 💯 |
| [OSINT rooms](https://tryhackme.com/) | TryHackMe | 🇺🇸 | 🟢 | — | 🔓 |
## 🧩 AppSec、DevSecOps 与 API 安全
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [OWASP Top 10](https://owasp.org/www-project-top-ten/) | OWASP | 🇺🇸 | 🟢 | ❌ | 💯 |
| [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 |
| [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) | OWASP | 🇺🇸 | 🔴 | ❌ | 💯 |
| [OWASP SAMM Fundamentals](https://owaspsamm.thinkific.com/courses/samm) | OWASP | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Developing Secure Software (LFD121)](https://openssf.org/training/courses/) | OpenSSF / Linux Foundation | 🇺🇸 | 🟡 | ✅ | 💯 |
| [OWASP Top 10 — 2021](https://app.cybrary.it/browse/course/owasp) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
| [DevSecOps](https://app.cybrary.it/browse/course/devsecops) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
| [Fundamentals of Cybersecurity Architecture](https://app.cybrary.it/browse/course/fundamentals-of-cybersecurity-architecture) | Cybrary | 🇺🇸 | 🟡 | — | 🔓 |
| [API Security Fundamentals](https://www.apisecuniversity.com/courses/api-security-fundamentals) | APIsec University | 🇺🇸 | 🟢 | ✅ | 💯 |
| [OWASP API Security Top 10 and Beyond!](https://www.apisecuniversity.com/courses/owasp-api-security-top-10-and-beyond) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Securing API Servers](https://www.apisecuniversity.com/courses/securing-api-servers) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [API Security in the World of DevSecOps](https://www.apisecuniversity.com/courses/api-security-devsecops) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [API Authentication Best Practices](https://www.apisecuniversity.com/courses/api-authentication) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Start Left: API SecDevOps](https://www.apisecuniversity.com/courses/start-left-api-secdevops) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
## 🐙 GitHub Security 与 DevSecOps 工具
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Secure Code Game](https://github.com/skills/secure-code-game) | GitHub | 🇺🇸 | 🟡 | ❌ | 💯 |
| [GitHub Skills](https://skills.github.com/) | GitHub | 🇺🇸 | 🟢 | ❌ | 💯 |
## ☁️ Cloud 与 Container 安全
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Fundamentals of Cloud Security](https://www.paloaltonetworks.com/services/education) | Palo Alto Networks | 🇺🇸 | 🟢 | ✅ | 💯 |
| [Microsoft Learn — 安全 (Azure)](https://learn.microsoft.com/training/browse/?products=azure&subjects=security) | Microsoft Learn | 🇺🇸 | 🟢 | 🎧 | 💯 |
| [Google Cloud Skills Boost](https://www.cloudskillsboost.google/) | Google Cloud | 🇺🇸 | 🟢 | 🔓 | 🔓 |
| [AWS Skill Builder](https://skillbuilder.aws/) | AWS | 🇺🇸 | 🟢 | 🔓 | 🔓 |
## ☸️ Kubernetes 与 Container 安全
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Introduction to Kubernetes (LFS158)](https://training.linuxfoundation.org/training/introduction-to-kubernetes/) | Linux Foundation | 🇺🇸 | 🟢 | ❌ | 💯 |
| [OWASP Kubernetes Top 10](https://owasp.org/www-project-kubernetes-top-ten/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 |
