Joe Shenouda is good known inwards Kingdom of the Netherlands equally “The Netdetective” who has extensive experience inwards IT, ICS & Information Security equally an international hands-on technical engineer, trainer, consultant & inquiry boyfriend alongside a successful tape inwards developing & leading technical corporate Cybersecurity programs for military machine & global organizations. He published a curated listing of hacking environments on github where you lot tin prepare your cyber skills legally together with safely. As nosotros all know, getting your hands on a security surroundings that is legal is super hard. So I call upwards this listing is smashing together with volition aid you lot inwards preparation your hacking together with cyber skills. 
For everyone inwards the Information Security business, it’s of import to empathise the enemy, the hacker. Understanding the enemy makes you lot the best defender you lot tin move to secure the digital world.
By knowing your enemy, you lot tin defeat your enemy.
In the USA, the most senior constabulary officers, fifty-fifty long subsequently their pension, are advising residents how to secure their homes better. They come upwards to your position together with enjoin you lot where your weak points are around the house. They tin suggest this because they KNOW their enemy, the criminal that wants to suspension into the position together with his techniques.
Training your cyber skills agency also keeping your hacking skills upwards to date. To do this, you lot ask an surroundings to practise in, legally together with safely.
For this purpose, Joe take away hold made a listing of websites you lot tin see together with practise your cyber skills. Every site has a dissimilar angle on the whole things together with he summarized that inwards a twain of words explaining its specifics.
Some sites volition offering you lot tutorials to aid you, others volition require you lot to uncovering things on your own.
Joe updates his github page regularly together with add together sites to his post service so bookmark it and/or follow me to come across the latest overview.
If you lot take away hold a site that Joe hasn’t listed, experience costless to contribute to his github page.
| Site name | Description |
|---|---|
| $natch competition | Remote banking scheme containing mutual vulnerabilities. |
| Arizona Cyber Warfare Range | The ranges offering an first-class platform for you lot to acquire figurer network laid on (CNA), figurer network defense forcefulness (CND), together with digital forensics (DF). You tin play whatever of these roles. |
| Avatao | More than 350 hands-on challenges (free together with paid) to master copy information technology security together with it’s growing twenty-four hours past times day. |
| BodgeIt Store | The BodgeIt Store is a vulnerable spider web application which is currently aimed at people who are novel to pen testing. |
| Bright Shadows | Training inwards Programming, JavaScript, PHP, Java, Steganography, together with Cryptography (among others). |
| Blackmore Ops | Large Collection of Guides on Hacking, Cracking together with Kali Linux related guides. |
| bWAPP | bWAPP, or a buggy spider web application, is a costless together with opened upwards source deliberately insecure spider web application. |
| Cyber Degrees | Free online cyber security Massive Open Online Courses (MOOCS). |
| Commix testbed | A collection of spider web pages, vulnerable to command injection flaws. |
| CryptOMG | CryptOMG is a configurable CTF vogue bear witness bed that highlights mutual flaws inwards cryptographic implementations. |
| Cyber Security Base | Cyber Security Base is a page alongside costless courses past times the University of Helsinki inwards collaboration alongside F-Secure. |
| Cybersecuritychallenge UK | Cyber Security Challenge Great Britain runs a serial of competitions designed to bear witness your cyber security skills. |
| CyberTraining 365 | Cybertraining365 has paid cloth but also offers costless classes. The link is directed at the costless classes. |
| Cybrary.it | Free together with Open Source Cyber Security Learning. |
| Damn Small Vulnerable Web | Damn Small Vulnerable Web (DSVW) is a deliberately vulnerable spider web application written inwards nether 100 lines of code, created for educational purposes. It supports the bulk of (most popular) spider web application vulnerabilities together alongside appropriate attacks. |
| Damn Vulnerable Android App | Damn Vulnerable Android App (DVAA) is an Android application which contains intentional vulnerabilities. |
| Damn Vulnerable Hybrid Mobile App | Damn Vulnerable Hybrid Mobile App (DVHMA) is a hybrid mobile app (for Android) that intentionally contains vulnerabilities. |
| Damn Vulnerable iOS App | Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. |
