A curated list of awesome security and hacking training platforms and resources to practice safely and legally.

This list aims to help students, professors, and IT professionals to find everything related to hacking training in one place.

If you would like to contribute a tool, platform, or resource to this list, you can contact its author @Smithech.

• Awesome Security Training
  • Capture The Flag - CTF
    • Events
    • Platforms for learnign
    • Platforms to organize CTF
    • Another resources
  • Championships
  • Cryptografy
  • Hardware
  • Mobile Applications
  • Operating Systems
  • Platforms to Improve Hacking Skills
  • Reverse Engineering
  • Specific Techniques
    • Return-Oriented Programming (ROP)
  • Specific Vulnerabilities
    • Cross-Site Scripting - XSS
  • Web Applicactions
  • Resources

• PicoCTF - PicoCTF provides year-round cyber security education content for learners of all skill levels. Participants learn to overcome sets of challenges from six domains of cybersecurity including general skills, cryptography, web exploitation, forensics, binary explotation and reversing.

• 247CTF - The 247CTF is a continuous learning environment. New challenges are added monthly, to enable you to continuously learn, hack and improve.
• CTF365 - Step into our world and start hacking. Defend your servers, and launch attacks on others, all using the exact same techniques that work in the real world.
• CTF Challenge - CTFchallenge is a collection of 12 vulnerable web applications, each one has its own realistic infrastructure built over several subdomains containing vulnerabilities based on bug reports, real world experiences or vulnerabilities found in the OWASP Top 10.
• CTF Learn - The most beginner-friendly way to learn cyber security. Test your skills by hacking your way through hundreds of challenges.
• CTF Time - It is a kind of CTF archive and of course, where you can get some other CTF-related info - current overall Capture The Flag team rating, per-team statistics, etc.
• Microctfs - Small CTF challenges running on Docker.
• RingZer0 Team Online CTF - RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.
• W3Challs - W3Chalss have challenges address several subsets of hacking, mostly oriented on the offensive with a multitude of technologies and architectures.

• FBCTF - The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.
• Mellivora - Mellivora is a CTF engine written in PHP.

• Awesome CTF - A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.
• CTF Online Tools - Repository to index interesting Capture The Flag online tools.

• European Cybersecurity Challenge - The European Cyber Security Challenge is an initiative by the European Union Agency for Cybersecurity (ENISA) and aims at enhancing cybersecurity talent across Europe and connecting high potentials with industry leading organizations.
• Swiss Hacking Challenge - The Swiss Hacking Challenge (SHC), is the annual National Hacking Championship of Switzerland.

• CryptoHack - Learn about modern cryptography by solving a series of interactive puzzles and challenges. Get to know the ciphers and protocols that secure the digital world by breaking them.
• The Cryptopals Crypto Challenges - Cryptopals built a collection of 48 exercises derived from weaknesses in real-world systems and modern cryptographic constructions. They give you enough info to learn about the underlying crypto concepts yourself.

• Embedded Security CTF - Given a debugger and a device, find an input that unlocks it. You'll use the debugger to reverse-engineer the code for each level. You can provide the device with input, then step through the code watching what the device does what that input.

• OWASP Security Shepherd - OWASP Security Shepherd is a web and mobile application security highly configurable training platform. Shepherd to be used by a single local user, by many in a competitive classroom environment, or by hundreds in an online hacking competition.

• Lin.Security - Lin.security is a Linux VM (Ubuntu 18.04 LTS) that suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This VM has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
• Metaspolitable 2 - The Metasploitable VM is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
• Metasploitable 3 - Metasploitable 3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit.
• VulHub - VulHub provides materials that allow anyone to gain practical 'hands-on' experience in digital security, computer software & network administration.
• Vulnserver - Vulnserver is a multithreaded Windows-based TCP server and allows the user to run a number of different commands that are vulnerable to various types of exploitable buffer overflows.

• Atenea - Atenea is a cyber security platform that presents a number of challenges which cover a wide array of topics: Cryptography and Steganography , Exploiting, Forensics , Networking and Reversing , etc.
• Defend the Web - Defend the Web is an interactive security platform where you can learn and challenge your skills. Try and complete all of our 60+ hacking levels.
• Exploit.education - exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.
• Hack The Box - HTB is a dynamically growing hacking community. Take your cybersecurity skills to the next level through the most captivating, gamified, hands-on training experience.
• Hack The Site - HackThisSite is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.
• Hacker 101 - Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
• Over The Wire - The wargames can help you to learn and practice security concepts in the form of fun-filled games.
• PentesterLab - Platform for learning and help level up skill on Web Hacking.
• Pwnable.kr - Pwnable provides various pwn challenges regarding system exploitation. In order to read the flag file, you need some skills regarding programming, reverse-engineering, bug exploitation, system knowledge, cryptography.
• Pwanable.tw - Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.
• Root Me - The fast, easy, and affordable way to train your hacking skills.
• Try Hack Me - Learn by following a structured paths and reinforce your skills in a real-world environment by completing guided, objective-based tasks and challenges.

• Crakmes - This is a simple place where you can download crackmes to improve your reverse engineering skills.
• Nightmare - Nightmare is an intro to binary exploitation/reverse engineering course based around ctf challenges.
• Reverse Engineering Challenges - Reverse engineering exercises that include different architectures and operating systems.
• Reverse Engineering for Beginners - Workshop into a web-based format to get started with Reverse Engineering. The workshop consists of 3 preparation assignments and 5 sessions.

• ROP Emporium - Learn return-oriented programming through a series of challenges.

• DomGoat - DomGoat is a DOM Security learning platform with different levels, each level targetting on different sources and sinks.
• XSS Labs - XSS labs is intended to be a testbed for who wish to sharpen their skills in XSS by solving more challenges and who would like to learn more about XSS.
• XSS Game - In this training program, you will learn to find and exploit XSS bugs.

• bWAPP - PHP application with over 100 web vulnerabilities. It covers all major known web bugs, including all risks from the OWASP Top 10 project.
• DVWA - PHP/MySQL web application that its main goals are to be an aid for security professionals to test their skills and tools in a legal environment and help web developers and students better understand the processes of securing web applications.
• OWASP Mutilliadae II - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.
• OWASP Security Shepherd - OWASP Security Shepherd is a web and mobile application security highly configurable training platform. Shepherd to be used by a single local user, by many in a competitive classroom environment, or by hundreds in an online hacking competition.
• Samurai Web Training Framework - This project is not a vulnerable application. It is a framework designed for quickly configuring training virtual machines with tools and vulnerable application targets.
• Vulnerable Web Application - DVWA is a website that is prepared for people who are interested in web penetration and who want to have information about this subject or to be working.
• WebGoat - WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons and demonstrate of common server-side application flaws.
• Web Security Academy - Free, online web security training from the creators of Burp Suite. Learn with free interactive labs and progress-tracking.
• Web Security Dojo - A free open-source self-contained training environment for Web Application Security penetration testing.
• Wishtackt's Websheep - Websheep is a willingly vulnerable set of frontend JavaScript applications and ReSTful APIs.
• XVWA - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

• Introduction to Writing ARM Shellcode - With this resource you will learn how to use your knowledge to create your first simple shellcode in ARM assembly.
• Metasploit Unleashed - It is the most complete and in-depth Metasploit guide available by Offensive Security, with contributions from the authors of the No Starch Press Metasploit Book.
• Privilege Escalation Cheatsheet (Vulnhub) - This cheatsheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.