## 🤖 AI 与 LLM 安全
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [OWASP Top 10 for LLM Applications](https://genai.owasp.org/llm-top-10/) | OWASP GenAI | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Secure Code Game — LLM & Agentic AI](https://github.com/skills/secure-code-game) | GitHub | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Building Security into AI](https://www.apisecuniversity.com/courses/building-security-into-ai) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [Securing LLM & NLP APIs](https://www.apisecuniversity.com/courses/securing-llm-nlp-apis) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [MCP Security Fundamentals](https://www.apisecuniversity.com/courses/mcp-security-fundamentals) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
| [AI 100: Fundamentals](https://tcm-sec.com/academy/ai-100-fundamentals/) | TCM Security | 🇺🇸 | 🟢 | ✅ | 💯 |
## 🔑 IAM 与身份
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Security, Compliance, and Identity Fundamentals (SC-900)](https://learn.microsoft.com/credentials/certifications/security-compliance-and-identity-fundamentals/) | Microsoft Learn | 🇺🇸 | 🟢 | 🎧 | 💯 |
| [OAuth 2.0 Simplified](https://www.oauth.com/) | Aaron Parecki / Okta | 🇺🇸 | 🟡 | ❌ | 💯 |
## 🔐 密码学
| 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [CryptoHack](https://cryptohack.org/) | CryptoHack | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Crypto 101](https://www.crypto101.io/) | Crypto 101 | 🇺🇸 | 🟢 | ❌ | 💯 |
## 📊 SIEM / SOAR
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Splunk Free Courses (incl. Enterprise Security & SOAR)](https://www.splunk.com/en_us/training/free-courses/overview.html) | Splunk | 🇺🇸 | 🟢 | — | 💯 |
## 📋 GRC、治理与框架
| 课程 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Governance Basics](https://app.cybrary.it/browse/course/governance-basics) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
| [Compliance Basics](https://app.cybrary.it/browse/course/compliance-basics) | Cybrary | 🇺🇸 | 🟢 | — | 🔓 |
| [通用数据保护法 (LGPD) 基础](https://www.escolavirtual.gov.br/curso/603) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟢 | ✅ | 💯 |
| [LGPD 中负责人的职责](https://www.escolavirtual.gov.br/curso/1041) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 |
| [如何实施 LGPD](https://www.escolavirtual.gov.br/curso/529) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 |
| [CIS Controls 简介](https://www.escolavirtual.gov.br/curso/1153) | Escola Virtual Gov (ENAP) | 🇧 | 🟢 | ✅ | 💯 |
| [CIS Controls 1 至 6](https://www.escolavirtual.gov.br/curso/1073) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 |
| [CIS Controls 7 至 12](https://www.escolavirtual.gov.br/curso/1132) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 |
| [CIS Controls 13 至 18](https://www.escolavirtual.gov.br/curso/1154) | Escola Virtual Gov (ENAP) | 🇧🇷 | 🟡 | ✅ | 💯 |
| [API Security for PCI Compliance](https://www.apisecuniversity.com/courses/api-security-for-pci-compliance) | APIsec University | 🇺🇸 | 🟡 | ✅ | 💯 |
## 🧪 Labs、CTFs 与动手实践
| 资源 | 提供商 | 语言 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|:--:|
| [Web Security Academy (labs)](https://portswigger.net/web-security/all-labs) | PortSwigger | 🇺🇸 | 🟡 | ❌ | 💯 |
| [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 |
| [OWASP WebGoat](https://owasp.org/www-project-webgoat/) | OWASP | 🇺🇸 | 🟡 | ❌ | 💯 |
| [Hacker101 CTF](https://ctf.hacker101.com/) | HackerOne | 🇺🇸 | 🟡 | ❌ | 💯 |
| [CryptoHack](https://cryptohack.org/) | CryptoHack | 🇺🇸 | 🟡 | ❌ | 💯 |
| [TryHackMe (free rooms)](https://tryhackme.com/) | TryHackMe | 🇺🇸 | 🟢 | — | 🔓 |
| [Hack The Box Academy (free tier)](https://academy.hackthebox.com/) | Hack The Box | 🇺🇸 | 🟡 | — | 🔓 |
| [LetsDefend (free tier)](https://letsdefend.io/) | LetsDefend | 🇺🇸 | 🟢 | — | 🔓 |
## 🎓 免费认证
公认的**培训和/或考试免费**的认证:
| 认证 | 提供商 | 语言 | 涵盖内容 |
|---|---|:--:|---|