| Damn Vulnerable Linux | Damn Vulnerable Linux (DVL) is everything a expert Linux distribution isn’t. Its developers take away hold spent hours stuffing it alongside broken, ill-configured, outdated, together with exploitable software that makes it vulnerable to attacks. |
| Damn Vulnerable Router Firmware | The destination of this projection is to copy a real-world surroundings to aid people acquire virtually other CPU architectures exterior of the x86_64 space. This projection volition also aid people acquire into discovering novel things virtually hardware. |
| Damn Vulnerable Stateful Web App | Short together with simple vulnerable PHP spider web application that naïve scanners establish to move perfectly safe. |
| Damn Vulnerable Thick Client App | DVTA is a Vulnerable Thick Client Application developed inwards C# .NET alongside many vulnerabilities. |
| Damn Vulnerable Web App | Damn Vulnerable Web App (DVWA) is a PHP/MySQL spider web application that is damn vulnerable. Its principal goals are to move an assistance for security professionals to bear witness their skills together with tools inwards a legal environment, aid spider web developers improve empathise the processes of securing spider web applications together with assistance teachers/students to teach/learn spider web application security inwards a classroom environment. |
| Damn Vulnerable Web Services | Damn Vulnerable Web Services is an insecure spider web application alongside multiple vulnerable spider web service components that tin move used to acquire real-world spider web service vulnerabilities. |
| Damn Vulnerable Web Sockets | Damn Vulnerable Web Sockets (DVWS) is a vulnerable spider web application which plant on spider web sockets for client-server communication. |
| Damnvulnerable.me | A deliberately vulnerable modern-day app alongside lots of DOM-related bugs. |
| Dareyourmind | Online game, hacker challenge. |
| DIVA Android | Damn Insecure together with vulnerable App for Android. |
| EnigmaGroup | Safe security resource, trains inwards exploits listed inwards the OWASP Top 10 Project together with learn members the many other types of exploits that are establish inwards today’s applications. |
| ENISA Training Material | The EU Agency for Network together with Information Security (ENISA) Cyber Security Training. You volition uncovering preparation materials, handbooks for teachers, toolsets for students together with Virtual Images to back upwards hands-on preparation sessions. |
| exploit.co.il Vulnerable Web App | exploit.co.il Vulnerable Web app designed equally a learning platform to bear witness various SQL injection Techniques. |
| Exploit-exercises.com | exploit-exercises.com provides a variety of virtual machines, documentation together with challenges that tin move used to acquire virtually a variety of figurer security issues such equally privilege escalation, vulnerability analysis, exploit development, debugging, opposite engineering, together with full general cyber security issues. |
| ExploitMe Mobile | Set of labs together with an exploitable framework for you lot to hack mobile an application on Android. |
| Game of Hacks | This game was designed to bear witness your application hacking skills. You volition move presented alongside vulnerable pieces of code together with your mission if you lot take away to convey it is to uncovering which vulnerability exists inwards that code equally rapidly equally possible. |
| GameOver | Project GameOver was started alongside the objective of preparation together with educating newbies virtually the basics of spider web security together with educate them virtually the mutual spider web attacks together with aid them empathise how they work. |
| Gh0stlab | A security inquiry network where like-minded individuals could piece of job together towards the mutual destination of knowledge. |
| GoatseLinux | GSL is a Vmware icon you lot tin run for penetration testing purposes. |
| Google Gruyere | Labs that screen how an application tin move attacked using mutual spider web security vulnerabilities, similar cross-site scripting vulnerabilities (XSS) together with cross-site asking forgery (XSRF). Also, you lot tin uncovering labs how to find, fix, together with avoid these mutual vulnerabilities together with other bugs that take away hold a security impact, such equally denial-of-service, data disclosure, or remote code execution. |
| Gracefully Vulnerable Virtual Machine | Graceful’s VulnVM is VM spider web app designed to copy a simple eCommerce vogue website which is purposely vulnerable to a number of good know security issues unremarkably seen inwards spider web applications. |
| Hack The Box | Hack The Box is an online platform allowing you lot to bear witness your penetration testing skills together with central ideas together with methodologies alongside other members of similar interests. In guild to bring together you lot should solve an entry-level challenge. |
