Whilst learning the ropes and building experience in information security, a great resource I have found that properly solidifies the knowledge you are learning are capture the flag platforms (CTF’s).
CTF’s force you to put the skills you’ve learnt to good practice, they are remarkably useful learning platforms, as they will often push you to pick up tricks/tools/research that you wouldnt pick up usually.
The aim of CTF’s is to find ‘flags’ which are strings hidden somewhere in a platform/network/webite/system. Your aim is to find these flags and confirm them on the platform gaining you points. These flags are usually hidden behind varying degrees of security and are usually hidden in the user or root files.
I’ve generally tried a few of these and have had varying degrees of interest in them. I’ll update this reguarly when I’ve played a new one or find something that is worth including.
Some of the ones I’ve personally found to be very useful and I would recommend are:
TryHackMe – https://tryhackme.com/ – Free with a subscription model
TryHackMe is a capture the flag which holds your hand a lot more than a few others that will be on this list. It starts you with the basic fundamentals and its ‘rooms’ to begin with are based around teaching you to use key tools and methods.
It is free to sign up to, but if you want to use some of the features such as an online version of kali linux, or its specialised learning paths theres a subscription to pay. The subscription is automatically cheaper for students and it only works out to a few pounds a month.
The learning paths you can sign up to depending on your skill level, take you through learning what it considers to be the tools for that level of knowledge and covers a wide range of things that anyone looking to get into infosec should know.
Hack the Box – https://www.hackthebox.eu/ – Free with a subscription model
Hack the Box is probably one of the more well known CTF’s out there, with a huge number of ‘boxes’ to hack on a rotation. Whilst it doesnt have the beginner friendly way of holding your hand that TryHackMe has, it does a good job of forcing you, trial by fire almost, into looking into a wide range of different enumeration, privilege escalation and foothold techniques. With hack the box, if you arent overly comfortable with these methods, your options are to research, research, research and put it into practice or keep bashing your head against them until you break something. Though very good for a CTF, I wouldnt recommend this to a beginner, and it doesnt appear to cover as many topics as THM.
CTF.Live – https://www.ctf.live/ – Free
I would be lying if I said I had got into CTF.Live by Pentester Academy, the platform seemed quite good and was very simple to get into. It is very theoretical, and does seem like a good starting point to get into CTF’s; but by the time I had found this, I was already quite into TryHackMe and HackTheBox. The advantage to this platform is that you dont need to download anything or even host your own kali linux etc. It is all done in the browser, with all software you would require to find the flag included on each room.