Best websites to help you build your hacking skills.

From someone who has been a security consultant, hacking his way through the most secure networks on planet earth, these are my favorites for staying sharp, or for people that are just starting out, a business which want to provide an avenue for employees to continue their education, and even mid-senior level consultants who need to stretch their legs.

1. Hack-the-box (www.hackthebox.eu)

Hack-the-box dashboard for a user.

There is a portion of the site that is dedicated to companies that are looking to hire talent. Hack-the-box gives companies the ability to test an applicants ability and gives a great deliverable that shows strengths and weaknesses.

Hack-the-box for companies.

Combing the machines, challenges, endgames, fortress, jet, and pro labs; you’re looking at thousands of machines with new ones being added regularly.

https://www.hackthebox.eu/home/htb/access
Having the ability to quickly share your experience has made HackTheBox very popular.

But to get started, and completed the challenge to get access to the site. The best place to start is the ‘Starting Point’ page that hack-the-box has created to help anyone at any level get a good solid understanding of every stage of hacking a system.

https://www.hackthebox.eu/home/start

For more information try and join the discord, by far one of the most helpful resources there is for starting out. Very well moderated and non toxic environment.

The cost for the subscription of the Pro Labs (very specific and unique large networks).

A VIP Subscription for Hack-the-box is fairly cheap for everything you get access too. Is by far the best deal out of anything listed below.

2. PentesterLab (www.pentesterlab.com)

Their are over 1 thousand different challenges ranging from everything and every level of experience. From android malware creation, to hacking a Jenkins server, all the way to JSON Cross-site Request Forgeries.

Each section has its own video and research material, which comes with instructions on how to proceed.

The instructional videos are incredibly detailed which allows you to learn more about the specific attack you are wanting to learn, how to implement what you’re learning, and how/when to use it. It is all around research material that is prepared with a practical lab.

Inside each section, you have more detailed research that allows you to continue what you are learning and how to tie exploits/techniques together. The level of material in each section is obviously professional rendered and completed. That is one of the biggest selling points to professionals that are already mid career, and companies who are wanting their consultants to better be prepared.

Just like Hack-the-box, PentesterLab has a very well detailed Bootcamp that allows somewhat refresher material in a way that helps in all aspects; networking, encryption, operating systems, malware, etc.

The pricing is pretty steep compared to Hack-the-box’s free service or their VIP/pro labs that are available. For PentesterLab PRO you’re looking at $19.99 a month for their service, and for some consulting companies like Optiv, Mandiant, IBM they actually purchase the enterprise option which allows access to all their consultants.

It is very easy and simple to register and get started, their isn’t a social instance for people to communicate like forums/discord etc that would allow to create that type of connections in a way that would help define their business model.

3. Virtual Hacking Labs (www.virtualhackinglabs.com/)

4. Hacking-lab (www.hacking-lab.com)

5. Wargames (www.overthewire.org/wargames)

6. Hackthissite (www.hackthissite.org)

7. Practical Pentest Labs (practicalpentestlabs.com)

8. gh0st (http://www.gh0st.net/wiki/)

Other sites I know about, but not ready to provide a review yet.

crackmes.one pentest.training hellboundhackers.org hax.tor.hu thisislegal.com tryhackme.com enigmagroup.org pwnable.kr hack.me ctflearn.com root-me.org immersivelabs.com tryhackme.com/

“I am always ready to learn although I do not always like being taught.” — Winston Churchill