| Hack This Site | More than only some other hacker wargames site, Hack This Site is a living, breathing community alongside many active projects inwards development, alongside a vast pick of hacking articles together with a huge forum where users tin verbalize over hacking, network security, together with only virtually everything. |
| Hack Yourself First | This class is designed to aid spider web developers on all frameworks position risks inwards their ain websites earlier attackers do together with it uses this site extensively to demonstrate risks. |
| Hack.me | Hack.me aims to move the largest collection of “runnable” vulnerable spider web applications, code samples together with CMS’s online. The platform is available without whatever restriction to whatever political party interested inwards Web Application Security. |
| Hackademic | Offers realistic scenarios total of known vulnerabilities (especially, of course, the OWASP Top Ten) for those trying to practise their laid on skills. |
| Hackazon | A modern vulnerable spider web app. |
| Hackertest.net | HackerTest.net is your ain online hacker simulation alongside 20 levels. |
| Hacking-Lab | Hacking-Lab is an online ethical hacking, figurer network together with security challenge platform, dedicated to finding together with educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF together with mission vogue challenges for the European Cyber Security Challenge alongside Austria, Germany, Switzerland, UK, Spain, Romania together with provides costless OWASP TOP 10 online security labs. |
| HackSys Extreme Vulnerable Driver | HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to acquire together with smoothen their exploitation skills at Kernel level. |
| HackThis!! | Test your skills alongside 50+ hacking levels, roofing all aspects of security. |
| Hackxor | Hackxor is a spider web app hacking game where players must locate together with exploit vulnerabilities to progress through the story. Think WebGoat but alongside a plot together with a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc. |
| Halls of Valhalla | Challenges you lot tin solve. Valhalla is a position for sharing cognition together with ideas. Users tin submit code, equally good equally science, technology, together with engineering-oriented word together with articles. |
| Hax.Tor | Provides numerous interesting “hacking” challenges to the user. |
| Hellbound Hackers | Learn a hands-on approach to figurer security. Learn how hackers suspension in, together with how to decease on them out. |
| Holynix | Holynix is a Linux VMware icon that was deliberately built to take away hold security holes for the purposes of penetration testing. |
| HSCTF3 | HSCTF is an international online hacking contest designed to educate high schoolers inwards figurer science. |
| Information Assurance Support Environment (IASE) | Great site alongside Cybersecurity Awareness Training, Cybersecurity Training for information technology Managers, Cybersecurity Training for Cybersecurity Professionals, Cybersecurity Technical Training, NetOps Training, Cyber Law Awareness, together with FSO Tools Training available online. |
| InfoSec Institute | Free CISSP Training course. |
| ISC2 Center for Cyber Safety together with Education | Site to empower students, teachers, together with whole communities to secure their online life through cyber security instruction together with awareness alongside the Safe together with Secure Online educational program; data security scholarships; together with manufacture together with consumer research. |
| Java Vulnerable Lab | Vulnerable Java based Web Application. |
| Juice Shop | OWASP Juice Shop is an intentionally insecure spider web app for security preparation written only inwards Javascript which encompasses the entire OWASP Top Ten together with other severe security flaws. |
| Kioptrix VM | This vulnerable automobile is a expert starting signal for beginners. |
| LAMPSecurity Training | LAMPSecurity preparation is designed to move a serial of vulnerable virtual automobile images along alongside complementary documentation designed to learn Linux,apache,PHP,MySQL security. |
| Magical Code Injection Rainbow | The Magical Code Injection Rainbow! MCIR is a framework for edifice configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds. |
| McAfee HacMe Sites | Search the page for HacMe together with you’ll uncovering a suite of learning tools. |
| Metasploit Unleashed | Free Ethical Hacking Course. |
| Metasploitable 3 | Metasploitable3 is a VM that is built from the Earth upwards alongside a large number of security vulnerabilities. |
| Microcorruption CTF | Challenge: given a debugger together with a device, uncovering an input that unlocks it. Solve the flat alongside that input. |
| Morning Catch | Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate together with learn virtually targeted client-side attacks together with post-exploitation. |
