Penetration Testing Training Labs
Labs to learn penetration testing and offensive security
General
- https://www.hackthebox.com/
- https://tryhackme.com/
- https://www.immersivelabs.com/
- https://www.pentesteracademy.com/
- https://attackdefense.com/
- https://hbh.sh/
- https://exploit.education/
- https://trycrack.me/
- https://www.vulnlab.com/
- https://picoctf.org/
- https://ctf.hacker101.com/
- https://ctf365.com/
- https://ctflearn.com/
- https://lab.pentestit.ru/
- https://www.root-me.org/
- https://www.vulnhub.com/
- https://cybersecurity.wtf/
- https://overthewire.org/wargames/
- https://hackmyvm.eu/
Wireless
ai
Web
Active Directory
Cloud
Azure
- https://redlabs.enterprisesecurity.io/
- https://github.com/Azure/CONVEX
- https://github.com/XMCyber/XMGoat
- https://www.brokenazure.cloud/
- https://github.com/mvelazc0/BadZure
- https://github.com/Azure/CONVEX
- https://www.purplecloud.network/
- https://github.com/Azure/SimuLand
- https://github.com/ine-labs/AzureGoat
AWS
- https://github.com/BishopFox/iam-vulnerable
- https://github.com/RhinoSecurityLabs/cloudgoat
- https://github.com/m6a-UdS/dvca
- https://flaws.cloud/
- http://flaws2.cloud/
- https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service
- https://github.com/wickett/lambhack
- https://github.com/nccgroup/sadcloud
- https://github.com/doyensec/cloudsec-tidbits/
- https://bigiamchallenge.com/
- https://github.com/BishopFox/cloudfoxable
GCP
Kubernetes
Containers
DevOps
- https://kodekloud.com/
- https://github.com/wavestone-cdt/DEFCON-CICD-pipelines-workshop
- https://hackingthe.cloud/aws/capture_the_flag/cicdont/
- https://attack-defend-serverless.sanscloudwars.com/
- https://github.com/bridgecrewio/terragoat
- https://github.com/cider-security-research/cicd-goat
- https://philkeeble.com/automation/cicd/CICD-Goat-Walkthrough-Part-1/
- https://github.com/step-security/github-actions-goat
- https://github.com/controlplaneio/simulator