InfoSec Training Links
- 1 Overview
- 2 Wargames
- 3 Programming
- 4 Books
- 5 Vulnerable VMs and ISOs
- 6 Tutorials
- 7 Interesting Sites
This page contains links that I believe are useful for the aspiring Pentester or InfoSec enthusiasts. I get lots of questions for resources on this topic and decided to start dumping them to this page to make it so I may send a single link rather than spam a lot of links (and possibly forget some while doing so)
For those starting out and wondering "Where do I even start?" I would recommend grabbing a few books on the topic at first. Entry level books would be structured well and give a good solid foundation. Studying for certifications at the same time can provide this and have the added bonus of getting a cert for the resume. Next on the list would be to read and watch as many tutorials, conference talks, and articles as you can. These will help give you hands on skills that a lot of entry level books might gist, but not dive deeply into. After you start to become more familiar you should attempt to build an hacking lab to practice in and also play in wargames, vulnerable VMs, and CTFs to provide exercises to sharpen your skills.
UPDATE: CorelanCoder published an amazing blog post regarding his advice for people looking to break into the field. I would suggest reading it as it is packed with good honest advice if you are looking to do this professionally.
Wargame Sites are sites that host challenges for hackers to test and hone their skill sets in a legal manner. If your looking to learn, these provide you a legal manner to get hands-on experience. Please note that security is something you need to consider, please use caution when running programs or code from these sites.
WeChall.net is a great wargame site. One of the most interesting features is the global scoreboard that ties in with a lot of other wargame sites so you can use it as a single place to track how you are doing on multiple sites. It is recommended that you take time to setup an account here and use the global score board to track your progress. This also helps you find new wargames as a result. Complete with a forum for questions and a separate forum per challenge that becomes available for challenges you completed so you can share your solutions with others that have completed challenges.
Over The Wire
Over The Wire offers mostly SSH based challenges where the player will remote into a Linux system and exploit vulnerabilities to move to the next level. They also have a web based challenge series called Natas. The challenges are listed on their site with descriptions with some ranging from basic Linux commands to having the source code to a program to find the vulnerability to crypto to "here is a random program, find the flaw and exploit".
Hack This Site
Bright Shadows is another web-based wargame system that has some decent challenges that are written with decent hints.
Smash The Stack
Smash The Stack is a SSH based wargame that offers several servers with various wargames.
crackmes.de is a long running site for reverse engineering challenges. Use caution with downloaded programs for security reasons. This site allows people to upload "challenges" for people to practice their reverse engineering. This sites also allows people to post write-ups on how they solved the problems which can provide a chance to learn. This can also allow you to upload a challenge binary to test how well a reverse engineering counter measure can withstand real-world reverse engineers.
Google's XSS Game
Google's XSS Game provides a challenge site that allows people to attack some example sites that have XSS challenges.
Another topic I get asked a lot is for references that teach programming. If you are looking to get into security, learning programming would be a good as it is needed in many topics such as writing tools and PoC (proof of concepts), reverse engineering, exploit development, code reviews, and gives you the ability to understand the vulnerabilities. Below is a list of sites and descriptions of good resources. If you are looking for a good place to start, python and shell scripting are good starters because they are easy to learn and make up the major languages used in security tools. After that understanding C/C++ or PHP would be the next goals as these languages are commonly used for development in the real world and are also prone to security bugs if the programmer doesn't take counter-measures to prevent them. Understanding C/C++ will also help when it comes to reverse engineering as most the time this will be the language used to produce the binary, especially if you get into playing in CTFs.
Codecademy is a site that teaches programming in a web-based, interactive, lesson based manner. It's a very good site for learning programming in several languages since it has interactive lessons that let you write code and run it on their servers. It will also look at the program output to determine if you completed it successfully. To reinforce lesson it also has projects. To promote active learning, it provides achievements and vanity badges. All and all, a great place for new coders to get started.
- HTML & CSS
- Command Line Basics
- Git basics
- Website basics
W3 Schools is a site that has some good web tutorials with an interactive sandbox technology that let's you play with the examples. They were subject to some criticism due to some non w3c compliant code and failing to update the site content to keep it update with the rapid changing web tech. However I would still recommend it as it is very well written and I still use it as a reference.
The provide tutorials on:
- ASP & ASP.NET
Tutorial Point - x86 NASM Assembly Tutorial
Tutorial Point's NASM Tutorial page focuses on teaching x86 assembly on Linux using NASM (Netwide Assembler). This tutorial is pretty straightforward and a pretty decent tutorial for x86 assembly.
Linux System Call Table
Linux System Call Table site contains a list of most the syscalls and their arguments and data structures in a table for Windows, Linux and Mac OSX and on several architectures, including ARM (strong arm and thumb), MIPS, PowerPC, IA64, Sparc, and x86. Figured this would be useful to list after posting a link to an x86 assembly tutorial. Very good resource to keep handy if you get into writing assembly or shellcode/exploit writing.
Learn Code The Hard Way
Learn Code The Hard Way is a site with a book style format based around trying to learn coding via challenges.
