Free Study Hub

Cert Study Resources

Curated free and paid resources for the most popular cybersecurity certifications. Pick your cert and start studying.

🧠
Practice Quizzes
50+ practice questions per certification, with explanations after every answer. Pick your cert below to jump in.
🤖
AI Study Mentor Premium
A 1-on-1 AI tutor that adapts to your weak spots, explains concepts in your own words, and builds a personalized study plan for your exam date.
Learn More →
🛡️
CompTIA Security+
Entry-level · CompTIA · No prerequisites required · 90 questions · 90 minutes
Most Popular Entry Cert DoD 8140 Approved Vendor Neutral 3-Year Renewal
📚 Free Study Resources
Free
Professor Messer's Security+ Course
The most popular free Security+ video course. Covers every exam objective with clear explanations. Updated for latest exam version.
Visit site →
Free
CompTIA Official Study Guide (Sample)
CompTIA provides free sample questions and exam objectives on their official site. Great starting point to understand scope.
Visit site →
Free
Reddit r/CompTIA
Active community sharing study tips, resources, and passing experiences. Search for "Security+ passed" for study strategies.
Visit site →
Tool
Quizlet — Security+ Flashcards
Community-created flashcard decks covering Security+ terminology, acronyms, and concepts. Use spaced repetition mode.
Visit site →
Paid
Darril Gibson / Mike Chapple Books
The two most recommended study guides. "CompTIA Security+ Get Certified Get Ahead" by Gibson is widely considered the best written resource.
Find on Amazon →
Paid
Jason Dion Practice Tests (Udemy)
1,500+ practice questions that closely mirror the real exam format. Frequently on sale for under $15. Highly rated.
Visit site →

💡 Security+ Study Tips

  • Don't just memorise acronyms — understand what each technology does and why it exists.
  • Professor Messer's free videos + Jason Dion's practice tests is the most common passing combination.
  • Focus heavily on: encryption types, authentication protocols, attack types, and incident response steps.
  • PBQ (performance-based questions) appear first — don't skip them. They're worth more and can't be skipped back to.
  • Aim for 85%+ on practice tests before booking the real exam.
🔐
CC — Certified in Cybersecurity (ISC²)
Entry-level · ISC² · No prerequisites · 100 questions · 2 hours
Currently Free to Attempt ISC² Issued Great CISSP Stepping Stone
📚 Study Resources
Free
ISC² Official CC Self-Paced Training
ISC² provides a free official self-paced training course for the CC exam. Covers all five domains. Requires a free ISC² account.
Visit site →
Free
ISC² CC Exam Outline
The official exam outline lists every topic tested. Use it as a study checklist to make sure you cover everything.
Visit site →
Community
ISC² Community Forums
Official community forums where CC candidates share study experiences, tips, and exam feedback.
Visit site →
Free
Pete Zerger (Inside Cloud and Security)
Free YouTube series covering the CC exam domains in detail. Clear, concise explanations suitable for complete beginners.
Visit YouTube →

💡 CC Study Tips

  • The CC is currently free to sit — there's no reason not to attempt it if you're entering cybersecurity.
  • The ISC² free training course alone is often enough to pass. Supplement with the official exam outline.
  • Five domains: Security Principles, BC/DR, Access Controls, Network Security, Security Operations.
  • Even if you plan to get Security+ later, the CC builds a strong foundation and is a recognised credential.
Free
ISC² CC Free Flashcards (Official)
ISC² provides official CC study materials including glossary terms and flashcards on their candidate resource page.
Visit site →
Tool
StudyNotionCC (Notion Template)
Community-built Notion study template covering all CC domains with notes, links, and practice questions. Search for "CC ISC2 Notion" on Reddit.
Visit site →
Free
YouTube — Destination Certification (CC)
Rob Witcher's CC course on YouTube covers the full exam concisely. Great for visual learners who want video explanations of each domain.
Visit site →
⚔️
CEH — Certified Ethical Hacker
Intermediate · EC-Council · 2 years experience recommended · 125 questions · 4 hours
Ethical Hacking Focus DoD 8140 Approved Widely Recognised
📚 Study Resources
Free
EC-Council Free iLabs Trial
EC-Council offers limited free access to their iLabs platform where CEH hands-on labs are hosted. Good for getting a feel for the practical side.
Visit site →
Free
TryHackMe — Pre-Security & Jr Pentester Paths
Free/paid learning paths that cover CEH topics practically. The hands-on labs build the skills tested in CEH.
Visit site →
Free
HackTheBox Academy
Free foundational modules covering penetration testing concepts aligned with CEH objectives. Practical focus.
Visit site →
Paid
Matt Walker's CEH All-in-One
The most recommended CEH book. Covers all 20 modules with clear explanations and practice questions at the end of each chapter.
Find on Amazon →
Paid
Udemy — CEH Courses (Zaid Sabih / Heath Adams)
Highly rated practical courses covering CEH modules with live demonstrations. Frequently on sale.
Search Udemy →

