Over the Wire [0] is also great if you're curious about this sort of thing. The webapp challenges became one of my initial exposures to SQL -- as well as to injections as a concept -- and later became the basis for a whole rabbit hole on Web scraping that I haven't fully gotten out of haha
The CLI ones are also how I learned (among other things) to run single commands over ssh, which I ended up needing to kill stuck browser processes on my dev box at a previous job. Hilariously, I ran across this (as well as a reason to use it) a week after a boss of mine told me it wasn't an effective use of my off time
There's a tip-of-my-tongue one I keep hoping would crop up again here, but I haven't been able to find since: it was something about a site that showed example exploits inspired by high-profile breaches that happened IRL. It's unfortunate, bc that sounded fascinating
Over the Wire's "Bandit" game was my tool of choice for teaching the introduction to shell for my university's Cybersecurity Club a few semesters in a row. It didn't feel like a chore because of the gamification and the go-your-own-pace approach -- the hints are also a nice touch. I highly recommend it to build some shell muscles and maybe learn something you didn't already know.
For something more advanced with less help available, I recommend Hack The Box [1] which frequently rotates challenge "boxes" with new combinations of configuration and vulnerability. I haven't touched it in a few years, so take that with a grain of salt. It used to be the case that you had to "hack" the website (very easy) in order to sign up for an account, but it appears that that may no longer be the case :(
Not quite, it was less just about common vulns and more inclusive of context for where you might have heard about them in the news, even as a layperson. Details like, say, "this technique was used in the Equifax hack"
Maldev academy is slightly related. I always like to give a shout out to opensecuritytraining as well.
In my experience, open source material like this is too Linux focused. But even with paid courses (doing one of them right now actually) bypassing exploit mitigations and protections is a topic that's hard to find materials on.
Egg hunting, module stomping topics like that with process mitigations turned on and modern edr/ngav running now that I'd pay good money for. In reality, I am trying to drink from the firehose and stumbling around github, customizing poc code and learning that way.
It's really hard to stand a chance at memory exploitation with good edrs and mitigations flipped on.
Another topic that's very important to me is arm exploitation. Azeria labs has good material on it, I haven't finished it to comment on it but there isn't as much material on arm as there is on x86.
You'll also notice most introductory material skips x64 but I'd be interested in x64 intensive material as well. For example, I've learned SEH exploitation multiple times now but it doesn't apply to x64, is it worth the time spent on it? How frequently do you see seh enabled x86 apps these days (genuine question)?
Like you, I have noticed this type of material to be always Linux focused as well and wondered why. I'd love to see something like an Over The Wire security challenge game that is based on Windows or manOS if anyone knows of them.
I think it might be because microsoft charges money for windows licenses and you can't keep it free of charge and pay for licenses for the lab vms. But for exploit labs,you just need to give learners the samples and/or something like an ansible playbook to setup the vm and they can run it on their own box.
lovely site, bit more focused on education that just CTF nonsense. id still recommend first to get books on the topics. windows advanced reverse engineering. the art of exploitation, etc
these are often a bit dated, but the old stuff underpins really the new, so it should not be skipped if you really want the background knowledge. e.g. _why_ certain security features work as they do, rather than simply learning some bypasses for features. everyone has their own learning path tho, with exploit dev since its so broad, many approaches are valid.
Tangential, but this is the first time I’ve seen the .education TLD used. It’s odd that both .edu and .education exist and the former is restricted while the latter is not. Non-techies likely won’t notice or appreciate the difference.
The CLI ones are also how I learned (among other things) to run single commands over ssh, which I ended up needing to kill stuck browser processes on my dev box at a previous job. Hilariously, I ran across this (as well as a reason to use it) a week after a boss of mine told me it wasn't an effective use of my off time
There's a tip-of-my-tongue one I keep hoping would crop up again here, but I haven't been able to find since: it was something about a site that showed example exploits inspired by high-profile breaches that happened IRL. It's unfortunate, bc that sounded fascinating
[0] https://overthewire.org/