Online Training Resources

Browser-based CTF-style labs covering networking, web, forensics, and more. Beginner-friendly with guided learning paths. Military subscription available.

Intermediate-to-advanced penetration testing labs and challenges. Strong community and active tracks for OSCP prep.

Classic wargame server with Bandit (Linux basics) through Vortex. Essential for building command-line and scripting fundamentals.

Carnegie Mellon's capture-the-flag platform. Excellent for binary exploitation, reverse engineering, and crypto fundamentals.

SANS Institute free introductory courses covering OS internals, networking, and system security. Great foundation before pursuing GIAC certs.

Video-based courses covering Security+, CEH, OSCP prep, and more. Free tier available; military discount on Pro plans.

DoD Cyber Exchange (Public)

Official DoD resource hub: STIGs, Security Requirements Guides, SCAP tools, and training resources. Essential for hardening and compliance work.

CISA Training & Exercises

Free DHS/CISA cybersecurity training including ICS/SCADA security, incident response, and workforce development courses.

Joint Knowledge Online (JKO)

DoD's primary e-learning platform. Hosts mandatory training, PMK courses, and joint warfighting curricula. Use your CAC to log in.

Navy e-Learning (NeL)

Navy's official online learning portal. Access IT, leadership, and technical courses. Tuition assistance for select college courses also managed here.

NSA Codebreaker Challenge

Annual NSA competition with realistic reverse engineering and exploitation tasks. Excellent resume builder; top performers noted by NSA recruiters.

DISA STIG Viewer

Download the official STIG Viewer and automated SCAP tools for auditing and hardening DoD systems — core skill for defensive CWT NECs.

MITRE ATT&CK

The definitive adversary tactics and techniques knowledge base. Used for threat hunting, red/blue team planning, and incident response correlation.

MITRE D3FEND

Counterpart to ATT&CK focused on defensive techniques. Maps defensive countermeasures to specific attacker TTPs.

CVE / NVD

NIST National Vulnerability Database. Search CVEs by product, severity (CVSS), and publication date. Essential for vulnerability analysis.

Exploit DB

Offensive Security's public exploit archive. Useful for understanding real-world exploitation techniques and researching disclosed vulnerabilities.

NIST SP 800 Series

NIST Special Publications covering risk management (800-37), incident response (800-61), access control (800-53), and more.

VirusTotal

Aggregate malware scanning platform. Submit files, URLs, and hashes across 70+ AV engines. Invaluable for malware triage and threat hunting.

Free video course and study notes for the SY0-701 Security+ exam. One of the most recommended free resources for the DoD baseline cert.

Affordable Udemy/online courses for CompTIA certifications with strong practice exams. Widely used by military members.

The canonical list of critical web application security risks. Required reading for anyone pursuing CEH, OSCP, or web application testing.

Completely free, hands-on web security labs from the makers of Burp Suite. Covers SQLi, XSS, SSRF, OAuth, and advanced topics.

Official OffSec courses including PEN-200 (OSCP). Paid, but widely funded through Navy COOL for OCO-track CWTs.

Official GIAC cert catalog. Review exam objectives and index creation tips. GCIH, GCFE, GPEN, GNFA, and GXPN are all relevant to CWT tracks.