commonplace
  • Commonplace
  • AWS
    • Control Tower
      • Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
    • Talks / Articles
      • Encrypting Everything with AWS (SEP402)
      • The Tension Between Absolutes & Ambiguity in Security (SEC310)
      • Best practices for authoring AWS CloudFormation (DOP302-R1)
    • Useful Links
    • Notes
      • awscli
      • Cloudformation
        • Using Parameters
  • Infrastructure Security
    • Amazon Web Services
      • Tools
    • Tools
  • Security
    • Articles
      • If You're Not Doing Continuous Asset Management You're Not Doing Security | Daniel Miessler
      • Living Off the Land
        • Living Off The Land: Part 2
    • Cryptography
      • Shamir Secret Sharing Algorithm
    • Distros
      • REMnux
    • DoD
    • Email
    • GPG
    • Shodan
    • SSH
  • Resources
    • AWS Toolbox
    • CTF
      • AWS
    • Dev Setup
      • Windows Terminal
    • Documentation
      • MOCK Press Release Template
      • Design Document Template
    • Docker
      • Notes
      • Configure Docker w/TLS for WSL
    • Kubernetes
      • Raspberry Pi 4 (4GB) Cluster
    • Linux
      • zsh config
      • Users and Groups
    • Python
      • AWS
        • Lambda
      • Random Strings
    • Security News
    • Tools
    • Unity SSDLC
    • vscode
      • Cloudformation
    • Windows
      • WSL2
        • Scratchpad
        • Install a GUI (xfce)
        • Creating Additional WSL2 Instances
    • Youtubers
      • youtube-dl snippets
  • Lab
    • Building a Better Workstation
      • Notes / Guide
  • Misc
    • Notes
      • youtube-dl
  • Recipes
Powered by GitBook
On this page

Was this helpful?

  1. Resources

CTF

PreviousAWS ToolboxNextAWS

Last updated 5 years ago

Was this helpful?

Capture the Flag / Hands On

After reading theory, and perhaps running specific examples or labs, I like to practice in slightly more open environments. Here are the ones I have enjoyed the best, keeping in mind that there are many more available than I will ever have time to try. If something sounds interesting - try it!

- Natas is great for web pen testing, and the rest for coming up to speed on things like buffer overflow and memory corruption. I haven't completed everything on the site, but I always learned a lot. All the challenges are free.

- an excellent site for learning, with a structured approach and courses. Unfortunately, it's a modest investment on an ongoing basis.

- Download lot's of (Free!) vulnerable VM's. If you are just starting out, try out the series (1-5), , , , and .

- One of my favorite sites. VPN into their network and have fun! There is a small hacking challenge to get an account. They have a Pro version, but the free one is plenty for part time learning.

- More a mix of tutorial, VM exploit walkthroughs, and overviews of concepts - this site has many interesting resources for learning aspects of hacking.

Here are a few good cheat sheets: enumerate , , and one for (it's a little old, but still relevant - the methodology is what counts.).

Over the wire
Pentester lab
Vulnhub
Kioptrix
Minotaur
pwnlab
stapler
VulnOS
Hack the Box
Fuzzy Security Tutorials
network services
reverse shells
privilege escalation