How to start learning to become a white hacker and sites for improving your hacking and cyber security skills

How to start learning to become a white hacker and sites for improving your hacking and cyber security skills

Information

Information and Cyber Security has now become a huge field. It is much more complex than it was a few years ago. This has to do with all the advancements in software and technology.

From null to even intermediate  in Cyber Security and Penetration Testing will more than likely take anyone with no skills at least a few years if they spend 2-3 hours a day. This is because by merely using some "hacking" tools it's not enough, we need to understand how everything works.

Anyone can start to learn "hacking" in the confinement of their homes. This can be done 100% legally as long as you do not attempt to attack anything outside of your private network. This means you can learn to "hack" in a 100% legal way.

There are multiple ways in doing this.. The following list is compiled from searching the internet and using similar lists, I hope it will be useful to anyone wanting to play around.

Recommended

I recommend starting out with Overthewire.org. They have multiple wargames which you can play by just using SSH from Linux/Unix or Putty from Windows. The basics of security and security flaws are shown.

LiveOverflow youtube channel has computer cyber security and reverse engineering basics with cool explanations.

https://www.youtube.com/watch?v=iyAyN3GFM7A&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN

A great guide is Trail Of Bits it has links to many pdf's and  guides as well as examples https://trailofbits.github.io/ctf/.

You will learn the most by installing VirtualBox or VMWare. Installing and configuring Kali Linux and then downloading  vulnerable machines and trying to root them. Start by downloading the oldest ones from VulnHub.

I will start publishing writeups with examples in the near future.

 

Misc stuff

CTF Solutions

https://github.com/ctfs/

https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/
Free virtual machines with windoze
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project

https://ctf365.com/

Some hacker challanges

https://www.tunnelsup.com/hacker-challenges/

http://www.amanhardikar.com/mindmaps/PracticeUrls.html

https://backdoor.sdslabs.co/beginner
https://backdoor.sdslabs.co/challenges

Still working

Yellow means very interesting site to learn from
Embedded Security CTF https://microcorruption.com
EnigmaGroup http://www.enigmagroup.org/ Cool, need to pay to go further

Hack This Site http://www.hackthissite.org/
HackThis http://www.hackthis.co.uk/
HackQuest http://www.hackquest.com/
Hack.me https://hack.me
Hacking-Lab https://www.hacking-lab.com
Hack The Box https://www.hackthebox.gr/en
Hacker Challenge http://www.dareyourmind.net/
Hacker Test http://www.hackertest.net/
hACME Game http://www.hacmegame.org/
Halls Of Valhalla http://halls-of-valhalla.org/beta/challenges
Hax.Tor http://hax.tor.hu/
PentestIT http://www.pentestit.ru/en/
CSC Play on Demand https://pod.cybersecuritychallenge.org.uk/

RootContest http://rootcontest.com/
Root Me http://www.root-me.org/?lang=en
Security Treasure Hunt http://www.securitytreasurehunt.com/
Smash The Stack http://www.smashthestack.org/
SQLZoo http://sqlzoo.net/hack/
TheBlackSheep and Erik http://www.bright-shadows.net/
ThisIsLegal http://thisislegal.com/
Try2Hack http://www.try2hack.nl/
WabLab http://www.wablab.com/hackme
XSS: Can You XSS This? http://canyouxssthis.com/HTMLSanitizer/
XSS Game https://xss-game.appspot.com/
XSS: ProgPHP http://xss.progphp.com/

reverse engineering http://reversing.kr/
http://pwnable.kr/ pwnable
https://www.hellboundhackers.org/
https://net-force.nl/challenges/

Web Based Security

Google Gruyere http://google-gruyere.appspot.com/

Capture the flag CTF

Capture the flag repository which you can download and run on your own PC
http://captf.com/

catch the flag and learn https://ctflearn.com/index.php

All CTF events view pages and view sourcecode..
https://ctftime.org/ctfs

DefCon CTF
https://github.com/legitbs/
https://www.defcon.org/html/links/dc-ctf.html

CTF Examples you can download and run on your own :)

https://github.com/Insomnihack/
https://ictf.cs.ucsb.edu/pages/archive.html

ICTF framework with router, dashboard, vm creator, services.. etc
https://github.com/ucsb-seclab/ictf-framework

Wargame SSH access sites! MUST

https://io.netgarage.org
http://overthewire.org/wargames/bandit/
https://backdoor.sdslabs.co/