💡 CEH Study Tips

  • CEH is theory-heavy. Know the tools (Nmap, Metasploit, Wireshark) conceptually even if you don't use them all hands-on.
  • All 20 modules are fair game — don't neglect social engineering, mobile hacking, or IoT sections.
  • The practical CEH (CEH Practical) is a separate 6-hour hands-on exam — more respected than the written.
  • TryHackMe and HackTheBox are essential companions even for the written exam — you need to understand what the tools actually do.
Free
EC-Council Free CEH Resources
EC-Council provides free study materials including the CEH exam blueprint and sample questions on their official site.
Visit site →
Free
Cybrary — Ethical Hacking (Free Tier)
Cybrary offers free ethical hacking courses covering topics directly aligned with the CEH exam domains.
Visit site →
Tool
HackTheBox Starting Point
Beginner-friendly guided labs from HTB. Practicing against real vulnerable machines is the best CEH prep you can do.
Visit site →
Free
OWASP Testing Guide
The definitive free reference for web application testing — covers every category the CEH web app domain tests.
Visit site →
💀
OSCP — Offensive Security Certified Professional
Advanced · Offensive Security · Strong Linux/networking skills required · 24-hour practical exam
Industry Gold Standard Fully Hands-On Exam Pentesting Focus Try Harder
📚 Study Resources
Paid
PEN-200 Course (OffSec)
The official prerequisite course for OSCP. Includes lab access and the exam attempt. Comprehensive — the course material is the study guide.
Visit site →
Free
HackTheBox — OSCP-like Machines
Practice on retired HTB machines that are known to be OSCP-style. TJ Null's OSCP-like machine list is the definitive reference.
Visit site →
Free
TJ Null's OSCP Prep List
The community-maintained list of HTB and PG Practice machines that are most similar to the OSCP exam. Essential preparation resource.
View spreadsheet →
Free
IppSec YouTube Channel
Detailed walkthroughs of retired HTB machines by IppSec. Invaluable for learning methodology. One of the best free OSCP prep resources.
Visit YouTube →
Free
GTFOBins & LOLBAS
Essential references for privilege escalation. GTFOBins (Linux) and LOLBAS (Windows) — you will use these constantly in the exam.
GTFOBins →
Tool
Obsidian / CherryTree — Note Taking
OSCP exam requires clear documentation. Build a notes template early. Many candidates use CherryTree or Obsidian with structured pentest templates.
Visit site →

💡 OSCP Study Tips

  • Do not attempt OSCP without solid Linux fundamentals, basic scripting, and networking knowledge.
  • Complete at least 30–50 TJ Null machines before the exam. Focus on methodology, not just getting root.
  • Build a personal notes template with sections for enumeration, exploitation, and post-exploitation. Documentation matters.
  • The exam is 24 hours. Time management is as important as technical skill — don't rabbit-hole on one machine.
  • "Try Harder" is the culture — the struggle is intentional. Reaching out for hints too early will hurt you in the exam.
Free
Offensive Security PEN-200 Syllabus
Read the official PEN-200 course syllabus to understand exactly what the OSCP exam covers. Use it as a checklist.
Visit site →
Free
HackTheBox OSCP-like Machines List
The community maintains a list of HTB machines that closely mirror OSCP exam difficulty and style. Essential prep.
Visit site →
Free
TryHackMe — Jr Penetration Tester Path
Structured learning path covering foundational pentesting concepts including enumeration, exploitation, and post-exploitation.
Visit site →
Free
IppSec YouTube Channel
Video walkthroughs of retired HTB machines by one of the community's best. Watching methodology in action is invaluable for OSCP.
Visit site →
Tool
Obsidian for OSCP Notes
OSCP requires a detailed report — many successful candidates recommend Obsidian for note-taking with linked pages per machine.
Visit site →
🎓
CISSP — Certified Information Systems Security Professional
Expert · ISC² · 5 years experience required · 100–150 adaptive questions · 3 hours
Management-Level Cert ISC² Gold Standard Highly Respected Managerial Mindset Required
📚 Study Resources
Paid
ISC² Official CISSP Study Guide
The official study guide by Mike Chapple and James Michael Stewart. Dense but comprehensive. All 8 domains covered thoroughly.
Find on Amazon →
Free
Thor Teaches — CISSP YouTube
Free CISSP concept videos on YouTube. Excellent for understanding the "think like a manager" mindset the exam requires.
Visit YouTube →
Free
CISSP Exam Cram Videos (Pete Zerger)
Free domain-by-domain video series covering CISSP concepts. Good supplemental material alongside a textbook.
Visit YouTube →
Paid
Boson Practice Tests
Widely regarded as the most realistic CISSP practice questions. Excellent explanations for both correct and incorrect answers.
Visit site →
Community
Reddit r/cissp
Active community of CISSP candidates and certified professionals. "How I passed" posts are extremely valuable for strategy.
Visit site →
Free
Kelly Handerhan — "Why You Will Pass"
The most famous single CISSP resource. A 13-minute YouTube video that explains the critical mindset shift required to pass the CISSP exam.
Watch on YouTube →

