A really really long list (in no particular order) of training materials, CTFs and websites to test your skills.
Hack real, vulnerable web applications to learn how security exploits work. Learn about all of the major vulnerabilities that threaten your stack. Review concrete code samples illustrating the security flaws, and how to avoid them, in the major programming languages. Learn how prevalent, exploitable and dangerous each vulnerability is. See why secure coding practices are important in every step of the development cycle. Test your knowledge as you learn by taking quizzes on each topic.
There’s only one way to properly learn web penetration testing: by getting your hands dirty. We teach how to manually find and exploit vulnerabilities. Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated – we provide you real systems with real vulnerabilities.
Hack.me is a FREE, community based project powered by eLearnSecurity.
The community can build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online.
The platform is available without any restriction to any party interested in Web Application Security.
The most beginner-friendly way to get into hacking.
At Offensive Security we have a big mission: to empower the world to fight cyber threats by inspiring the Try Harder mindset.
The fast, easy, and affordable way to train your hacking skills.
https://www.hackthebox.eu A dynamically growing hacking community and take your cybersecurity skills to the next level through the most captivating, gamified, hands-on training experience!
A gamified platform for defenders to practice their skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting. Free and paid tiers available.
Hands-on, interactive cybersecurity training for free when you join the RangeForce Community Edition. Hone your skills with red and blue team training; Build competitive skills in a realistic environment; See NMap, Splunk, WireShark, and more in action; Complete 10 core modules to claim your first badge
Defend the Web is an interactive security platform where you can learn and challenge your skills. Try and complete all of our 60+ hacking levels. Learn from our series of articles covering all aspects of security. Articles will guide you through the essentials to get started. As you progress more complex topics will be introduced to build up your knowledge.
At CyberSecLabs, we aim to provide secure, high-quality training services that allow information security students the opportunity to safely learn and practice penetration testing skills. The free tier contains a few beginner and challenge labs to try out on the free server to get you started. In addition to that, all the CTF challenges are free.
Getting Started with Splunk for Security. The goal of this workshop is to provide a better understanding of how Splunk can be used to better answer security questions that may occur within your environment.
SocVel is a Blue Team CTF, aimed at those wanting to sharpen their skills in investigating cyber security incidents. The challenges require you to investigate and solve cyber incidents based on semi-realistic backstories.
CyberDefenders is a training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice, validate the skills they have, and acquire the ones they need. Challenges are free to play. Some training courses are free, and some are paid.
Game of Hacks by Checkmarx
This game was designed to test your application hacking skills. You will be presented with vulnerable pieces of code and your mission if you choose to accept it is to find which vulnerability exists in that code as quickly as possible
picoCTF is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts at Carnegie Mellon University.
Learn Security & Ethical Hacking. All the material in one spot that you need to become an ethical hacker and security expert. No more outdated materials from ancient torrents sitting untouched on a drive somewhere. We provide the best training available, coupled with the coaching and support you need to actually learn.
Ringzer0 provides advanced, hands-on training designed for cybersecurity professionals. Our instructors are top industry experts who offer technical deep dives into a range of core issues, including vulnerability research, exploitation, malware writing, red teaming and practical attacks. Free workshops available.
Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch them, pronto!
Byte-sized gamified lessons – Learning cyber security on TryHackMe is fun and addictive. Earn points by answering questions, taking on challenges and maintain your hacking streak through short lessons.
Become a bug bounty hunter – Learn about web application vulnerabilities and how to find them on bug bounty programs | BugBountyHunter.com
We aim to become your go to place for everything bug bounties. Learn how to test for security vulnerabilities on web applications with our various real-life web applications and gain the confidence to begin applying your newly found knowledge on bug bounty programs. Browse and digest security researcher tutorials, guides, writeups and let us help you on your journey.
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
To find out more about a certain wargame, just visit its page linked from the menu on the left.
There are a lot of Capture The Flag (CTF) competitions in our days, some of them have excelent tasks, but in most cases they’re forgotten just after the CTF finished. We decided to make some kind of CTF archive and of course, it’ll be too boring to have just an archive, so we made a place, where you can get some another CTF-related info – current overall Capture The Flag team rating, per-team statistics etc
The Lockitall devices work by accepting Bluetooth connections from the Lockitall LockIT Pro app. We’ve done the hard work for you: we spent $15,000 on a development kit that includes remote controlled locks for you to practice on, and reverse engineered enough of it to build a primitive debugger.
Most competitions are only online for a few days. The 247CTF is a continuous learning environment. Challenges are directly accessible from the platform; no VPN or setup required.
HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.
We are the Modern Warriors of secure code; not harbingers of security breaches. We are not just another scanning tool either – we take a human-led approach to giving developers the security skills they need. Maybe we’re more like proactive protectors of intuitive secure thinking? Or maybe that’s too much of a mouthful… Whatever it is, we’re about keeping developers inflow, so they can ship quality code faster.
VMs are made by the users for the users. We want to learn and to share knowledge while playing and sharing our passion. But we cannot guarantee that all VMs are safe so we strongly recommend to protect your network isolating your VM from the internal network. Keep in mind that the VMs has vulnerabilities and we dont know what made the author on the VM so take care!
exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.
1900+ Lab Exercises, Wide Coverage, New Labs Weekly
The Virtual Hacking Labs are for beginners and experts who want to learn and practice penetration testing in an easy accessible virtual lab environment.
A fun free platform for learning modern cryptography
HBH is a non-profit community designed to inform and teach web developers, system administrators and everyone else in between the various methods and tactics used by malicious hackers to access systems and sensitive information. With our hand-on style you will learn the methods and the steps you need to take to protect yourself, from our forum, articles and our simulated security challenges. Learn how hackers break in, and how to keep them out.
GitHub – appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training: Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
Breaking and Pwning Apps and Servers on AWS and Azure
‘pwnable.kr‘ is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’. please consider each of the challenges as a game. But, if you want to just study pwn-related stuffs, check out the video lectures.
Cyber Defence Exercises – This category includes network traffic from exercises and competitions, such as Cyber Defense Exercises (CDX) and red-team/blue-team competitions.
Cyber Detective CTF is an OSINT-focussed CTF created by the Cyber Society at Cardiff University
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities.
Being lightweight, fast, and scalable, Node.js is becoming a widely adopted platform for developing web applications. This project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.
The OSINT Dojo is a project that aims to guide those new to Open Source Intelligence (OSINT) through the first steps of their OSINT journey. The goal of this project is to provide those new to the OSINT field a number of free resources and simple challenges that build on one another to provide a simple road map for learning more about the field and polishing up related skills while also earning badges to show off your hard work.
Cyber Security Training
Malwareunicorn.org provides workshops and resources for reverse engineering in the infosec space. Workshop content is now available.
GitHub – bkimminich/juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!