Wednesday, March 2, 2011

Hacking Training Center.

From time to time in the ethical hacking communities comes up the question: "Where can we train ?". Many different sites offer greats training challenges but what is the one I am looking for ?What the difference between them ?




Thanks to Giacomo (one of the CeSeNA boys), who pointed me out this website,I am now able to write a pretty complete list of hacking "training centers" (I like to call them in this way), here, on my blog .. just for personal memories.

Holynix
Similar to the de-ice Cd’s and pWnOS, holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example.

http://pynstrom.net/index.php?page=holynix.php

WackoPicko
WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners found:

http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
https://github.com/adamdoupe/WackoPicko

De-ICE PenTest LiveCDs
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.

http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Metasploitable
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.

http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Owaspbwa
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications.

http://code.google.com/p/owaspbwa/

Web Security Dojo
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

http://www.mavensecurity.com/web_security_dojo/

Lampsecurity
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.

http://sourceforge.net/projects/lampsecurity/files/

Damn Vulnerable Web App (DVWA)
Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

http://www.randomstorm.com/dvwa-security-tool.php

Hacking-Lab
This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote.

http://media.hacking-lab.com/largefiles/livecd/v5.39/livecd-iso-image/hl05.39.iso

Moth
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:

http://www.bonsai-sec.com/en/research/moth.php

Damn Vulnerable Linux (DVL)
Damn Vulnerable Linux is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill- configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

http://www.damnvulnerablelinux.org

pWnOS
pWnOS is on a “VM Image”, that creates a target on which to practice penetration testing; with the “end goal” is to get root. It was designed to practice using exploits, with multiple entry points

http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking pwnos.html

http://www.krash.in/bond00/pWnOS%20v1.0.zip

Virtual Hacking Lab
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/ learning purposes. Available in either virtual images or live iso or standalone formats.

http://sourceforge.net/projects/virtualhacking/files/

Badstore
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure.

http://www.badstore.net/

Katana
Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Able, and many more.

www.hackfromacave.com/katana.html


If we forgot something, let me know: lets write your comment. Thanks

7 comments:

Anonymous said...

Interesting list. I'll give it a look.
Cheers!

PHP Training said...

Acesoftech is a leading PHP training center which provides best training in Kolkata and Surat. The company provides training in such a way that its easy to learn and complete job oriented. We provide live PHP training.

Katt Wilson said...

Certified Ethical Hacker CEH training is held at TechBharat Consulting using official EC-Council curriculum. CEH certification certifies you as Ethical Hacker and Penetration Tester. CEH training is held on Version 7.
ethical hacking workshops

moonar said...

Thanks for sharing, I will bookmark and be back again










Testing Training with Live Project

White Card Training said...

Whoa! That's totally hilarious.

Beryl Edge said...

Hi There! Nice blog to read about the ethical hacking, Iphone apps development, etc. It’s Really Helpful for people who interested in iphone course, android course, android classes and Android Application Development. Thanks for sharing such useful information with us.

way2 college said...

NICE BLOG!!! Your blog is very informative for us. I would really like to come back again right here for likewise good articles or blog posts. Thanks for sharing a nice information.
eamcet mock counselling
mock counselling 2013