If you have thanks, kudos, feedback, updates, additions, etc. please contact:
When the book is out, you can get it here (support our speakers!):
__Progressive Games__
| Name | Description | Links |
| crackme | https://en.wikipedia.org/wiki/Crackme | |
| code katas | https://en.wikipedia.org/wiki/Code_Kata | |
| Matasano/Square Embedded Security CTF Challenge | https://microcorruption.com/ | |
| Starfighter CTF | programming competion instead of technical interviews or resumes | http://www.starfighters.io/ http://www.kalzumeus.com/2015/03/09/announcing-starfighter/ |
| EnigmaGroup | Wide range of excercizes | http://www.enigmagroup.org/ |
| GameOver | Insecure web applications | http://sourceforge.net/projects/null-gameover/ |
| SecuraBit Gh0st PenLab | CTF | http://www.gh0st.net/ |
| Google Gruyere | Web Application Exploits and Defenses: small cheesy web application codelab | http://google-gruyere.appspot.com/ |
| Hacker Challenge | http://www.dareyourmind.net/ | |
| Hacker Test | JavaScript-PHP-HTML | http://www.hackertest.net/ |
| Hacking-Lab | CTF and mission style challenges for the European Cyber Security Challenge | https://www.hacking-lab.com/ |
| Hack.me | Vulnerable web applications code samples and CMS̢۪s online | https://hack.me/ http://www.elearnsecurity.com/ |
| HackThis | JavaScript-SQLi-Coding-Crypt-Captcha-Forensics | http://www.hackthis.co.uk/ |
| Hack This Site | Programming-JavaScript-Forensics-Stego-Irc | https://www.hackthissite.org/ |
| Hax.Tor | 02006 many levels deprecated | http://hax.tor.hu/ |
| hackxor | Virtual machine image like WebGoat but with a plot | http://hackxor.sourceforge.net/cgi-bin/index.pl |
| OverTheWire | SSH shell access | http://www.overthewire.org/wargames/ |
| p0wnlabs | Free sample challenges forensics-password cracking-OpenVPN-Metasploitable-WebGoat-OWASPBWA-pay challenges | http://www.p0wnlabs.com/free |
| pwn0 | VPN access | https://pwn0.com/home.php |
| Root Me | Hundreds of challenges-virtual machines | http://www.root-me.org/?lang=en |
| Security Treasure Hunt | Web vulnerability-forensics | http://www.securitytreasurehunt.com/ |
| Smash The Stack | SSH shell access | http://www.smashthestack.org/ |
| sqli-labs | Aplatform to learn SQLi | https://github.com/Audi-1/sqli-labs |
| TheBlackSheep and Erik | Programming-JavaScript-PHP-Java-Steganography-Cryptography | http://www.bright-shadows.net/ |
| ThisIsLegal | hacker wargames | http://thisislegal.com/ |
| Try2Hack | http://www.try2hack.nl/ | |
| WabLab | SQL-web application | http://www.wablab.com/hackme |
| VulnApp | http://www.nth-dimension.org.uk/blog.php?id=88 |
__Network Targets__
| Name | Description | Links |
| US NIST Computer Forensic Reference Data Sets (CFReDS) | http://www.cfreds.nist.gov/ | |
| Damn Vulnerable Linux | http://sourceforge.net/projects/virtualhacking/files/os/dvl/ | |
| Handler Diaries | Digital Forensics and Incident Response | http://blog.handlerdiaries.com/ |
| Kioptrix | virtual machine challenges | http://www.kioptrix.com/blog/test-page/ |
| LAMPSecurity | Vulnerable virtual machine images to teach linux-apache-php-mysql security | http://sourceforge.net/projects/lampsecurity/ |
| Metasploitable | Intentionally vulnerable Linux virtual machine | http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/ |
| Metasploitable2 | Intentionally vulnerable Linux virtual machine | http://sourceforge.net/projects/metasploitable/files/Metasploitable2/ |
| GoatseLinux: It's Wide Open | http://neutronstar.org/goatselinux.html | |
| pWnOS | http://www.pwnos.com/ | |
| RebootUser Vulnix | Vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions. The goal: boot up find the IP hack away and obtain the trophy | http://www.rebootuser.com/?page_id=1041 |
| UltimateLAMP | PHDays iBank CTF | http://www.amanhardikar.com/mindmaps/practice-links.html |
| Vulnserver | Vulnerable Windows based threaded TCP server application | http://www.thegreycorner.com/2010/12/introducing-vulnserver.html |
__Web Targets__
| Name | Description | Links |
| Metasploit Unleashed | Free training from Hackers for Charity | http://www.offensive-security.com/metasploit-unleashed/Main_Page |
