Skip to content

Smithech/awesome-hacking-training

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
.github/workflows
.github/workflows
 
 
assets
assets
 
 
README.md
README.md
 
 
code-of-conduct.md
code-of-conduct.md
 
 
contributing.md
contributing.md
 
 
license
license
 
 

Repository files navigation

Awesome Hacking Training Awesome

Platforms and resources for practicing cybersecurity and penetration testing skills in legal environments.

Contents

API

  • crAPI - A modern platform built on a microservices architecture that helps you understand the ten most critical API security risks. An OWASP project.
  • vAPI - An API built with PHP and MySQL that simulates OWASP API Top 10 scenarios through practical exercises.
  • VAmPI - A vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs.
  • VulnerableApp4APISecurity - An API developed using .NET 7.0 and MongoDB, based on the findings listed in the OWASP 2019 API Security Top 10.

Blue Team and DFIR

Capture The Flag - CTF

  • 247CTF - A continuous learning environment. New challenges are added monthly, to enable you to continuously learn, hack and improve.
  • CTF365 - A real life cyber range where you build their own servers and defend them while attacking other servers.
  • CTF Learn - Test your skills by hacking your way through hundreds of challenges, and learn cybersecurity in community.
  • CTF Time - It is a kind of archive about CTF competitions.
  • Google CTF - Team competitions that consist of a set of computer security challenges involving reverse-engineering, memory corruption, cryptography, web technologies, and more.
  • Hacking Hub - Carefully crafted environments based on real vulnerabilities, released pentests and bug bounty findings.
  • Microctfs - Small CTF challenges running on Docker.
  • RingZer0 Team Online CTF - This CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.

Championships

  • European Cybersecurity Challenge - An initiative by the European Union Agency for Cybersecurity (ENISA) and aims at enhancing cybersecurity talent across Europe and connecting high potentials with industry leading organizations.
  • OAS Cyber Americas Cup - Regional initiative organized by the Cybersecurity Section of the CICTE of the Organization of American States (OAS), with the support of Hackrocks.
  • PicoCTF - Provides cyber security education content for learners of all skill levels from six domains of cybersecurity including general skills, cryptography, web exploitation, forensics, binary exploitation and reversing.
  • SANS Holidays Hack Challenges - Free, high-quality, and super fun hands-on cybersecurity challenges designed for all skill levels.
  • Swiss Hacking Challenge - The Swiss Hacking Challenge (SHC), is the annual National Hacking Championship of Switzerland.

Cloud

  • CYBR - Learn AWS security by attacking and defending cloud environments.
  • Flaws - Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
  • BlackSky - Cloud labs by Hack The Box for learning offensive and defensive security.

Cryptography

  • CryptoHack - Learn about modern cryptography by solving a series of interactive puzzles and challenges.
  • The Cryptopals Crypto Challenges - A collection of 48 exercises derived from weaknesses in real-world systems and modern cryptographic constructions.

Operating Systems

  • Lin.Security - A Linux VM (Ubuntu 18.04 LTS) that suffers from a number of vulnerabilities that allow a user to escalate to root on the box.
  • Metasploitable 2 - An intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
  • Metasploitable 3 - VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
  • VulnHub - A catalogue of 'stuff' that is legally 'breakable, hackable & exploitable' - allowing you to learn in a safe environment and practise 'stuff' out.
  • Vulnserver - A Windows based threaded TCP server application that is designed to be exploited.

Platforms to Improve Hacking Skills

  • Atenea - Cybersecurity platform that presents a number of challenges in Cryptography and Steganography, Exploiting, Forensics, Networking, and Reversing.
  • Exploit.education - Provides a variety of resources to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cybersecurity topics.
  • Hack The Box - Cybersecurity training platform, includes academy, labs, CTFs, and job board.
  • Hack The Site - A free training ground to test and expand their ethical hacking skills with challenges, CTFs, and more.
  • Hacker 101 - A platform for learn in web hacking and bug bounties.
  • Hackviser - A cybersecurity upskilling platform with training, scenarios, labs, and warm-ups.
  • Newbie Contest - Tailored cybersecurity upskilling platform for all levels.
  • Over The Wire - The wargames can help you to learn and practice security concepts.
  • PentesterLab - Platform for learning and help level up skill on Web Hacking.
  • Pwnable.kr - Provides various pwn challenges regarding system exploitation. You need some skills regarding programming, reverse-engineering, bug exploitation, system knowledge, cryptography.
  • Pwnable.tw - Wargame site to test and expand binary exploitation skills.
  • Root Me - It offers challenges on various cybersecurity and CTF topics, and a community to contribute and discuss.
  • Smash The Stack - An ethical hacking environment that simulates real-world software vulnerabilities to test skills, and abilities in reverse engineering, web app pen-testing, software exploitation, and much more.
  • Try Hack Me - Learn by following a structured paths and reinforce your skills in a real-world environment by completing guided, objective-based tasks and challenges.
  • Vulnmachines - A platform where you can get a hands-on experience of various skills in different cybersecurity categories.
  • W3Challs - Security challenges to learn and practice hacking in cryptography, forensics, miscellaneous topics, pwning, reverse engineering, and web security.
  • WebSploit Labs - Includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux or Parrot Security OS.

Reverse Engineering

  • Crackmes - This is a simple place where you can download crackmes to improve your reverse engineering skills.
  • Nightmare - Introductory course to binary exploitation/reverse engineering based on CTF (Capture The Flag) challenges.
  • Reverse Engineering Challenges - Reverse engineering exercises that include different architectures and operating systems.

Specific Techniques and Vulnerabilities

  • alert(1) to win - A place for practicing XSS, in particular filter bypassing. It requires familiarity of JavaScript and URL encoding / HTML encoding.
  • DomGoat - DOM Security learning platform with different levels, each level targetting on different sources and sinks.
  • ROP Emporium - Learn return-oriented programming (ROP) through a series of challenges.
  • XSS Game - In this training program, you will learn to find and exploit XSS bugs.

Web Applications

  • bWAPP - A PHP application with over 100 web vulnerabilities. It covers all major known web bugs, including all risks from the OWASP Top 10 project.
  • DVWA - A PHP/MariaDB web application that is intentionally vulnerable, designed to help users test their skills and tools while enabling web developers to better understand how to secure web applications.
  • Hacksplaining - A platform to learn about major vulnerabilities affecting the technology stack and to practice hacking real vulnerable applications to understand how attacks work.
  • OWASP Mutilliadae II - An open-source web application intentionally designed with vulnerabilities for educational and security testing purposes.
  • OWASP Security Shepherd - A highly configurable web application security training platform that can be used by a single local user, in a competitive classroom environment, or in an online hacking competition.
  • Samurai Web Training Framework - A framework designed for quickly configuring training virtual machines with tools and vulnerable application targets.
  • Vulnerable Web Application - A website designed for those interested in web penetration testing, featuring challenges such as command execution, file inclusion, file upload, SQL injection, and XSS.
  • WebGoat - A project maintained by OWASP designed to teach web application security lessons and demonstrate of common server-side application flaws.
  • Web Security Academy - Free online web security training from the creators of Burp Suite, featuring interactive labs and progress tracking.
  • Web Security Dojo - A open-source self-contained training environment for Web Application Security penetration testing.
  • XVWA - A web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Learning resources

Contributing

Your contributions and suggestions are heartily welcome. Please check the Contributing Guidelines for more details.

About

A curated list of awesome security and hacking training platforms and resources.

Topics

awesome hacking cybersecurity awesome-list learning-resources learning-labs

Resources

Readme

License

CC0-1.0 license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

23 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors