Practice
OSCP Like VMs:
JSONSec OSCP prep list: https://docs.google.com/spreadsheets/d/1wW2EOeUo5EkgePheuBfqeUh6Zuh4sPnYVwb7KusoSqc/edit#gid=0
Practice Arena:
Root-me web challenge
HackTheBox https://www.hackthebox.eu
Vulnhub https://www.vulnhub.com
Practical Pentest Labs https://practicalpentestlabs.com
Labs Wizard Security https://labs.wizard-security.net
Pentestlab https://pentesterlab.com/
Hackthis https://www.hackthis.co.uk
Shellter https://shellterlabs.com/pt/
Root-Me https://www.root-me.org/
Zenk-Security https://www.zenk-security.com/epreuves.php
W3Challs https://w3challs.com/
NewbieContest https://www.newbiecontest.org/
The Cryptopals Crypto Challenges https://cryptopals.com/
Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html
alert(1) to win https://alf.nu/alert1
Hacksplaining https://www.hacksplaining.com/exercises
Hacker101 https://ctf.hacker101.com
Academy Hackaflag https://academy.hackaflag.com.br/
PentestIT LAB https://lab.pentestit.ru
Hacker Security https://capturetheflag.com.br/
PicoCTF https://picoctf.com
Exploitation Education https://exploit.education/
Root in Jail http://ctf.rootinjail.com
CMD Challenge https://cmdchallenge.com
Try Hack Me https://tryhackme.com/
Hacking-Lab https://www.hacking-lab.com/index.html
PWNABLE https://pwnable.kr/play.php
Google CTF https://capturetheflag.withgoogle.com/
ImmersiveLabs https://immersivelabs.com/
Attack-Defense https://attackdefense.com/
OverTheWire http://overthewire.org
SANS Challenger https://www.holidayhackchallenge.com/
SmashTheStack http://smashthestack.org/wargames.html
https://microcorruption.com/login (Very good interactive interface, introduces low-level reverse engineering in an MSP430)
https://learn.abctf.xyz (New platform for learning CTF, with challenges created by the users themselves)
Others https://backdoor.sdslabs.co/ http://smashthestack.org/wargames.html http://hackthecause.info/ http://bright-shadows.net/ http://www.mod-x.co.uk/main.php http://scanme.nmap.org/ http://www.hackertest.net/ http://net-force.nl/ http://securityoverride.org/ It teaches good concepts, but some things are not realistic (like stored strings identical to the input) http://www.wechall.net/sites.php (great list of challenges) http://ctf.forgottensec.com/wiki/ (Good Wiki about CTFs) http://repo.shell-storm.org/CTF/ (Great archive of CTFs) Specific CTFs related to web applications http://demo.testfire.net/ http://wocares.com/xsstester.php http://crackme.cenzic.com/ http://test.acunetix.com/ http://zero.webappsecurity.com/ Forensic Specific Challenges http://computer-forensics.sans.org/community/challenges http://computer-forensics.sans.org/community/challenges http://forensicscontest.com/ Recruiting https://www.praetorian.com/challenges/pwnable/ http://rtncyberjobs.com/ http://0x41414141.com/ Paid Training http://heorot.net/ Offline challenges for download http://www.badstore.net/ http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project http://www.owasp.org/index.php/Owasp_SiteGenerator Damn Vulnerable Web App Stanford SecureBench Micro http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Vulnerable Virtual Machines https://pentesterlab.com/exercises/ http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ Damn Vulnerable Linux (Mirror)
Last updated