| Moth | Moth is a VMware icon alongside a laid of vulnerable Web Applications together with scripts. |
| Mutillidae | OWASP Mutillidae II is a free, opened upwards source, deliberately vulnerable spider web application providing a target for web-security enthusiast. |
| MysteryTwister C3 | MysteryTwister C3 lets you lot solve crypto challenges, starting from the simple Caesar cipher all the way to modern AES, they take away hold challenges for everyone. |
| National Institutes of Health (NIH) | Short courses on Information Security together with Privacy Awareness. They take away hold a department for executives, managers together with information technology Administrators equally well. |
| OpenSecurityTraining.info | OpenSecurityTraining.info is dedicated to sharing preparation cloth for figurer security classes, on whatever topic, that are at to the lowest degree i twenty-four hours long. |
| Overthewire | The wargames offered past times the OverTheWire community tin aid you lot to acquire together with practise security concepts inwards the shape of fun-filled games. |
| OWASP Broken Web Applications Project | OWASP Broken Web Applications Project is a collection of vulnerable spider web applications that is distributed on a Virtual Machine. |
| OWASP GoatDroid | OWASP GoatDroid is a fully functional together with self-contained preparation surroundings for educating developers together with testers on Android security. GoatDroid requires minimal dependencies together with is ideal for both Android beginners equally good equally to a greater extent than advanced users. |
| OWASP iGoat | iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). |
| OWASP Mutillidae II | OWASP Mutillidae II is a free, opened upwards source, deliberately vulnerable web-application providing a target for web-security enthusiast. |
| OWASP Security Shepherd | The OWASP Security Shepherd projection is a spider web together with mobile application security preparation platform. |
| OWASP SiteGenerator | OWASP SiteGenerator allows the creating of dynamic websites based on XML files together with predefined vulnerabilities (some simple, some complex) roofing .Net languages together with spider web evolution architectures (for example, navigation: Html, Javascript, Flash, Java, etc…). |
| Pentest.Training | Pentest.Training offers a fully surgical physical care for penetration testing lab which is always increasing inwards size, complexity together with diversity. The lab has a fully surgical physical care for Windows domain alongside various Windows OS’s. There is also a pick of Boot2Root Linux machines to practise your CTF together with escalation techniques together with finally, pre-built spider web application preparation machines. |
| Pentesterlab | This exercise explains how you lot can, from a SQL injection, gain access to the direction console, together with so inwards the direction console, how you lot tin run commands on the system. |
| Pentestit.ru | Pentestit.ru has costless labs that emulate existent information technology infrastructures. It is created for practicing legal pen testing together with improving penetration testing skills. OpenVPN is required to connect to the labs. |
| Peruggia | Peruggia is designed equally a safe, legal surroundings to acquire virtually together with attempt mutual attacks on spider web applications. Peruggia looks similar to an icon gallery but contains several controlled vulnerabilities to practise on. |
| PicoCTF | picoCTF is a figurer security game targeted at middle together with high schoolhouse students. The game consists of a serial of challenges centered around a unique storyline where participants must opposite engineer, break, hack, decrypt, or do whatever it takes to solve the challenge. |
| Professor Messer | Good costless preparation video’s, non only on Security but on CompTIA A+, Network together with Microsoft related equally well. |
| Puzzlemall | PuzzleMall – Influenza A virus subtype H5N1 vulnerable spider web application for practicing session puzzling. |
| Pwnable.kr | ‘pwnable.kr’ is a non-commercial wargame site which provides various pwn challenges regarding scheme exploitation. patch playing pwnable.kr, you lot could learn/improve scheme hacking skills but that shouldn’t move your only purpose. |
| Pwnos | PwnOS is a vulnerable past times pattern OS .. together with in that place are many ways you lot tin hack it. |
| Reversing.kr | This site tests your mightiness to Cracking & Reverse Code Engineering. |
| Ringzero | Challenges you lot tin solve together with gain points. |
| Risk3Sixty | Free Information Security preparation video, an data security exam together with the exam answer key. |
| Root Me | Hundreds of challenges together with virtual environments. Each challenge tin move associated alongside a multitude of solutions so you lot tin learn. |
