Free training. Take it.
Security awareness training — built by hackers, free under an open licence
We use these modules to brief our own teams. We wanted you to have them too. No signup. No payment. No email gate. The HackersHub watermark means we vetted the content exactly as you see it; under CC-BY-ND 4.0 you can redistribute, translate and bundle, as long as the watermark stays on unmodified content.
How would you like to learn?
Three entry points — pick whichever fits how you want to work through this.
Start here
The Foundations track
Five short lessons covering how attackers think, the five attack categories, phishing, passwords & MFA, and incident reporting. About 30 minutes total. Recommended for anyone new to security awareness.
5 lessons · ~30 min · Beginner
Begin Foundations →Coming soon
By industry
Tell us you work in banking, energy, healthcare, or another sector — we'll build a recommended training program for your industry. Launching once we have more clusters published.
Banking · Energy · Healthcare · Manufacturing · Government · Education
Notify me →Browse
By topic
Pick a category that matters most to your role: phishing, passwords, social engineering, cloud, incident response, compliance. Each is a self-contained track of lessons.
7 categories · ~50 modules planned · 9 live now
Explore topics ↓All topics
Every category is a guided track of lessons in recommended order. Jump in at any point.
Foundations
The five-lesson starting track — what every employee should know.
5 / 5 lessons live →
Phishing & social-engineering email
The full taxonomy — from credential-stealers to BEC and deepfake voice attacks.
9 / 9 lessons live →
Passwords & authentication
From password managers to passkeys, SIM-swap and credential stuffing.
Coming soon →
Social engineering
Pretexting, baiting, tailgating, watering-hole — every non-technical attack vector.
Coming soon →
Remote work & hybrid teams
Home network hardening, public WiFi risk, BYOD, video-conf security.
Coming soon →
Cloud & SaaS security
OAuth attacks, shadow IT, third-party SaaS risk, account takeover.
Coming soon →
Incident reporting & response
When to report, how to preserve evidence, NIS2 + GDPR obligations.
Coming soon →
Compliance, for non-techies
NIS2, GDPR, ISO 27001, SOC 2, DORA — what each one actually means.
Coming soon →
Why we're giving this away
Awareness training is sold for €50,000–€500,000 per organisation per year by platforms whose content has not meaningfully changed in five years. The market is gated, repetitive, and vendor-trapped. We are practitioners — we believe everyone should have access to current, accurate threat education, including the small teams that cannot afford a license. This library is our contribution to that. Forever-free, openly licensed, expert-vetted.
This module is HackersHub-endorsed exactly as you see it here, watermark and all. Free under CC-BY-ND 4.0. Edit the content? Remove our watermark first. — The HackersHub team View license details.