How to start learning to become a white hacker and sites for improving your hacking and cyber security skills

How to start learning to become a white hacker and sites for improving your hacking and cyber security skills

Show table of contents


Information and Cyber Security has now become a huge field. It is much more complex than it was a few years ago. This has to do with all the advancements in software and technology.

From null to even intermediate  in Cyber Security and Penetration Testing will more than likely take anyone with no skills at least a few years if they spend 2-3 hours a day. This is because by merely using some "hacking" tools it's not enough, we need to understand how everything works.

Anyone can start to learn "hacking" in the confinement of their homes. This can be done 100% legally as long as you do not attempt to attack anything outside of your private network. This means you can learn to "hack" in a 100% legal way.

There are multiple ways in doing this.. The following list is compiled from searching the internet and using similar lists, I hope it will be useful to anyone wanting to play around.


I recommend starting out with They have multiple wargames which you can play by just using SSH from Linux/Unix or Putty from Windows. The basics of security and security flaws are shown.

LiveOverflow youtube channel has computer cyber security and reverse engineering basics with cool explanations.

A great guide is Trail Of Bits it has links to many pdf's and  guides as well as examples

You will learn the most by installing VirtualBox or VMWare. Installing and configuring Kali Linux and then downloading  vulnerable machines and trying to root them. Start by downloading the oldest ones from VulnHub.

I will start publishing writeups with examples in the near future.


Misc stuff

CTF Solutions
Free virtual machines with windoze

Some hacker challanges

Still working

Yellow means very interesting site to learn from
Embedded Security CTF
EnigmaGroup Cool, need to pay to go further

Hack This Site
Hack The Box
Hacker Challenge
Hacker Test
hACME Game
Halls Of Valhalla
CSC Play on Demand

Root Me
Security Treasure Hunt
Smash The Stack
TheBlackSheep and Erik
XSS: Can You XSS This?
XSS Game

reverse engineering pwnable

Web Based Security

Google Gruyere

Capture the flag CTF

Capture the flag repository which you can download and run on your own PC

catch the flag and learn

All CTF events view pages and view sourcecode..

DefCon CTF

CTF Examples you can download and run on your own :)

ICTF framework with router, dashboard, vm creator, services.. etc

Wargame SSH access sites! MUST – SSH access to their servers, hack through levels – simulated company via – 3 Level livecds, other challenge + 1 livecd – Web app pentesting – War games challenges. The targets are real-world and involve both windows and linux based systems. They have rules and a pre-registration contract is required. – More challenges related to wargames – More wargames and hacking challenges – Damn Vulnerable Web App – Download – Install on a VM – This is an OWASP project and another mess of an App, this one in J2EE, Install instruction on site – Testing Web Applications – More links on site – Wargames, hacking and vulnerable Vulnerable Labs/Live CD’s – Web Application Exploits and Defenses – is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. – Live CD – Foundstone SASS Tools – Hackme *** – Hacme are designed to teach application developers, programmers, architects and security professionals how to create secure software. – More wargames – More wargames – Challenges – Spanish challenge – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo – “deliberately insecure web apps” – More challenges – several different wargames (not just, IO) with multiple levels. From programming exploits, encryption, ctf, etc. – Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.

Live Online Games



Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time. (one of the more popular recent wargamming sets of challenges) (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression) (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430) (a new CTF based learning platform with user-contributed challenges)
Others Some good concepts, but "canned" vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons

Meta (excellent list of challenge sites) (good CTF wiki, though focused on CCDC) (great archive of CTFs)

Webapp Specific

Forensics Specific


Mobile and Android stuff

Older stuff

Gh0st Lab




Building a home lab to become a malware hunter guide

Learning how to do security related things

Tools for your own CTF organization

Subscribe to my newsletter

NOTE:You will need to confirm your e-mail address in order to fully complete the subscription process.

What are your thoughts?

All comments are moderated and must adhere to the terms of service.

You might enjoy these similar articles: