Hands-on Practice
Sites and resources for gaining the most important experience: hands-on practical application.
Last updated
Sites and resources for gaining the most important experience: hands-on practical application.
Last updated
TODO: Clean, organize, and write a blurb for each site; vet each one; put into clean table
Website list:
https://pwnable.tw/ Pwnable.tw: Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills. Just as the .kr version (I actually don’t know if they’re related) the only thing you must do is click “challenges” con the upper left webpage tabs. They provide a scoring system, the harder the challenge is, the more score you earn. They also provide write-ups.
https://challenges.re/ Challenges.re: Website created by Dennis Yurichev, the writer of the awesome book “Reverse Engineering for Beginners” (https://beginners.re/).
https://www.reversinghero.com/ Reversing Hero: ReversingHero is a 15-challenges computer program, designed to teach you Reverse Engineering. It begins from the real basics, and continues into more advanced topics.
https://ropemporium.com/ ROP Emporium: Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
https://picoctf.com/ picoCTF: picoCTF is a computer security game targeted at middle and high school students. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge. The challenges are all set up with the intent of being hacked, making it an excellent, legal way to get hands-on experience.
https://ctf365.com/ CTF365: CTF365 is a real life cyber range where users build their own servers and defend them while attacking other servers. It’s what would happen in real life when your server or computer networks are under attack by hackers.
https://www.hackthebox.eu/ Hack The Box: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.
https://www.vulnhub.com/ Vulnhub: Their goal is simple: “To provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration” Owned by OffSec now, so should blossom into something very fun and useful
https://www.root-me.org/en/Challenges Root Me: The fast, easy, and affordable way to train your hacking skills. Root-me has a wide variety of challenges. CTFs, scripts, system, cracking, cryptanalysis, forensic, network, programming, realist, steganography, web-client, web-server.
https://exploit.education/ Exploit Education: (Formerly Exploit-exercises) Exploit education provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
https://www.hackthis.co.uk/ Hack This: Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis.
https://www.hackthissite.org/ : Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
http://www.try2hack.nl/ Try2Hack: (You will probably get a browser warning about the page not being secure not https) This site provides several security-oriented challenges for your entertainment. It is actually one of the oldest challenge sites still around. The challenges are diverse and get progressively harder.
https://www.hacking-lab.com/index.html Hacking Lab: Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense. One key initiative for Hacking-Lab is to foster an environment that creates cyber protection through education.
http://io.netgarage.org/ IO wargame:
http://smashthestack.org/wargames.html Smash The Stack - Wargaming Networking: The Smash the Stack Wargaming Network hosts several Wargames.
https://ctf.katsudon.org/ctf4u/ CTF Katsudon: Incredibly complete CTF collection and validation site. Baby, easy, medium easy, mediuam mediuam, mediuam hard and hard challenges awaits!
https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ Linux privilege escalation: A Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
https://github.com/gabemarshall/microctfs MicroCTFs: Small CTF challenges running on Docker
http://reversing.kr/ Reversing.kr: This site tests your ability to Cracking & Reverse Code Engineering. Now Challenge a problem for each environment. (Windows, Linux, .Net, Flash, Java, Python, Mobile..)
https://microcorruption.com/login Microcorruption: Web-based CTF focused in teaching assembly language and low-level debugging.
https://tuonilabs.wordpress.com/ Tuoni labs: Cyber security write-ups, exploits and intro about verious topics like ROP (Return Oriented Programming), web exploitation, binary exploitation, reverse engineering, OSCP…
Other compilations:
http://captf.com/practice-ctf/ Captf: List of CTF sites classified as recommended, others, meta, webapp, forensics, recruiting and paid. They also provide donloadable offline games and virtual machines you can download to train with. You can visit their main directory - http://captf.com to explore annual collections since 2004.
https://github.com/ctfs CTFS repo: Compilation of challenges and write-ups classified by year.
http://www.amanhardikar.com/mindmaps/Practice.html Amanhardikar’s mindmap: Penetration testing practice lab - vulnerable apps / systems. This one is huge as you will notice.
https://tiwim.github.io/pages/linklist.html Compilation of hacking sites covering a wide variety of topics:
https://razvioverflow.github.io/starthacking Razvioverflow
If you like this content and would like to see more, please consider buying me a coffee!
Site
Description
'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'. please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn't be your only purpose.
Challenge instances are directly accessible from the platform; no VPN or complicated setups are required. Rather than sharing challenges, every player controls their own unique instance. You can start, stop and restart your challenges at any time.
There are a lot of Capture The Flag (CTF) competitions in our days, some of them have excellent tasks, but in most cases they're forgotten just after the CTF finished. We decided to make some kind of CTF archive and of course, it'll be too boring to have just an archive, so we made a place, where you can get some another CTF-related info - current overall Capture The Flag team rating, per-team statistics etc
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
The warzone is an isolated network simulating the entire IPv4 Internet, on which all connected devices are targets to be hacked. Unlike other wargames, the warzone allows players to connect their own hackable servers or devices with any software they like, as long as it speaks IP.
Under the Wire trains experienced, developing, and novice Information Technologists to use Windows PowerShell in a variety of situations through innovative and fun wargames.
Our community offers you security challenges to learn and practice hacking. Our goal is to provide fun and unique challenges running in a real world environment, with no guessing and no simulation! Our challenges address several subsets of hacking, mostly oriented on the offensive. A multitude of technologies and architectures are waiting for you. Show us your mad skillz and pop some shells (or calcs)!