Information and Cyber Security has now become a huge field. It is much more complex than it was a few years ago. This has to do with all the advancements in software and technology.
From null to even intermediate in Cyber Security and Penetration Testing will more than likely take anyone with no skills at least a few years if they spend 2-3 hours a day. This is because by merely using some "hacking" tools it's not enough, we need to understand how everything works.
Anyone can start to learn "hacking" in the confinement of their homes. This can be done 100% legally as long as you do not attempt to attack anything outside of your private network. This means you can learn to "hack" in a 100% legal way.
There are multiple ways in doing this.. The following list is compiled from searching the internet and using similar lists, I hope it will be useful to anyone wanting to play around.
I recommend starting out with Overthewire.org. They have multiple wargames which you can play by just using SSH from Linux/Unix or Putty from Windows. The basics of security and security flaws are shown.
LiveOverflow youtube channel has computer cyber security and reverse engineering basics with cool explanations.
A great guide is Trail Of Bits it has links to many pdf's and guides as well as examples https://trailofbits.github.io/ctf/.
You will learn the most by installing VirtualBox or VMWare. Installing and configuring Kali Linux and then downloading vulnerable machines and trying to root them. Start by downloading the oldest ones from VulnHub.
I will start publishing writeups with examples in the near future.
Some hacker challanges
Hack This Site http://www.hackthissite.org/
Hack The Box https://www.hackthebox.gr/en
Hacker Challenge http://www.dareyourmind.net/
Hacker Test http://www.hackertest.net/
hACME Game http://www.hacmegame.org/
Halls Of Valhalla http://halls-of-valhalla.org/beta/challenges
CSC Play on Demand https://pod.cybersecuritychallenge.org.uk/
Root Me http://www.root-me.org/?lang=en
Security Treasure Hunt http://www.securitytreasurehunt.com/
Smash The Stack http://www.smashthestack.org/
TheBlackSheep and Erik http://www.bright-shadows.net/
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/
XSS Game https://xss-game.appspot.com/
XSS: ProgPHP http://xss.progphp.com/
Web Based Security
Google Gruyere http://google-gruyere.appspot.com/
Capture the flag CTF
Capture the flag repository which you can download and run on your own PC
catch the flag and learn https://ctflearn.com/index.php
All CTF events view pages and view sourcecode..
CTF Examples you can download and run on your own :)
ICTF framework with router, dashboard, vm creator, services.. etc
Wargame SSH access sites! MUST
http://old.roothack.org/games/sirens/info – SSH access to their servers, hack through levels
http://heorot.net/forums/ – simulated company via – 3 Level livecds, other challenge + 1 livecd
http://www.hackthissite.org/ – Web app pentesting
http://livesquare.com/wargames.asp – War games challenges. The targets are real-world and involve both windows and linux based systems. They have rules and a pre-registration contract is required.
http://www.happyhacker.org/wargame/index.shtml – More challenges related to wargames
http://www.overthewire.org/wargames/ – More wargames and hacking challenges
http://sourceforge.net/projects/dvwa/ – Damn Vulnerable Web App – Download – Install on a VM
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project – This is an OWASP project and another mess of an App, this one in J2EE, Install instruction on site
http://punter-infosec.com/vulnerable-web-applications-to-learn-web-application-testing-skills – Testing Web Applications – More links on site
http://punter-infosec.com/learning-penetration-testing-skills-in-today%E2%80%99s-chaotic-world – Wargames, hacking and vulnerable Vulnerable Labs/Live CD’s
http://google-gruyere.appspot.com/ – Web Application Exploits and Defenses
http://www.badstore.net/ – Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. – Live CD
http://www.mcafee.com/us/downloads/free-tools/index.aspx – Foundstone SASS Tools – Hackme *** – Hacme are designed to teach application developers, programmers, architects and security professionals how to create secure software.
http://intruded.net/wargames.html – More wargames
http://io.smashthestack.org/ – More wargames
http://www.net-force.nl/challenges/ – Challenges
http://www.seguridadinformatica.org/torneo/ – Spanish challenge
http://www.mavensecurity.com/web_security_dojo/ – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
http://stackoverflow.com/questions/365309/where-can-i-find-a-deliberately-insecure-open-source-web-application – “deliberately insecure web apps”
http://www.hellboundhackers.org/ – More challenges
http://smashthestack.org/wargames.php – several different wargames (not just, IO) with multiple levels. From programming exploits, encryption, ctf, etc.
http://www.securitydistro.com/security-distros/Damn-Vulnerable-Linux-DVL/downloads – Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.
Live Online Games
Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.
http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges)
https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression)
https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)
http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges)
http://securityoverride.org/ Some good concepts, but "canned" vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons
Mobile and Android stuff
Gh0st Lab http://www.gh0st.net/
Building a home lab to become a malware hunter guide
Learning how to do security related things
Tools for your own CTF organization
Subscribe to my newsletter