Andrei Clinciu
Information
Information and Cyber Security has now become a huge field. It is much more complex than it was a few years ago. This has to do with all the advancements in software and technology.
From null to even intermediate in Cyber Security and Penetration Testing will more than likely take anyone with no skills at least a few years if they spend 2-3 hours a day. This is because by merely using some "hacking" tools it's not enough, we need to understand how everything works.
Anyone can start to learn "hacking" in the confinement of their homes. This can be done 100% legally as long as you do not attempt to attack anything outside of your private network. This means you can learn to "hack" in a 100% legal way.
There are multiple ways in doing this.. The following list is compiled from searching the internet and using similar lists, I hope it will be useful to anyone wanting to play around.
Recommended
I recommend starting out with Overthewire.org. They have multiple wargames which you can play by just using SSH from Linux/Unix or Putty from Windows. The basics of security and security flaws are shown.
LiveOverflow youtube channel has computer cyber security and reverse engineering basics with cool explanations.
https://www.youtube.com/watch?v=iyAyN3GFM7A&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
A great guide is Trail Of Bits it has links to many pdf's and guides as well as examples https://trailofbits.github.io/ctf/.
You will learn the most by installing VirtualBox or VMWare. Installing and configuring Kali Linux and then downloading vulnerable machines and trying to root them. Start by downloading the oldest ones from VulnHub.
I will start publishing writeups with examples in the near future.
Misc stuff
CTF Solutions
https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/
Free virtual machines with windoze
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
Some hacker challanges
https://www.tunnelsup.com/hacker-challenges/
http://www.amanhardikar.com/mindmaps/PracticeUrls.html
https://backdoor.sdslabs.co/beginner
https://backdoor.sdslabs.co/challenges
Still working
Yellow means very interesting site to learn from
Embedded Security CTF https://microcorruption.com
EnigmaGroup http://www.enigmagroup.org/ Cool, need to pay to go further
Hack This Site http://www.hackthissite.org/
HackThis http://www.hackthis.co.uk/
HackQuest http://www.hackquest.com/
Hack.me https://hack.me
Hacking-Lab https://www.hacking-lab.com
Hack The Box https://www.hackthebox.gr/en
Hacker Challenge http://www.dareyourmind.net/
Hacker Test http://www.hackertest.net/
hACME Game http://www.hacmegame.org/
Halls Of Valhalla http://halls-of-valhalla.org/beta/challenges
Hax.Tor http://hax.tor.hu/
PentestIT http://www.pentestit.ru/en/
CSC Play on Demand https://pod.cybersecuritychallenge.org.uk/
RootContest http://rootcontest.com/
Root Me http://www.root-me.org/?lang=en
Security Treasure Hunt http://www.securitytreasurehunt.com/
Smash The Stack http://www.smashthestack.org/
SQLZoo http://sqlzoo.net/hack/
TheBlackSheep and Erik http://www.bright-shadows.net/
ThisIsLegal http://thisislegal.com/
Try2Hack http://www.try2hack.nl/
WabLab http://www.wablab.com/hackme
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/
XSS Game https://xss-game.appspot.com/
XSS: ProgPHP http://xss.progphp.com/
reverse engineering http://reversing.kr/
http://pwnable.kr/ pwnable
https://www.hellboundhackers.org/
https://net-force.nl/challenges/
Web Based Security
Google Gruyere http://google-gruyere.appspot.com/
Capture the flag CTF
Capture the flag repository which you can download and run on your own PC
http://captf.com/
catch the flag and learn https://ctflearn.com/index.php
All CTF events view pages and view sourcecode..
https://ctftime.org/ctfs
DefCon CTF
https://github.com/legitbs/
https://www.defcon.org/html/links/dc-ctf.html
CTF Examples you can download and run on your own :)
https://github.com/Insomnihack/
https://ictf.cs.ucsb.edu/pages/archive.html
ICTF framework with router, dashboard, vm creator, services.. etc
https://github.com/ucsb-seclab/ictf-framework
Wargame SSH access sites! MUST
https://io.netgarage.org
http://overthewire.org/wargames/bandit/
https://backdoor.sdslabs.co/
https://0certainty.wordpress.com/2011/02/02/places-to-hack-legally/
http://old.roothack.org/games/sirens/info – SSH access to their servers, hack through levels
http://heorot.net/forums/ – simulated company via – 3 Level livecds, other challenge + 1 livecd
http://www.hackthissite.org/ – Web app pentesting
http://livesquare.com/wargames.asp – War games challenges. The targets are real-world and involve both windows and linux based systems. They have rules and a pre-registration contract is required.
