The practice is essential for mastery of an art. Hacking is mostly an art since it’s more about how you use the tools you know and less about how many tools you know. While it might be easy to get a basic idea of what a certain technique is about during introductory phases, getting comfortable with that technique is highly improbable without hands-on practice.
The majority of ethical hacking skills can be practiced with a decent computer and an internet connection only. Some of the skills may require additional hardware like adapters and controllers. For example, WiFi hacking on Virtual Machine will require an external WiFi adapter. Similarly, RFID hacking will require an appropriate RFID kit with the scanner and key cards.
Setting up a system for practicing will require download and installation of tools. To setting up your virtual lab for practicing ethical hacking, go through this Article.
You must have heard of BurpSuite, the tool used for penetration testing of web applications. The developers of BurpSuite now provide free of cost online training in web application security. The training contains tutorials and labs on almost every vulnerability commonly found in modern web applications. Once you are good enough, you can compete with others in solving a newly added challenge before others. They have a HOF for expert hackers and provide swag for top performers.
HackTheBox is a collection of vulnerable applications called “machines”. Each of the machines is unique and contains a set of vulnerabilities, the hacker has to compromise it and gain the required privileges. The good thing about HTB is that a large number of machines are already there for practice and walkthrough tutorials are available in case you are stuck. New ones are added regularly containing most recently found vulnerabilities. The free version offers access to “live” machines only, old machines and walkthroughs are available on a paid subscription.
This one is very famous among hackers, probably because its founder got arrested for illegal cyber activities. The negative fame has helped well in marketing HackThisSite without significant efforts. HackThisSite is versatile. The hacking challenges on this site are called “missions” and are classified like:
- Basic missions
- Realistic missions
- Application missions
- Programming missions
- Phone phreaking missions
- Forensic missions
- Extbasic missions
- Stego missions
- Irc missions
As quoted on hackthissite.org, “You should Tune in to the hacker underground and get involved with the project”.
One of the biggest platforms for web application security, PnetesterLabs hosts tutorials and labs on a very wide range of vulnerabilities of the web. But its quality content costs more than a decent sum. We advise you to keep checking the website for promos, as the courses can be grabbed at as little as 25% of the original price during certain promo events. PentesterLab has exercised on XSS, SQLi, XXE, CSRF, SAML related vulnerabilities, cross-site leakage, and many more.
The name sounds badass, and the site lives to its name. It has articles, tutorials, hacking challenges, and a forum. You can practice web hacking, email tracking, software cracking, encryption challenges(which are decryption challenges), steganography, and even social engineering. Hell Bound Hackers have been under controversy for allegedly distributing “hacking tools”. However, this page on their site clarifies that they are providing security-related material in a legal manner.
Vulnhub is the hub of vulnerable virtual machines. It indexes intentionally vulnerable machines created by experts from different places. The vulnerable VMs are downloadable and can be installed on your VM hosting platform. VulnHub is popular because of its high quality and real-world application based VMs. VulnHub is diverse, as it hosts VMs based on banking web apps to basic level CTFs.