| [Certified in Cybersecurity (CC)](https://www.isc2.org/landing/1MCC) | ISC² | 🇺🇸 | 安全基础(通过 1MCC 计划提供免费培训+考试) |
| [Fortinet Certified Fundamentals (FCF)](https://training.fortinet.com/local/staticpage/view.php?page=fcf_cybersecurity) | Fortinet | 🇺🇸 | 网络安全与威胁基础 |
| [网络安全简介 (badge)](https://www.netacad.com/pt/courses/introduction-to-cybersecurity?courseLang=pt-BR) | Cisco | 🇧🇷 | 概念、威胁与防御——颁发 badge |
| [BTJA — Blue Team Junior Analyst](https://www.securityblue.team/courses/blue-team-junior-analyst-pathway-bundle) | Security Blue Team | 🇺🇸 | 防御基础,约 30 小时,提供结业证书 |
| [Foundations of Operationalizing MITRE ATT&CK](https://www.academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck-v13) | AttackIQ | 🇺🇸 | ATT&CK 应用,附带证书 |
## 🇪🇸 西班牙语课程
| 课程 | 提供商 | 级别 | 证书 | 类型 |
|---|---|:--:|:--:|:--:|
| [Introducción a la Ciberseguridad](https://www.netacad.com/es/courses/introduction-to-cybersecurity?courseLang=es-XL) | Cisco Networking Academy | 🟢 | ✅ | 💯 |
| [Redes: conceptos básicos](https://www.netacad.com/es/courses/networking-basics?courseLang=es-XL) | Cisco Networking Academy | 🟢 | ✅ | 💯 |
| [#AprendeCiberseguridad (cursos, guías y talleres)](https://www.incibe.es/aprendeciberseguridad) | INCIBE (España) | 🟢 | — | 💯 |
| [Python Essentials 1](https://www.netacad.com/es/courses/python-essentials-1?courseLang=es-XL) | Cisco Networking Academy | 🟢 | ✅ | 💯 |
## 🗺️ 学习路线图
包含**理想学习顺序**、预计时间以及何时进阶的路径。每个路线图都引用了此列表中的课程:
- [🧩 AppSec 路线图](roadmaps/appsec.md)
- [🔵 Blue Team / SOC 路线图](roadmaps/blue-team-soc.md)
- [🔴 Red Team / Pentest 路线图](roadmaps/red-team-pentest.md)
- [☁️ Cloud Security 路线图](roadmaps/cloud-security.md)
- [⚙️ DevSecOps 路线图](roadmaps/devsecops.md)
- [🎯 Bug Bounty 路线图](roadmaps/bug-bounty.md)
- [📋 GRC 路线图](roadmaps/grc.md)
- [🔑 IAM 与身份路线图](roadmaps/iam.md)
- [🤖 AI 与 LLM 安全路线图](roadmaps/ai-security.md)
## 🏆 社区排行榜
备受广泛推荐的精选内容(出于精挑细选,非赞助):
**AppSec 必修 Top 榜(免费)**
1. [PortSwigger Web Security Academy](https://portswigger.net/web-security)
2. [OWASP Top 10](https://owasp.org/www-project-top-ten/)
3. [Developing Secure Software — OpenSSF LFD121](https://openssf.org/training/courses/)
4. [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/)
5. [Secure Code Game — GitHub](https://github.com/skills/secure-code-game)
**从零开始最佳 Top 榜**
1. [网络安全简介 — Cisco](https://www.netacad.com/pt/courses/introduction-to-cybersecurity?courseLang=pt-BR)
2. [Certified in Cybersecurity (CC) — ISC²](https://www.isc2.org/landing/1MCC)
3. [Cyber Security 101 — TryHackMe](https://tryhackme.com/path/outline/introtocyber)
**最佳动手实践 Top 榜**
1. [PortSwigger Web Security Academy](https://portswigger.net/web-security/all-labs)
2. [Hacker101 CTF](https://ctf.hacker101.com/)
3. [LetsDefend](https://letsdefend.io/) · [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
**最佳 Red Team / RE Top 榜**
1. [OpenSecurityTraining2](https://ost2.fyi/)
2. [Malware Unicorn — RE101](https://malwareunicorn.org/workshops/re101.html)
3. [Hack The Box Academy](https://academy.hackthebox.com/)
## 🤝 如何贡献
非常欢迎您推荐课程!在提交 PR 或 issue 之前,请查看**[CONTRIBUTING.md](CONTRIBUTING.md)** 中的标准和卡片模板。简而言之,我们只收录**官方、免费、最新、无盗版且无失效链接**的课程。
- 💡 推荐课程:请提交一个[推荐 issue](.github/ISSUE_TEMPLATE/sugerir-curso.md)。
- 🔧 直接添加:请遵循 [PR 模板](.github/PULL_REQUEST_TEMPLATE.md)。
- 📇 详细的课程卡片存放在 [`courses/`](courses/) 中。
## 📄 许可证
内容基于 **[CC BY 4.0](LICENSE)** 许多——可自由分享与修改,但需注明出处。所链接的课程归其各自的提供商所有。
## 🙏 致谢
致谢巴西及全球的信息安全社区,以及所有**免费**提供优质教育的提供商。本项目由社区创建,并为社区服务。
由社区用 💜 维护。发现失效链接或变成收费的课程?请提交一个 issue。
标签:awesome, IPv6支持, meg, 信息安全, 学习资源, 安全教育, 开源, 链接检查, 防御加固