Infosec Institute

You may have come across this resource site, most likely early in your career in infosec considering how prevalent they are online. They offer a wide range of resources - blogs, bootcamps, test exams, cyber ranges (virtual labs), videos, courses, and more.

In October, they offered a 30 trial as part of National Cybersecurity Awareness Month (a US, now global, type of initiative). As I self-study, I really only have a limited budget that go into online resources so I definitely was very interested in signing up. For me, self-study involves not just the amount of time learning online but the charges can rack up when you consider the amount spent on conferences, on books, study guides, online courses, examinations, certifications and more.

Below is a short overview. I’ll update this entry throughout the month with new notes.

Cyber Ranges - interactive lab exercises on pentesting, networking, Linux

Infosec Institue Bruteforce

Infosec Institue check Shellshock with NMAP

Infosec Institute NMAP SNMP

Infosec Institute - Heartbleed

The cyber ranges are definitely the highlight for Infosec Institute. Compared to those downloadable vulnerable VMs or the VMs offerd as part of OSCP training (which I tried back in 2016), these are more like ‘bite-size’ type of lessons giving users a chance to not only learn tools but also apply them in a real live environment and network.

One of the cool ranges that was shown was the Hacking with Android lab. Back in 2015, I had an Android phone with Kali Linux ‘lite’ Nethunter and I used to mess around with the adb or the Android Debug Bridge and have a look at the internals. I even had ExploitDB on it. You can read my notes on Github here.

I went through the ranges really quickly - really fun way to get into the tools before delving deeper into them later. There are cases where I definitely learned something new (for example, I didn’t realize you can bruteforce MySQL with nmap). Other tools, feels like a mini reunion with some people you have not seen in a while. For example, it has been a while since I last used msfconsole.

Learning Paths

The way Infosec Institute brings together all the videos is under the Learning Paths. These can be broken up into paths that relate to a certification (like CCNA) or it can be skills related (like Linux Fundamentals).

When you select a learning path, it is further divided into Courses and in each Course are a series of videos.

There are 62 learning paths in total.

Practice Exams

The practice exams will definitely be a contender for those that are actively seeking the certification pathway. There are 27 practice exams in total.


The assessments can either be related to a certification path, like the ISACA CRISC Skill Assessment or it can be related to a very specific type of skill like the Mobile Forensics Skill Assessment. There are 26 items in total.

Infosec Skills

This section tends to be the main section and contains all elements - courses, videos, ranges, skill learning path, certification learning path and more.


Projects are a series of hands-on exercises performed on your computer to help you build your skills and gain practical experience. Within each project, such as Network Traffic Analysis for Incident Response Project are some resources, and videos detailing the project walkthrough and project hints. There are 4 projects in total.

This post is a work in progress.