http://www.happyhacker.org/wargame/index.shtml – More challenges related to wargames
http://www.overthewire.org/wargames/ – More wargames and hacking challenges
http://sourceforge.net/projects/dvwa/ – Damn Vulnerable Web App – Download – Install on a VM
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project – This is an OWASP project and another mess of an App, this one in J2EE, Install instruction on site
http://punter-infosec.com/vulnerable-web-applications-to-learn-web-application-testing-skills – Testing Web Applications – More links on site
http://punter-infosec.com/learning-penetration-testing-skills-in-today%E2%80%99s-chaotic-world – Wargames, hacking and vulnerable Vulnerable Labs/Live CD’s
http://google-gruyere.appspot.com/ – Web Application Exploits and Defenses
http://www.badstore.net/ – Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. – Live CD
http://www.mcafee.com/us/downloads/free-tools/index.aspx – Foundstone SASS Tools – Hackme *** – Hacme are designed to teach application developers, programmers, architects and security professionals how to create secure software.
http://intruded.net/wargames.html – More wargames
http://io.smashthestack.org/ – More wargames
http://www.net-force.nl/challenges/ – Challenges
http://www.seguridadinformatica.org/torneo/ – Spanish challenge
http://www.mavensecurity.com/web_security_dojo/ – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
http://stackoverflow.com/questions/365309/where-can-i-find-a-deliberately-insecure-open-source-web-application – “deliberately insecure web apps”
http://www.hellboundhackers.org/ – More challenges
http://smashthestack.org/wargames.php – several different wargames (not just, IO) with multiple levels. From programming exploits, encryption, ctf, etc.
http://www.securitydistro.com/security-distros/Damn-Vulnerable-Linux-DVL/downloads – Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.
http://captf.com/practice-ctf/
Live Online Games
Recommended
Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.
http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges)
https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression)
https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)
http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges)
http://reversing.kr/
http://hax.tor.hu/
https://w3challs.com/
https://pwn0.com/
https://io.netgarage.org/
http://ringzer0team.com/
http://www.hellboundhackers.org/
http://www.overthewire.org/wargames/
http://counterhack.net/Counter_Hack/Challenges.html
http://www.hackthissite.org/
http://vulnhub.com/
http://ctf.komodosec.com
websec.fr
Others
https://www.onlinectf.com/challenges/
https://backdoor.sdslabs.co/
http://smashthestack.org/wargames.html
http://hackthecause.info/
http://bright-shadows.net/
http://www.mod-x.co.uk/main.php
http://scanme.nmap.org/
http://www.hackertest.net/
http://net-force.nl/
http://securityoverride.org/ Some good concepts, but "canned" vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons
Meta
http://www.wechall.net/sites.php (excellent list of challenge sites)
http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC)
http://repo.shell-storm.org/CTF/ (great archive of CTFs)
Webapp Specific
http://demo.testfire.net/
http://wocares.com/xsstester.php
http://crackme.cenzic.com/
http://test.acunetix.com/
http://zero.webappsecurity.com/
Forensics Specific
http://computer-forensics.sans.org/community/challenges
http://computer-forensics.sans.org/community/challenges
http://forensicscontest.com/
Recruiting
https://www.praetorian.com/challenges/pwnable/
http://rtncyberjobs.com/
http://0x41414141.com/
Mobile and Android stuff
http://securitycompass.github.io/AndroidLabs/
http://securitycompass.github.io/iPhoneLabs/
Older stuff
Gh0st Lab http://www.gh0st.net/
Gone
pwn0 https://pwn0.com/home.php
Escape http://escape.alf.nu/
Building a home lab to become a malware hunter guide
Learning how to do security related things
https://trailofbits.github.io/ctf/
Tools for your own CTF organization
Ideas and comments
Andrei Clinciu
I'm a Full Stack Software Developer specializing in creating websites and applications which aid businesses to automate. Software which can help you simplify your life. Let's work together!
