Information
Information and Cyber Security has now become a huge field. It is much more complex than it was a few years ago. This has to do with all the advancements in software and technology.
From null to even intermediate in Cyber Security and Penetration Testing will more than likely take anyone with no skills at least a few years if they spend 2-3 hours a day. This is because by merely using some “hacking” tools it’s not enough, we need to understand how everything works.
Anyone can start to learn “hacking” in the confinement of their homes. This can be done 100% legally as long as you do not attempt to attack anything outside of your private network. This means you can learn to “hack” in a 100% legal way.
There are multiple ways in doing this.. The following list is compiled from searching the internet and using similar lists, I hope it will be useful to anyone wanting to play around.
Recommended
I recommend starting out with http://overthewire.org . They have multiple wargames which you can play by just using SSH from Linux/Unix or Putty from Windows. The basics of security and security flaws are shown.
LiveOverflow youtube channel has computer cyber security and reverse engineering basics with cool explanations.
A great guide is Trail Of Bits it has links to many pdf’s and guides as well as examples https://trailofbits.github.io/ctf/ .
You will learn the most by installing
- https://www.virtualbox.org/wiki/Downloads[VirtualBox] or VMWare. Installing and configuring Kali Linux and then downloading vulnerable machines and trying to root them. Start by downloading the oldest ones from http://vulnhub.com [VulnHub].
I will start publishing writeups with examples in the near future.
Note: I still have many writeups but didn’t get to publish them, due to my life taking a variety of twists and turns since 2017.
Misc stuff
CTF Solutions
https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/ Free virtual machines with windoze
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
Some hacker challanges
Still working
These where still working in 2017, 2025 on wards not all of them will still be online.
Embedded Security CTF https://microcorruption.com +
EnigmaGroup http://www.enigmagroup.org/ Cool, need to pay to go further
[.underline]#Hack This Site http://www.hackthissite.org/# +
HackThis http://www.hackthis.co.uk/ +
HackQuest http://www.hackquest.com/ +
Hack.me https://hack.me +
Hacking-Lab https://www.hacking-lab.com +
Hack The Box
+https://www.hackthebox.gr+/en +Hacker Challenge http://www.dareyourmind.net/ +
Hacker Test http://www.hackertest.net/ +
hACME Game http://www.hacmegame.org/ +
Halls Of Valhalla http://halls-of-valhalla.org/beta/challenges +
Hax.Tor http://hax.tor.hu/
PentestIT http://www.pentestit.ru/en/
CSC Play on Demand https://pod.cybersecuritychallenge.org.uk/
RootContest http://rootcontest.com/
Root Me http://www.root-me.org/?lang=en
Security Treasure Hunt http://www.securitytreasurehunt.com/
Smash The Stack http://www.smashthestack.org/
SQLZoo http://sqlzoo.net/hack/
TheBlackSheep and Erik http://www.bright-shadows.net/
ThisIsLegal http://thisislegal.com/
Try2Hack http://www.try2hack.nl/
WabLab http://www.wablab.com/hackme
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/
XSS Game https://xss-game.appspot.com/
XSS: ProgPHP http://xss.progphp.com/
reverse engineering +http://reversing.kr/+ +
Web Based Security
Google Gruyere http://google-gruyere.appspot.com/
Capture the flag CTF
- Capture the flag repository which you can download and run on your own PC
- http://captf.com/
catch the flag and learn https://ctflearn.com/index.php
All CTF events view pages and view sourcecode.. +
CTF Examples you can download and run on your own :)
ICTF framework with router, dashboard, vm creator, services.. etc +
Wargame SSH access sites! MUST
Some places to hack legally.. https://0certainty.wordpress.com/2011/02/02/places-to-hack-legally/
http://old.roothack.org/games/sirens/info – SSH access to their servers, hack through levels +
http://heorot.net/forums/ – simulated company via – 3 Level livecds, other challenge + 1 livecd +
http://www.hackthissite.org/ – Web app pentesting +
http://livesquare.com/wargames.asp – War games challenges. The targets are real-world and involve both windows and linux based systems. They have rules and a pre-registration contract is required. +