| RPISEC/MBE | Modern Binary Exploitation Course materials. |
| RPISEC/Malware | Malware Analysis Course materials. |
| SANS Cyber Aces | SANS Cyber Aces Online makes available, costless together with online, selected courses from the professional person evolution curriculum offered past times The SANS Institute, the global leader inwards cyber security training. |
| Scene One | Scene One is a pen testing scenario liveCD made for a combat of fun together with learning. |
| SEED Labs | The SEED projection has labs on Software, Network, Web, Mobile together with System security together with Cryptography labs. |
| SentinelTestbed | Vulnerable website. Used to bear witness scout features. |
| SG6 SecGame | Spanish language, vulnerable GNU/Linux systems. |
| SlaveHack | My personal favorite: Slavehack is a virtual hack simulation game. Great for starters, I’ve seen kids inwards uncomplicated schoolhouse playing this! |
| SlaveHack 2 BETA | Slavehack 2 is a sequel to the original Slavehack. It’s also a virtual hack simulation game but you lot volition uncovering features much closer to today’s Cyber reality. |
| Smashthestack | This network hosts several dissimilar wargames, ranging inwards difficulty. Influenza A virus subtype H5N1 wargame, inwards this context, is an surroundings that simulates software vulnerabilities together with allows for the legal execution of exploitation techniques. |
| SocketToMe | SocketToMe SocketToMe is lilliputian application for testing spider web sockets. |
| SQLI labs | SQLI labs to bear witness fault based, Blind boolean based, Time based. |
| Sqlilabs | Lab set-up for learning SQL Injection Techniques. |
| SQLzoo | Try your Hacking skills against this bear witness system. It takes you lot through the exploit step-by-step. |
| Stanford SecuriBench | Stanford SecuriBench is a laid of opened upwards source real-life programs to move used equally a testing Earth for static together with dynamic security tools. Release .91a focuses on Web-based applications written inwards Java. |
| The ButterFly – Security Project | The ButterFly projection is an educational surroundings intended to give an insight into mutual spider web application together with PHP vulnerabilities. The surroundings also includes examples demonstrating how such vulnerabilities are mitigated. |
| ThisIsLegal | A hacker wargames site but also alongside much more. |
| Try2Hack | Try2hack provides several security-oriented challenges for your entertainment. The challenges are various together with acquire progressively harder. |
| UltimateLAMP | UltimateLAMP is a fully functional surroundings allowing you lot to easily attempt together with evaluate a number of LAMP stack software products without requiring whatever specific setup or configuration of these products. |
| Vicnum | Vicnum is an OWASP projection consisting of vulnerable spider web applications based on games unremarkably used to kill time. These applications demonstrate mutual spider web security problems such equally cross-site scripting, SQL injections, together with session direction issues. |
| Vulnhub | An extensive collection of vulnerable VMs alongside user-created solutions. |
| Vulnix | A vulnerable Linux host alongside configuration weaknesses rather than purposely vulnerable software versions. |
| Vulnserver | Windows-based threaded TCP server application that is designed to move exploited. |
| W3Challs | W3Challs is a penetration testing preparation platform, which offers various figurer challenges, inwards categories related to security |
| WackoPicko | WackoPicko is a vulnerable spider web application used to bear witness spider web application vulnerability scanners. |
| Web Attack together with Exploitation Distro | WAED is pre-configured alongside various real-world vulnerable spider web applications inwards a sandboxed environment. It includes pen testing tools equally well. |
| Web Security Dojo | Web Security Dojo is a preconfigured, stand-alone preparation surroundings for Web Application Security. |
| WebGoat | WebGoat is a deliberately insecure spider web application maintained past times OWASP designed to learn spider web application security lessons. You tin install together with practise alongside WebGoat. |
| Wechall | Focussed on offering computer-related problems. You volition uncovering Cryptographic, Crackit, Steganography, Programming, Logic together with Math/Science. The difficulty of these challenges varies equally well. |
| XSS-game | In this preparation program, you lot volition acquire to uncovering together with exploit XSS bugs. You’ll usage this cognition to confuse together with infuriate your adversaries past times preventing such bugs from happening inwards your applications. |
| XVWA | XVWA is a badly coded spider web application written inwards PHP/MySQL that helps security enthusiasts to acquire application security. |
Contributors
Buat lebih berguna, kongsi:
