Man
Professional
- Messages
- 2,965
- Reaction score
- 488
- Points
- 83
We will tell you about 5 popular platforms where you can legally hone your skills.
Hello everyone, dear friends!
Hacking is a field where theory alone won't get you far. Only practice will give you real experience and help you consolidate the knowledge you've gained.
Today we decided to tell you about 5 popular platforms where you can legally hone your skills.
Let's get started!
For example, to hack Wi-Fi, if you are running Kali Linux in a virtual machine, you will need an external USB Wi-Fi adapter. Similarly, to hack RFID, you will need a proper RFID kit with a scanner and key cards.
So, there are several directions that a particular resource offering hacking practice can follow. Usually, all of them can be attributed to one of three large sections:
To maintain the enthusiasm of security guards who came to such resources, the owners often offer them bonuses for completing each type of task, which can be expressed in "pluses to karma", which is visible in the player's profile and in the "Hall of Fame". A place in such a top can then become a good help at an interview.
Well, now let's take a closer look at the largest and most famous sites where you can hone your skills...
The BurpSuite developers now offer a free training that includes tutorials and practical tasks for each of the vulnerabilities commonly found on modern websites. Once you prove your skills, you can compete with other participants. They also have a HOF for experienced hackers.
Over the past few years, Hack The Box has become extremely popular among security researchers of all stripes: it features a user-friendly web interface for managing active virtual machine instances, responsive technical support, and, most importantly, new vulnerable machines containing the latest vulnerabilities are regularly added.
The free version only offers access to "live" cars, old cars and step-by-step guides are available with a paid subscription.
HackThisSite is universal. The hacking tasks on this site are called “missions” and are classified as follows:
As stated on hackthissite.org:
“You have to tune into the hacker underground and get involved in the project.
PnetesterLabs is one of the largest platforms that contains tutorials and practice on a very wide range of vulnerabilities (XSS, SQLi, XXE, CSRF, SAML, cross-site leak, etc.).
However, access to quality content on the site will cost you a pretty penny. During certain promotions, courses can be purchased for as little as 25% of the original price.
The site contains various articles, tutorials, and has its own forum.
Here you can practice hacking websites, emails and various software. You can also learn steganography and even social engineering.
One of the biggest advantages of VulnHub is the huge number of virtual reality write-ups available online and the absence of any restrictions on their publication (Hack The Box, for example, imposes a time frame during which there is a ban on posting walkthroughs online - otherwise, there is a risk of getting banned if you publish under your nickname).
The large selection of machines and writeups make VulnHub a great starting point for people who don't know where to begin their first steps in hacking.
That's all for today. Thank you for your attention!
Hello everyone, dear friends!
Hacking is a field where theory alone won't get you far. Only practice will give you real experience and help you consolidate the knowledge you've gained.
Today we decided to tell you about 5 popular platforms where you can legally hone your skills.
Let's get started!
Introduction
To master most of the skills in practice, you will only need a computer with Internet access. However, to practice some of them, you may need additional equipment, such as Wi-Fi adapters and various controllers.For example, to hack Wi-Fi, if you are running Kali Linux in a virtual machine, you will need an external USB Wi-Fi adapter. Similarly, to hack RFID, you will need a proper RFID kit with a scanner and key cards.
So, there are several directions that a particular resource offering hacking practice can follow. Usually, all of them can be attributed to one of three large sections:
- CTF tasks - the well-known Capture the Flag, which is a separate task on a specific topic. Usually there are such categories as Reverse, Exploit (or PWN), Web, Crypto, Stego, Forensics, OSINT and Misc. A little less often, PPC (competitive programming) is added to them. The process of completing such a task is quite straightforward: you download the files included in the task to your machine, find the flag, enter it on the resource and get your reward.
- Vulnerable virtual machines are a more realistic test that involves hacking a known vulnerable host. The ultimate goal is to gain control over a privileged account on the system. Evidence of the final capture of the machine is usually the ability to read files (also containing a kind of "flag") available to users with the appropriate privileges. The process of passing such a virtual machine varies depending on the structure of the platform itself, where the vulnerable host resides: these can be either "live" hosts that are currently directly online on the platform's servers (online labs), or downloadable images for independent launch in a virtual environment.
- Virtual local area networks are typically virtual Active Directory forests where participants are required to capture a controller and gain a foothold in the network. During the course, a variety of methods can be used to advance through the infrastructure: from competitive intelligence and phishing to exploiting 0-day vulnerabilities. The complexity of completing such tasks is comparable to real cases, and often even exceeds them. Access to such labs is usually paid, and their services can be most useful to people preparing for professional certifications such as OSCP.
To maintain the enthusiasm of security guards who came to such resources, the owners often offer them bonuses for completing each type of task, which can be expressed in "pluses to karma", which is visible in the player's profile and in the "Hall of Fame". A place in such a top can then become a good help at an interview.
Well, now let's take a closer look at the largest and most famous sites where you can hone your skills...
1. PortSwigger Web Security Academy Labs
You must have heard of BurpSuite, a tool used for penetration testing (hacking) web applications (websites).
The BurpSuite developers now offer a free training that includes tutorials and practical tasks for each of the vulnerabilities commonly found on modern websites. Once you prove your skills, you can compete with other participants. They also have a HOF for experienced hackers.
2. HackTheBox
Hack The Box is our favorite resource for honing the art of penetration testing and, concurrently, perhaps one of the largest platforms for learning how to hack in practice.
Over the past few years, Hack The Box has become extremely popular among security researchers of all stripes: it features a user-friendly web interface for managing active virtual machine instances, responsive technical support, and, most importantly, new vulnerable machines containing the latest vulnerabilities are regularly added.
The free version only offers access to "live" cars, old cars and step-by-step guides are available with a paid subscription.
3. HackThisSite
This place is very famous among hackers, probably because its founder was arrested for illegal cyber activities. The negative publicity helped in marketing the hacker site without much effort.
HackThisSite is universal. The hacking tasks on this site are called “missions” and are classified as follows:
- Main missions
- Realistic missions
- Applied missions
- Programming missions
- Phone Phreaking Missions
- JavaScript Assignments
- Forensic missions
- Basic missions
- Stego missions
- IRC missions
As stated on hackthissite.org:
“You have to tune into the hacker underground and get involved in the project.
4. PentesterLab
PnetesterLabs is one of the largest platforms that contains tutorials and practice on a very wide range of vulnerabilities (XSS, SQLi, XXE, CSRF, SAML, cross-site leak, etc.).
However, access to quality content on the site will cost you a pretty penny. During certain promotions, courses can be purchased for as little as 25% of the original price.
5. HellBound Hackers
The name sounds cool and the site lives up to it.
The site contains various articles, tutorials, and has its own forum.
Here you can practice hacking websites, emails and various software. You can also learn steganography and even social engineering.
Bonus
Vulnhub is an old dump of vulnerable virtual machine images maintained by enthusiasts. It is a completely free source from which anyone can download a virtual machine they like and start searching for flags.
One of the biggest advantages of VulnHub is the huge number of virtual reality write-ups available online and the absence of any restrictions on their publication (Hack The Box, for example, imposes a time frame during which there is a ban on posting walkthroughs online - otherwise, there is a risk of getting banned if you publish under your nickname).
The large selection of machines and writeups make VulnHub a great starting point for people who don't know where to begin their first steps in hacking.
That's all for today. Thank you for your attention!
