Ready to Start Your Career?
January 1, 2016
Online Pen Testing Practice Sites
January 1, 2016
For anyone looking for a way to practice your new pen testing skills, the article below has an updated list of online sites which actually allow and encourage you to practice on their site (within limits). https://www.checkmarx.com/2016/12/04/15-vulnerable-sites-legally-practice-hacking-skills-2016-update/ The link below has a LOT more pen testing options, though it doesn't have much of a description for each link. https://www.amanhardikar.com/mindmaps/PracticeUrls.html Nooice. I'll check some of these out here once I get a free minute. Thanks, Paul! If the links above aren't enough to keep everyone busy, the link below is a group of bookmarks for pen testing sites which someone else has compiled. The site is a few years old, but a spot check shows that there are still a lot of good active sites available. The topics covered include the following: \* Hacker Media, including: - blogs - forums - magazines - videos \* Methodologies \* OSINT, including: - Presentations - People and Organizational - Infrastructure \* Exploits and Advisories \* Cheatsheets and Syntax \* Distros \* Labs \* Exploitation Intro \* Reverse Engineering & Malware \* Passwords and Hashes \* MiTM \* Tools \* Training/Classes \* Web Vectors https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki Cool! How practical this would be If you want to get hands-on experience with pen testing, sites like this can be a great way to gain experience. With the large variety of sites available, you can practice just about anything you want to learn. Running your own systems in a virtual PC is one of the better ways to practice since you have complete control over the system you are attacking and don't have to worry about damaging something you shouldn't. There are virtual systems which you can download (such as Metasploitable) which are intentionally unpatched and misconfigured to make it easier to find things to exploit. A real production computer will hopefully be fully patched and have better protections, so it should be harder to attack. However, also in real life people often don't patch all of their systems on a timely manner. but needed more clearer prospect to go for real looking pentest because general thing not exist in real professional world. Network pentesting and web pentesting Here is another useful link to a lot of Capture The Flag (CTF) sites. The nice thing about this one is that not only does it have links to a lot of CTF sites (57 currently), but it also keeps track of your progress on the different sites. If you like a little competition as motivation, you can see how well you are doing in comparison with others on those sites. https://www.wechall.net/ I just registered with them yesterday, so I'm currently tied for last place (# 35251) in their rankings! One of the better ones I've seen: https://www.hackthebox.eu/ @robicus -- I agree, HackTheBox is one of the better sites. It is one of the many linked on the https://www.wechall.net/ site. Nice sites, very useful. eLearnSecurity has free monthly Sand Box type Pen Tests - like this one: http://s73739-103438-jht.sipontum.hack.me/index.html If you have a LinkedIn acct - add them to get notified when a new one is loaded.... Thanks very intresting!