| Metasploitable | Use with Metasploit Unleashed | http://www.offensive-security.com/metasploit-unleashed/Metasploitable |
| Backtrack Tutorials | http://www.backtrack-linux.org/tutorials/ | |
| Hack This Site | Programming JavaScript Forensics Stego Irc | http://www.hackthissite.org/ |
| BodgeIt Store | a vulnerable web application for those new to pentesting | https://github.com/psiinon/bodgeit |
| Butterfly Security | Web application and PHP vulnerabilities and mitigation | http://sourceforge.net/projects/thebutterflytmp/ |
| CryptOMG | Common cryptographic flaws CTF | https://github.com/SpiderLabs/CryptOMG |
| Damn Vulnerable Web App (DVWA) | PHP/MySQL | http://www.dvwa.co.uk/ |
| Damn Vulnerable Web Services (DVWS) | http://dvws.professionallyevil.com/ | |
| Exploit KB Vulnerable Web App | SQLi PHP MySQL | http://exploit.co.il/projects/vuln-web-app/ https://sourceforge.net/projects/exploitcoilvuln |
| Foundstone Hackme Bank | MS-Windows | http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx |
| Foundstone Hackme Books | MS-Windows | http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx |
| Foundstone Hackme Casino | MS-Windows | http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx |
| Foundstone Hackme Shipping | MS-Windows Adobe ColdFusion MySQL | http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx |
| Foundstone Hackme Travel | MS-Windows client/server SQL | http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx |
| LAMPSecurity | vulnerable virtual machine images to teach linux apache php mysql security | http://sourceforge.net/projects/lampsecurity/ |
| Magical Code Injection Rainbow (MCIR) | SQLol XMLmao ShelLOL and XSS | https://github.com/SpiderLabs/MCIR |
| Moth | VMware image with vulnerable Web Applications and scripts | http://www.bonsai-sec.com/en/research/moth.php |
| NOWASP/Mutillidae 2 | Vulnerable web-application for Linux and Windows using LAMP WAMP and XAMMP pre-installed on SamuraiWTF Rapid7 Metasploitable-2 and OWASP BWA | http://sourceforge.net/projects/mutillidae/ http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 |
| OWASP Bricks | Vulnerable web application built on PHP and MySQL exploitable using Mantra and ZAP | http://sourceforge.net/projects/owaspbricks/ |
| OWASP Broken Web Apps | Vulnerable web applications on a Virtual Machine | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
| OWASP Broken Web Applications Project (BWA) | vulnerable web applications on VMware virtual machine | http://code.google.com/p/owaspbwa/ |
| OWASP Security Shepherd | Web and mobile application security training platform | https://www.owasp.org/index.php/OWASP_Security_Shepherd |
| OWASP SiteGenerator | Dynamic websites based on XML files and predefined vulnerabilities | https://www.owasp.org/index.php/Owasp_SiteGenerator |
| PuzzleMall | Java/JSP Apache Derby Temporal Session Race Conditions (TSRC) and Layer Targeted AdoS | http://code.google.com/p/puzzlemall/ |
| SecuriBench | Java-SQL injection attacks-Cross-site scripting attacks HTTP splitting attacks Path traversal attacks | http://suif.stanford.edu/~livshits/securibench/ |
| SocketToMe | PHP chat a simple number guessing game and a few other hidden features | http://digi.ninja/projects/sockettome.php |
| WackoPicko | Part of OWASP BWA Project | https://github.com/adamdoupe/WackoPicko |
| "Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners" | http://cs.ucsb.edu/%7Eadoupe/static/black-box-scanners-dimva2010.pdf | |
| WebGoat.NET | https://github.com/jerryhoff/WebGoat.NET/ https://www.owasp.org/index.php/WebGoat_User_Guide_Table_of_Contents | |
| WebSecurity Dojo | Self-contained training environment for Web Application Security penetration testing xubuntu 12.04 | http://sourceforge.net/projects/websecuritydojo/files/ http://dojo.mavensecurity.com/ |
| OWASP Zed Attack Proxy | Web Application Vulnerability Examples (WAVE) for testing OWAP ZAP | http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip |
| Hewlett-Packard Fortify WebInspect | Product demo Zero Bank | http://zero.webappsecurity.com/ |