Practice CTF List / Permanant CTF List
Here's a list of some CTF practice sites and tools or CTFs that are long-running. Thanks, RSnake for starting the original that this is based on. If you have any corrections or suggestions, feel free to email ctf at the domain psifertex with a dot com tld.
LIVE ONLINE GAMES
Recommended
Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.
- http://hax.tor.hu/
- https://pwn0.com/
- http://www.smashthestack.org/
- http://www.hellboundhackers.org/
- http://www.overthewire.org/wargames/
- http://counterhack.net/Counter_Hack/Challenges.html
- http://www.hackthissite.org/
- http://exploit-exercises.com/
- http://vulnhub.com/
Others
- http://damo.clanteam.com/
- http://p6drad-teel.net/~windo/wargame/
- http://roothack.org/
- http://bright-shadows.net/
- http://www.mod-x.co.uk/main.php
- http://scanme.nmap.org/
- http://www.hackertest.net/
- http://net-force.nl/
- http://securityoverride.org/ Some good concepts, but "canned" vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons
Meta
- http://www.wechall.net/sites.php (excellent list of challenge sites)
- http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC)
- http://repo.shell-storm.org/CTF/ (great archive of recent CTFs)
Webapp Specific
- http://demo.testfire.net/
- http://wocares.com/xsstester.php
- http://crackme.cenzic.com/
- http://test.acunetix.com/
- http://zero.webappsecurity.com/
- http://ha.ckers.org/challenge/
- http://ha.ckers.org/challenge2/
Forensics Specific
- http://computer-forensics.sans.org/community/challenges
- http://www.dc3.mil/challenge/
- http://forensicscontest.com/
Recruiting
Paid Training
DOWNLOADABLE OFFLINE GAMES
- http://www.badstore.net/
- http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
- http://www.owasp.org/index.php/Owasp_SiteGenerator
- Damn Vulnerable Web App
- Stanford SecureBench
- Stanford SecureBench Micro
- Damn Vulnerable Linux (not currently live? local mirror)
- http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Inactive or Gone
Just around for historical sake, or on the off-chance they come back.
- http://rootcontest.com/
- http://intruded.net/
- https://how2hack.net
- WebMaven (Buggy Bank)
- http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
- http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
- http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
- http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
- http://hackme.ntobjectives.com/
- http://testphp.acunetix.com/
- http://testasp.acunetix.com/Default.asp
- http://prequals.nuitduhack.com
- http://www.gat3way.eu/index.php (Russian)
Không có nhận xét nào:
Đăng nhận xét