💡 CISSP Study Tips

  • CISSP tests management thinking, not technical implementation. "What should a manager do?" is the question framework.
  • Watch Kelly Handerhan's "Why You Will Pass" video before you do anything else. It reframes everything.
  • The CAT (Computerised Adaptive Testing) format means the exam adjusts to you. Don't panic if questions seem very hard.
  • All 8 domains matter — don't neglect Security and Risk Management (Domain 1), it's the largest domain.
  • For experience: if you don't have 5 years yet, you can still pass and become an Associate of ISC² while you accumulate experience.

Hold a certification?

Verified certification holders get access to ZeroDay's Certified Professional plan at $9.99/month — saving $5 over standard Premium.

View Certified Pro Plan →
Beyond the Certs

General Cybersecurity Learning

Platforms, communities, and tools to build real skills — not just exam knowledge.

🔬 Hands-On Practice
Free
TryHackMe
Beginner-friendly browser-based labs covering networking, Linux, web hacking, and more. Start with free paths, no setup required.
Visit site →
Free
HackTheBox
Real vulnerable machines at all difficulty levels. Free tier available. The closest thing to real pentesting experience you can get without a job.
Visit site →
Free
PicoCTF
Free CTF platform from Carnegie Mellon. Hundreds of beginner-to-intermediate challenges in cryptography, forensics, reverse engineering, and web.
Visit site →
Free
PortSwigger Web Security Academy
Completely free, world-class web security training from the creators of Burp Suite. Covers all OWASP categories with interactive labs.
Visit site →
Free
PentesterLab
Focused web vulnerability labs. The free tier covers foundational web hacking concepts. Great alongside PortSwigger.
Visit site →
📺 Courses & Videos
Free
TCM Security (YouTube)
Full-length free courses including Practical Ethical Hacking fundamentals, OSINT, and Active Directory. Some of the best free pentesting content available.
Visit site →
Free
NetworkChuck (YouTube)
Approachable videos on networking, hacking, Linux, and cloud security. Great for beginners who want engaging content to build interest.
Visit site →
Free
John Hammond (YouTube)
CTF walkthroughs, malware analysis, and general hacking content. Excellent for intermediate learners who want to see real problem-solving in action.
Visit site →
Paid
TCM Security Courses
Affordable paid courses (~$30) covering Active Directory, OSINT, web hacking, and more. Frequently recommended as better value than equivalent Udemy courses.
Visit site →
Paid
INE / eLearnSecurity
Professional-grade courses and certifications (eJPT, eCPPT, eWPT). eJPT is highly recommended as a first hands-on pentesting certification.
Visit site →
📖 Reference & News
Free
MITRE ATT&CK Framework
The definitive knowledge base of adversary tactics and techniques. Used by security teams worldwide for threat modeling and detection engineering.
Visit site →
Free
NIST National Vulnerability Database
The official US government CVE database. Every vulnerability with CVSS scores, affected versions, and patch information.
Visit site →
Free
Krebs on Security
Investigative security journalism from Brian Krebs. Essential reading for understanding real-world attacks, threat actors, and cybercrime.
Visit site →
Free
The Hacker News
Daily cybersecurity news covering new vulnerabilities, data breaches, malware campaigns, and industry developments.
Visit site →
Free
Exploit-DB
A public archive of exploits and vulnerable software maintained by Offensive Security. Essential reference for understanding how real exploits work.
Visit site →
👥 Communities
Community
Reddit r/netsec
High-quality technical security content, research papers, and vulnerability disclosures. Strictly technical — a good signal-to-noise ratio.
Visit site →
Community
Reddit r/cybersecurity
Broader discussion on industry news, career advice, and certification guidance. Good for beginners looking for direction.
Visit site →
Community
TCM Security Discord
Active community of security students and professionals. Great for getting help, sharing resources, and finding study partners.
Visit site →
Community
0xdf Blog
Detailed, methodical walkthroughs of HackTheBox machines by one of the community's most respected players. Excellent for learning methodology.
Visit site →
Free
ZeroDay Support Server
Join our Discord server to discuss certs, share resources, and get study advice from the ZeroDay community.
Join server →