http://www.happyhacker.org/wargame/index.shtml – More challenges related to wargames
http://www.overthewire.org/wargames/ – More wargames and hacking challenges +
http://sourceforge.net/projects/dvwa/ – Damn Vulnerable Web App – Download – Install on a VM +
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project – This is an OWASP project and another mess of an App, this one in J2EE, Install instruction on site +
http://punter-infosec.com/vulnerable-web-applications-to-learn-web-application-testing-skills – Testing Web Applications – More links on site +
http://punter-infosec.com/learning-penetration-testing-skills-in-today%E2%80%99s-chaotic-world – Wargames, hacking and vulnerable Vulnerable Labs/Live CD’s +
http://google-gruyere.appspot.com/ – Web Application Exploits and Defenses +
http://www.badstore.net/ – Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. – Live CD +
http://www.mcafee.com/us/downloads/free-tools/index.aspx – Foundstone SASS Tools – Hackme *** – Hacme are designed to teach application developers, programmers, architects and security professionals how to create secure software. +
http://intruded.net/wargames.html – More wargames +
http://io.smashthestack.org/ – More wargames +
http://www.net-force.nl/challenges/ – Challenges +
http://www.seguridadinformatica.org/torneo/ – Spanish challenge +
http://www.mavensecurity.com/web_security_dojo/ – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo +
http://stackoverflow.com/questions/365309/where-can-i-find-a-deliberately-insecure-open-source-web-application – “deliberately insecure web apps” +
http://www.hellboundhackers.org/ – More challenges +
http://smashthestack.org/wargames.php – several different wargames (not just, IO) with multiple levels. From programming exploits, encryption, ctf, etc. +
http://www.securitydistro.com/security-distros/Damn-Vulnerable-Linux-DVL/downloads – Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.
http://captf.com/practice-ctf/
Live Online Games
##= Recommended
Whether they’re being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.
- http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges) +
- https://picoctf.com/ (Designed for high school students while the event is usually new every year, it’s left online and has a great difficulty progression) +
- https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430) +
- http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges) +
- http://reversing.kr/ +
- http://hax.tor.hu/ +
- https://w3challs.com/ +
- https://pwn0.com/ +
- https://io.netgarage.org/ +
- http://ringzer0team.com/ +
- http://www.hellboundhackers.org/ +
- http://www.overthewire.org/wargames/ +
- http://counterhack.net/Counter_Hack/Challenges.html +
- http://www.hackthissite.org/ +
- http://vulnhub.com/ +
- http://ctf.komodosec.com
websec.fr + Others
- https://www.onlinectf.com/challenges/ +
- https://backdoor.sdslabs.co/ +
- http://smashthestack.org/wargames.html +
- http://hackthecause.info/ +
- http://bright-shadows.net/ +
- http://www.mod-x.co.uk/main.php +
- http://scanme.nmap.org/ +
- http://www.hackertest.net/ +
- http://net-force.nl/ +
- http://securityoverride.org/ Some good concepts, but “canned” vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons
Meta
- http://www.wechall.net/sites.php (excellent list of challenge sites) +
- http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC) +
- http://repo.shell-storm.org/CTF/ (great archive of CTFs)
Webapp Specific
- http://demo.testfire.net/ +
- http://wocares.com/xsstester.php +
- http://crackme.cenzic.com/ +
- http://test.acunetix.com/ +
- http://zero.webappsecurity.com/
Forensics Specific
- http://computer-forensics.sans.org/community/challenges +
- http://computer-forensics.sans.org/community/challenges +
- http://forensicscontest.com/
Recruiting
##= Mobile and Android stuff
Older stuff
Gh0st Lab http://www.gh0st.net/
##= Gone
pwn0 https://pwn0.com/home.php + Escape http://escape.alf.nu/
Building a home lab to become a malware hunter guide
Learning how to do security related things +
Tools for your own CTF organization
However, these are just the starting points, don’t be stupid, don’t do anything idiotic which might get you into trouble. Always run viruses/malware IN A SECURE VM!
You are responsible for your actions, and please don’t boast you hacked anything online, it will just attract unwanted attention .
