I recently passed my SANS GPEN 560 pen testing certification. And i am currently studying for the OSCP. These gave me a great baseline but I wanted to keep learning and developing skills.
CTF’s are a legal way to test your hacking skills against realistic targets without breaking the law.
They have become common place at Security Conferences and in the community. Three of note to me are:
https://vulnhub.com – This site maintains a large collection of community provided Virtual Machines that you can run and practice against on your own hardware.
https://vulnhub.com – This site runs a collection of community provided Virtual Machines. They are all hosted on remote servers and you can access them via a VPN. This platform is free for the busy VPN or £10 a month for a VIP VPN that has a max number of users. Bonus here is that all VM’s are assigned points and you are ranked against your peers.
https://lab.pentestit.ru/ – This site is a full on virtual corporate network. You have to breach a firewall and pivot your way through the systems. Starts easy and gets progressively harder. The free tier gives you access to the latest lab. Paid versions give you archived access.
This page will track the CTFs I have attempted and the write ups for each I have found the time to write.
- SANS Christmas Challenge 2016
- VulnHub Breach
- VulnHub Breach 2.1
- VulnHub Breach 3.0.1
- VulnHub IMF
- VulnHub MrRobot
- VulnHub Necromancer
- VulnHub Orcus
- VulnHub Quaoar
- VulnHub Sedna
- VulnHub Stapler
- CTF Securi-Tay
- VulnHub DonkeyDocker
- VulnHub Proteus