List of usefull resources which could give you knowlendge and practice in cyber security (pentest). Some of them
- Web (in progress)
- Network (in progress)
- Usefull articles
- Online Hacking Demonstration Sites
- Practice
- Another Similar Lists
- https://habrahabr.ru/company/xakep/blog/189210/ - В поисках лазеек: гид по DOM Based XSS
- https://habrahabr.ru/company/mailru/blog/344696/ - Руководство по написанию защищённых PHP-приложений в 2018-м
- https://habrahabr.ru/company/dsec/blog/340144/ - Как работает WAF, bypass-техники
- http://testasp.vulnweb.com/ - Acunetix ASP test and demonstration site
- http://testaspnet.vulnweb.com/ - Acunetix ASP.Net test and demonstration site
- http://testphp.vulnweb.com/ - Acunetix PHP test and demonstration site
- http://crackme.cenzic.com/kelev/view/home.php - Crack Me Bank
- http://zero.webappsecurity.com/ - Zero Bank
- http://demo.testfire.net/ - Altoro Mutual
- https://lab.pentestit.ru/ - PentestIT labs (2 free labs per year)
- https://pentesterlab.com/exercises/ - Free Basic Excersices (also Premium)
- https://www.hackthebox.eu/ - Hack The Box is an online platform allowing you to test and advance your skills in cyber security (You need to hack a test resource to get an invitation :))
- https://www.vulnhub.com/ - Virtual Machines for Localhost Penetration Testing
- https://github.com/jerryhoff/WebGoat.NET - This web application is a learning platform about common web security flaws
- http://www.dvwa.co.uk/ - Damn Vulnerable Web Application (DVWA)
- https://github.com/s4n7h0/xvwa - Similar to DVWA, but with some added attacks
- http://sourceforge.net/projects/lampsecurity/ - LAMPSecurity Training
- https://github.com/Audi-1/sqli-labs - SQLI labs to test error based, Blind boolean based, Time based.
- https://github.com/paralax/lfi-labs - small set of PHP scripts to practice exploiting LFI, RFI and CMD injection vulns
- https://hack.me/ - Build, host and share vulnerable web apps in a sandboxed environment for free
- http://azcwr.org/az-cyber-warfare-ranges - Free live fire Capture the Flag, blue team, red team Cyber Warfare Range for beginners through advanced users. Must use a cell phone to send a text message requesting access to the range.
- https://github.com/adamdoupe/WackoPicko - WackoPicko is a vulnerable web application used to test web application vulnerability scanners.
- https://github.com/rapid7/hackazon - Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications.
- https://www.hackthissite.org/ - Hack This Site is a free training ground for users to test and expand their hacking skills.
- https://github.com/infoslack/awesome-web-hacking - Awesome Web Hacking
- https://github.com/enaqx/awesome-pentest - A collection of awesome penetration testing resources.