User Tools

Site Tools


guides:cybersecurity

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
guides:cybersecurity [2021/10/02 19:47]
razvan [Wargames]
guides:cybersecurity [2021/10/02 20:36] (current)
razvan [Wargames] Add section on vulnerable boxes
Line 43: Line 43:
  
 A very good starting point is [[https://picoctf.org/|picoCTF]], that's created specifically for beginners making their first steps in the cybersecurity world, in a practical manner. A very good starting point is [[https://picoctf.org/|picoCTF]], that's created specifically for beginners making their first steps in the cybersecurity world, in a practical manner.
 +
 +A nice extensive collection of CTF challenges, classified by topics, are on [[https://ctflearn.com/challenge/1/browse|CTFLearn]].
 +There's quite a bunch of them and you can spend quite a bit of time on.
  
 We recommend that you continue with [[http://overthewire.org/wargames/|OverTheWire]]. We recommend that you continue with [[http://overthewire.org/wargames/|OverTheWire]].
Line 55: Line 58:
  
 Also look at [[https://cyberedu.ro/|CyberEdu]] for collections of challenges to solve. Also look at [[https://cyberedu.ro/|CyberEdu]] for collections of challenges to solve.
 +
 +===== Vulnerable Boxes =====
 +
 +A more complex set of challenges figures an entire virtual machine that you have to exploit.
 +The virtual machine usually has a realistic setup with a vulnerability (or more) that you have to discover.
 +The virtual machine has to either be downloaded or it is accessible online.
 +
 +These challenges are more difficult as they generally require you to go through all steps of a cybersecurity attack: reconnaissance, enumeration, exploiting, remote code execution, privilege escalation.
 +This also makes them more realistic, so it's important you take a look on those.
 +
 +[[https://tryhackme.com/|TryHackMe]] is an excellent platform with both free and paid content and online virtual machines.
 +It provides learning-centered "paths" in which you can discover or expand computer and cybersecurity related topics.
 +All items are centered around remotely accessible virtual machines (via a VPN connection).
 +
 +Another place to look into is [[https://www.vulnhub.com/|VulnHub]].
 +VulnHub is a community repository of vulnerable virtual machines.
 +Community members create and make available virtual machines on the VulnHub website.
 +Virtual machines have to be downloaded and installed and exploited locally.
 +As a community-centered repository, VulnHub has a large set of vulnerable boxes you can toy around with.
 +
 +[[https://www.hackthebox.eu/|Hack the Box]] is the next place you want to look for vulnerable boxes.
 +Hack the Boxes is a more business-oriented organization, with items also available based on a paid subscription and special offers for companies.
 +Virtual machines are already deployed and you can access remotely via a VPN connection.
  
 ===== CTFs ===== ===== CTFs =====
guides/cybersecurity.1633193223.txt.gz · Last modified: 2021/10/02 19:47 by razvan