🧵A Practice Target SUPER Thread🧵
Offensive Security People!
Want to take your theory to live targets?
Need some resume filler?
Just want to keep fresh and practice?
Here's a thread of my favorite practice targets to recommend.
🚨Retweet, follow, & like for more! 🚨
1/
Offensive Security People!
Want to take your theory to live targets?
Need some resume filler?
Just want to keep fresh and practice?
Here's a thread of my favorite practice targets to recommend.
🚨Retweet, follow, & like for more! 🚨
1/
Here's a thread of my favorite practice targets to recommend to my students. It includes online, offline, and resources to guide you!
2/
2/
First, let's cover @hackthebox_eu
HTB is an epic resource with many free "boxes" to hack. Their paid tier offers a ton of retired boxes as well. Some with walkthroughs and now even an in-browser hacking box if you don't want to VPN to a target network...
3/
HTB is an epic resource with many free "boxes" to hack. Their paid tier offers a ton of retired boxes as well. Some with walkthroughs and now even an in-browser hacking box if you don't want to VPN to a target network...
3/
HTB has certificates and learning tracks too. Both netpen and web challenges.
Next...
4/
Next...
4/
@PentesterLab
PentesterLab has been one of my favorites for years. Louis goes out of his way to support the offensive security community and his labs are top-notch. PL has learning tracks and certificates you can earn as well...
5/
PentesterLab has been one of my favorites for years. Louis goes out of his way to support the offensive security community and his labs are top-notch. PL has learning tracks and certificates you can earn as well...
5/
PL is usually the 1st platform to have a practice box when a new named vulnerability comes out. Mostly web challenges.
6/
6/
@WebSecAcademy
Web Sec Academy by @PortSwigger (makers of @Burp_Suite ) is a VERY comprehensive lab environment for web testing. Over 200 exercises. It is also an excellent way to learn to use an interception proxy. It is also 100% free!
7/
Web Sec Academy by @PortSwigger (makers of @Burp_Suite ) is a VERY comprehensive lab environment for web testing. Over 200 exercises. It is also an excellent way to learn to use an interception proxy. It is also 100% free!
7/
@VulnHub
One of the best directories for crackmes and practice boxes you can test all on your own. Mostly VMs you can download and attempt to break into. 100% free. Contains over 200 network and web challenges.
One of the best directories for crackmes and practice boxes you can test all on your own. Mostly VMs you can download and attempt to break into. 100% free. Contains over 200 network and web challenges.
The scope of VWAD has some edge stuff that is interesting like cloud apps, mobile, and specific technologies. 100% free.
9/
9/
@RealTryHackMe
TryHackMe is a very beginner-friendly platform with challenges, both web, and network. They also have learning paths.
Often considered by users to be the best platform for starting.
10/
TryHackMe is a very beginner-friendly platform with challenges, both web, and network. They also have learning paths.
Often considered by users to be the best platform for starting.
10/
Github
Many NEWER hack challenges appear on GitHub after being launched at conferences or being open-sourced from a CTF. To keep your skills fresh you can do a search as simple as:
github.com
To find some cool projects sub with: "ctf" "hacking practice"
11/
Many NEWER hack challenges appear on GitHub after being launched at conferences or being open-sourced from a CTF. To keep your skills fresh you can do a search as simple as:
github.com
To find some cool projects sub with: "ctf" "hacking practice"
11/
@CTFtime
CTFTime is a tracker for all the world's CTFs. Often you can use this directory to look at finished CTFs, go to their website, and if challenges are still up, try them yourself. If you need help the CTF pages also collect writeups! ...
12/
CTFTime is a tracker for all the world's CTFs. Often you can use this directory to look at finished CTFs, go to their website, and if challenges are still up, try them yourself. If you need help the CTF pages also collect writeups! ...
12/
If the CTF challenges are not still up, look at the CTF web site and see if they open-source their challenges!
13/
13/
@Zseasno's Barker ++
Zseano offers a free methodology and some practice targets to exercise the skills taught in that at:
bugbountyhunter.com
In addition, in the pro version, "Barker" offers a well-thought-out practice target...
14/
Zseano offers a free methodology and some practice targets to exercise the skills taught in that at:
bugbountyhunter.com
In addition, in the pro version, "Barker" offers a well-thought-out practice target...
14/
It also teaches skills like reporting and chaining vulns, which are awesome for bug bounty hunters. Pro is a lifetime subscription and zseano often hacks with his community. A very interesting platform.
15/
15/
@AmanHardikar 's Mindmap of Targets
While a bit outdated, this mindmap has some of the self-hosted or free-hosted challenges broken down by technology type. Pay special attention to the cloud and mobile sections!
amanhardikar.com
16/
While a bit outdated, this mindmap has some of the self-hosted or free-hosted challenges broken down by technology type. Pay special attention to the cloud and mobile sections!
amanhardikar.com
16/
@Hacker0x01 CTF
26 challenges, free, related to web and mobile security. Completion also gets you some invites in the HackerOne platform!
17/
26 challenges, free, related to web and mobile security. Completion also gets you some invites in the HackerOne platform!
17/
Self-hosted vs VM vs Platforms:
One thing I like to remind people about self-hosted, free resources (vs platforms) is you learn A LOT by installing the challenges yourself & then hacking them.
You learn...
18/
One thing I like to remind people about self-hosted, free resources (vs platforms) is you learn A LOT by installing the challenges yourself & then hacking them.
You learn...
18/
You learn...
VM skills
webserver software
*nix
networking
and framework skills.
So don't sleep on the self-hosted options!
19/
VM skills
webserver software
*nix
networking
and framework skills.
So don't sleep on the self-hosted options!
19/
That's it for now, did I miss any of the greats?
✌🏻For more resources follow, retweet, & like!✌️
20/
✌🏻For more resources follow, retweet, & like!✌️
20/
in 14/ should be @zseano , formatting broke on copy-paste 😂
جاري تحميل الاقتراحات...