 

https://0certainty.wordpress.com/2011/02/02/places-to-hack-legally/

http://old.roothack.org/games/sirens/info – SSH access to their servers, hack through levels
http://heorot.net/forums/ – simulated company via – 3 Level livecds, other challenge + 1 livecd
http://www.hackthissite.org/ – Web app pentesting
http://livesquare.com/wargames.asp – War games challenges. The targets are real-world and involve both windows and linux based systems. They have rules and a pre-registration contract is required.
http://www.happyhacker.org/wargame/index.shtml – More challenges related to wargames

http://www.overthewire.org/wargames/ – More wargames and hacking challenges
http://sourceforge.net/projects/dvwa/ – Damn Vulnerable Web App – Download – Install on a VM
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project – This is an OWASP project and another mess of an App, this one in J2EE, Install instruction on site
http://punter-infosec.com/vulnerable-web-applications-to-learn-web-application-testing-skills – Testing Web Applications – More links on site
http://punter-infosec.com/learning-penetration-testing-skills-in-today%E2%80%99s-chaotic-world – Wargames, hacking and vulnerable Vulnerable Labs/Live CD’s
http://google-gruyere.appspot.com/ – Web Application Exploits and Defenses
http://www.badstore.net/ – Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. – Live CD
http://www.mcafee.com/us/downloads/free-tools/index.aspx – Foundstone SASS Tools – Hackme *** – Hacme are designed to teach application developers, programmers, architects and security professionals how to create secure software.
http://intruded.net/wargames.html – More wargames
http://io.smashthestack.org/ – More wargames
http://www.net-force.nl/challenges/ – Challenges
http://www.seguridadinformatica.org/torneo/ – Spanish challenge
http://www.mavensecurity.com/web_security_dojo/ – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
http://stackoverflow.com/questions/365309/where-can-i-find-a-deliberately-insecure-open-source-web-application – “deliberately insecure web apps”
http://www.hellboundhackers.org/ – More challenges
http://smashthestack.org/wargames.php – several different wargames (not just, IO) with multiple levels. From programming exploits, encryption, ctf, etc.
http://www.securitydistro.com/security-distros/Damn-Vulnerable-Linux-DVL/downloads – Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.

 

http://captf.com/practice-ctf/

Live Online Games

Recommended

 

Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.

http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges)
https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression)
https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)
http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges)
http://reversing.kr/
http://hax.tor.hu/
https://w3challs.com/
https://pwn0.com/
https://io.netgarage.org/
http://ringzer0team.com/
http://www.hellboundhackers.org/
http://www.overthewire.org/wargames/
http://counterhack.net/Counter_Hack/Challenges.html
http://www.hackthissite.org/
http://vulnhub.com/
http://ctf.komodosec.com

websec.fr
Others

https://www.onlinectf.com/challenges/
https://backdoor.sdslabs.co/
http://smashthestack.org/wargames.html
http://hackthecause.info/
http://bright-shadows.net/
http://www.mod-x.co.uk/main.php
http://scanme.nmap.org/
http://www.hackertest.net/
http://net-force.nl/
http://securityoverride.org/ Some good concepts, but "canned" vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons

Meta

 

http://www.wechall.net/sites.php (excellent list of challenge sites)
http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC)
http://repo.shell-storm.org/CTF/ (great archive of CTFs)

Webapp Specific

 

http://demo.testfire.net/
http://wocares.com/xsstester.php
http://crackme.cenzic.com/
http://test.acunetix.com/
http://zero.webappsecurity.com/

Forensics Specific

 

http://computer-forensics.sans.org/community/challenges
http://computer-forensics.sans.org/community/challenges
http://forensicscontest.com/

Recruiting

 

https://www.praetorian.com/challenges/pwnable/
http://rtncyberjobs.com/
http://0x41414141.com/

Mobile and Android stuff

http://securitycompass.github.io/AndroidLabs/
http://securitycompass.github.io/iPhoneLabs/

Older stuff

Gh0st Lab http://www.gh0st.net/

Gone

 

pwn0 https://pwn0.com/home.php
Escape http://escape.alf.nu/

Building a home lab to become a malware hunter guide

https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide?utm_medium=Social

Learning how to do security related things
https://trailofbits.github.io/ctf/

Tools for your own CTF organization

https://github.com/facebook/fbctf

You might enjoy these similar articles:

Be the first to comment!

Add a new comment

All comments are moderated and must adhere to the terms of service.

Subscribe to my awesome newsletter!








What to expect: Ultimate Knowledge regarding Business Efficiency, Personalized Marketing Experience, Software Development and Cyber Security tips and tricks. 1-3 mails per month. Unsubscribe any time. See the privacy policy to learn how we take care of your information.