This site offers:
Tutorial Points - C Tutorials
Tutorial Points - C Tutorials is a site that has some C tutorials. However, I will point out these are not the best examples. But I recommend them as a lot of self-taught programmers use this site to learn, copy and paste code examples, or use it as a reference. This is all fine and well, in fact I use it might self as a quick reference for declaration, but a few example snippets have security flaws in them that can create memory corruption bugs that can be exploited for code execution. If you are interested in security I would suggest looking these over and looking them over for security flaws (Hints: the example code on the scanf page contains two exploitable bugs in one 17 lines of code.) as a good exercise. If not, it's still worth a look as the reference material is very well organized and explained.
Books are always a good reference to have and usually since it's for commercial enterprise it has a higher editing value that makes it more structured. Here are some books I would recommend.
Hacking: The Art of Exploitation
Hacking: The Art of Exploitation from No-Starch Press is a good book that is an excellent primer for hacking. It gives high level views of programming, scripting, assembly, and debugging. Then it dives deep into covering memory corruption type bugs with good example code and explanations on what is going on. It also covers some odds and ends and tips and tricks (Dealing with DEP, TCP Port redirects, tcp hijacking, some wireless cracking). I highly recommend this title
Vulnerable VMs and ISOs
Vulnerable VMs (Virtual Machines) are a good tool to have around for building a hacking lab on your network that enables you to have targets to practice testing or exploits against. These also allow you more flexibility to allow you to really toy around with an exploit unlike a wargame where what you do may disrupt the wargame or be considered to intrusive.
The De-ICE Series are old but are really a good series to start practicing on pen-testing from start to finish (Scanning, Enumeration, exploitation, privilege escalation, etc). Recommended to simulate a pen-test in a simple environment and requires you to consider your options of attacks. These come in ISOs but will run just fine out of a VM.
Metasploitable 2 is a vulnerable Linux VM designed to be a target practice VM for Metasploit (you will get a ton of shells via Metasploit!). It's a good VM because it has a ton of ports open, odd services, backdoors, and bad configurations. Another good pen-test exercise VM.
OWASP BWA (Broken Web App)
OWASP BWA is a Linux VM that contains several vulnerable web apps on one box. Some of these are training apps to teach security auditing a web site while some are older versions of open source web apps that had major security flaws in them.
They could be programmed to do malicious things when booted, such as trying to exploit your modem, scanning other machines in the network and trying to hack them, Sending spam or launching DoS attacks from you IP, or attempt to establish a reverse connection VPN that would allow a malicious hacker into your network, or even have mounted "shared folders" settings to access your disk contents! For more information please see the VulnHub Security FAQ and the two blog post referenced by it here and here
I personally don't play these but a lot of people seem to like this site so I'm including it here. If you do decide to play some I would recommend one that has been there for a while and has been vetted by the community (check the write-ups section). It is best to run these in an offline network and on a machine in that network you don't care about or value, and that there are no machines with critical data on them in that network.
Vulnhub is a site that host VMs that are "vulnerable by design" as the site says. The idea is to make it so the community can provide targets for hackers to test their skills on, much like a wargame.
Tutorials are a good place to learn and understand exploits and vulnerabilities. Below are list of references that I think are good sources of tutorials that will help teach new pentesters.
Travis' x86 Linux Buffer Overflow Tutorials Series
Travis' x86 Linux Buffer Overflow Tutorial Series is a series created by Travis Phillips of hands-on tutorials designed to teach the basics of what buffer overflows are, basic detection and exploitation techniques, and bypassing ASLR and DEP using ROP and various other tricks.
Corelan Exploit Writing Tutorials
Corelan Team has a ton of articles. The most interesting ones are in the category Exploit Writing Tutorials. This section has a lot of articles but there are articles in this section that will contain "Exploit writing tutorial". These tutorials cover real world exploit development starting with a stack based buffer overflow against a vulnerable version of Easy RM to MP3, then moves on to more advance topics such as working around DEP, ASLR, and safeSEH, converting the exploit to a Metasploit Module, and so on.
Offensive Security's Metasploit Unleashed Page
Metasploit Unleashed is a page with a ton of tutorials designed to teach people how to use the Metasploit Exploit Framework. This page is a very well written primer on the tool and is highly recommended to help people familiarize themselves with it.
Code Arcana's Introduction to Return Oriented Programming (ROP)
Code Arcana has an excellent tutorial that covers the basics of using ROP (Return Oriented Programming) to bypass DEP (which in this day and age, is almost a must for the modern day exploit writer). This is an excellent tutorial with 4 vulnerable code examples and walkthroughs on how to build the exploit for them. These are very well written and explained. Highly recommended read.
A grab bag of interesting sites that have a wealth of good information.
Shell-Storm.Org is a site with a lot of awesome content run by Jonathan Salwan. This site has an archive of old CTF challenges, shellcode, old talks, and a blog as well. Highly recommend checking out this site out. The shellcode and CTF repos are worth the time.