Ready to Start Your Career?

Favorite VMs To Practice On

Author's profile image

January 1, 2016

Damn Vulnerable Web App -great to learn webapp engagements https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/ Damn Vulnerable Linux https://www.vulnhub.com/entry/damn-vulnerable-linux-dvl-15-infectious-disease,1/ Great resource for several different VMs to practice against https://www.vulnhub.com/ https://www.hacking-lab.com/index.html There are VMs of varying difficulties here and they even have walk-through if you get stuck. I have included a link on how to build such a lab. https://phoenixts.com/blog/how-to-build-a-virtual-lab-to-hack-computers-legally/ or https://resources.infosecinstitute.com/hacking-lab/#gref This is a great way to improve your skills LEGALLY and get familiar with tools, which we use for day to day work. Those are some good resources. I would also suggest Metasploitable which is an intentionally vulnerable OS designed for use when you are learning to use Metasploit. https://information.rapid7.com/metasploitable-download.html Metasploitable,Metasploitable2, and Metasploitable 3 all very good and there is a walk-through case if anyone gets stuck. Metasploitalbe 3 does require that you build it yourself but there is a howto and it's a Windows 2008 server, so you can practice for Windows! https://github.com/rapid7/metasploitable3 ( Download and build VM instructons) https://tehaurum.wordpress.com/2015/06/13/metasploitable-walkthrough-an-exploitation-guide/ (metasploitalbe) https://goo.gl/EnzHs3 (metasploitable 2) https://two06.blogspot.com/2016/12/metasploitable-3-walkthrough.html (Metasploitalbe 3) I hope this helps as it will give a safe environment for practicing and testing. I am just going to add good lab resources here so homemade lab references can be aggregated in one location. That said I came across a lab for pivoting. http://resources.infosecinstitute.com/pivoting-exploit-system-another-network/ What is pivoting? Pivoting is when for example you land on a client side computer then you use that machine as a launchpad to attacking other network assets. The following is a more detailed example and helps bring the idea home as well as shows examples http://www.blackhillsinfosec.com/?p=4888
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry