Being housebound for the foreseeable future has left most of us a bit stir crazy. But as this period of uncertainty marches on, why not use the wealth of spare time on your hands to learn to practice your hacking skills?
Below are six free hacking sandboxes and code camps that will keep you occupied and get your ethical hacking up to scratch in a dedicated environment that won’t get you sued for being naughty.
Practice Your Hacking Skills: 6 Places to Go
“Hack the box is one of the best platforms to learn from” says Stuart Peck, co-founder of online ethical hacking community The Many Hats Club. To enter the site, which is free, the user has to pass a coding challenge, so they have to research and learn how to break in before they even start.
Once the initial challenge has been passed, access to the machines has been gained and other missions must be completed. These scenarios are created to simulate real world systems in a “capture the flag” (CTF) style. The goal is to retrieve two files from each vulnerable system: “user.txt” (user access) and “root.txt” (root access).
Hack the box has a huge community of penetration testers, security researchers and other hackers. Some have written about the challenges or recorded video content, which can be useful for battling with some of the machines, so you can continue to practice your hacking skills. HTB have nearly doubled their members to 300,000 this April, with 172,000 joining in 2020, as would-be hackers flock during quarantine to amplify their skills.
Levels vary and it is suitable even for skilled hackers.
Root-Me is a non-profit organisation that promotes the free distribution of IT and hacking technologies. The editor is the president of this organization: Guillaume FAHRNER, the website is hosted by Online.
The site provides various categories of challenges, including apps, forensics, web clients and servers.
Root-Me boasts 35 challenges and 40 rooms for CTF practice. They have a community who are accessible on site available for questions, which is convenient for those starting out. They also have a system where, if an “associated member” reaches a certain level, Root-Me will pay them and publish their work, but if you aren’t in to this, they’re still a great way to practice your hacking skills.
The self proclaimed House of the Rising Sandbox is a free, community based project powered by eLearn Security. It is a platform where the community can build, host and share vulnerable web application code for education and research.
It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online.
Hack.me is available without any restriction to any party interested in Web Application Security.
Every time a new challenge is started, Hack.me generates a new sandbox for the one user. The site claims that this application will always be safe for them to use. No other students can add malware or exploits in your sandbox, so you can practice your hacking skills in peace.
This is not something that is offered by Hack The Box or Root-Me, and is an advantage. (Forums are full of people complaining that their machines on HTB have been altered by other users so they can’t be completed.)
If you would prefer to learn the basics before you start to practice your hacking skills, Cybrary is the place to be.
A free, online community that has mobilised to “revolutionise the cyber security educational experience,” they boast over 500 million minutes of learning and over 1000 contributors. “If you want to learn how to look at Kali Linux, for example, you can go and watch the resources on Cybury and learn how to set new OS (operating system) there’s loads of resources there” said Peck of The Many Hats Club.
Lots of people also sharpen their skills on Free Code Camp.
Unlike Cybrary, all of the information provided by the site is displayed in articles, some videos and interactive lessons. Quincey Larson, the site’s creator, claims that his reason for creating and establishing the platform is to help students go from being a beginner to an advanced level in the field of coding and web development.
Larson wanted to create a platform that would be better at teaching code than those that taught him. It is certified as well, which can be useful for showing potential employers if you are considering a career change. One feature that is really unique to freeCodeCamp is that, once the studies are finished on the platform, alumni are given opportunity to apply them in practice.
The site offers you the chance to practice your hacking skills with other non-profit organizations.
Code Academy is another free online course platform that delivers a mix of practical challenges, video lectures and articles. What does set it apart from the rest is its Myers Briggs style quiz before registration.
After answering some question the site gives an indicator of what type of coding language and OS would be the best starting point for the ways the user. This is useful for those who are interested in learning to code but have been baffled by the choice.
“Code Academy is great for learning the underlying principles” explained Jamie Collier, Cyber Threat Intelligence Team Lead at Digital Shadows, ” So for me, being in threat intelligence I used it for coding, security principles and threat intelligence” but there is a lot more on there.
Steven Seeley, winner of Pwn2Own ICS 2020 and hacking trainer, had these comments about how to start out in ethical hacking:
“I think the main issue with getting started today is the paradox of choice. The best advice I can give is to just pick something, and stick to it. Whether it be capture the flag, web hacking, reverse engineering etc.
“For example, I am auditing a product right now and haven’t found one bug. I have been auditing the target for over a month now. Am I going to give up? Maybe. Am I going to keep going for several more months [first]? You bet”.
Do you have a favourite sandbox/hacker training hub not featured here? Let us know what you love about it, and why. claudia dot glover at cbronline dot com
This article is from the CBROnline archive: some formatting and images may not be present.