In today’s ever-evolving digital landscape, it is essential for cybersecurity professionals to continually improve their skills and knowledge to protect organizations from the growing threat of cyber attacks. To this end, I have taken a proactive approach to learning by seeking out and utilizing a range of penetration testing style labs that have proven to be highly effective in enhancing my proficiency in various cybersecurity defensive domains.
These labs feature vulnerable machines and past CTFs, providing an environment for me to apply my theoretical knowledge and practical skills to real-world scenarios. Through my engagement with these labs, I have been able to deepen my understanding of cybersecurity concepts, gain hands-on experience in identifying and exploiting vulnerabilities, and develop strategies for effective threat mitigation.
Total labs : 104
VulnHub
Infosec Prep: OSCP : Simple introductory machine
GreenOptic: 1 : LFI exploit , Network and Wireshark machine
Corrosion: 1 : LFI and log poisoning exploit
billu: b0x : Local file read & phpmy exploit
RickdiculouslyEasy :1 : Command Injection & sudo exploit
So Simple : 1 : WordPress vulnerability exploit
PNPT Academy : CMS exploit
PNPT : Dev : Boltwire exploit
PNPT : Black Pearl : dnsrecon & Navigate CMS exploit
Dina: 1.0.1 : playsms machine
ICMP: 1 : Monitorr & Hping3 exploit
Dripping Blues: 1 : Polkit exploit
FristiLeaks: 1.3 : Decryption & SUID exploit
My CMSMS: 1 : CMS MS exploit
W34kn3ss: 1 : OpenSSL exploit
Bob: 1.0.1 : webshell command injection bypass
Pwned: 1 : Directory enumeration & docker exploit
HA: Wordy : WordPress command injection and SUID exploit
Funbox: 1 : WordPress & Cronjob exploit
Vegeta: 1 : Steganography based box
Djinn : 1 : Command Injection bypass & sudo exploit
PwnLab: init : Upload bypass and binary exploit
Inclusiveness : 1 : LFI exploit
Cybersploit : 1 : Decryption and outdated kernel machine
EVM: 1 : Simple wordpress exploit
Photographer : 1 : Koken CMS exploit
BBS (cute): 1.0.2 : CuteNews exploit
Kioptrix 1 : apache mod_ssl and samba 2.2 exploits
Born2Root: 1 : cronjob and bruteforce exploit
DC: 1 : Drupal exploit box
DC:2 : WordPress box
DC: 3.2 : Joomla! and Linux kernel exploit
DC: 4 : Burpsuite bruteforce, command injection and tee exploit
DriftingBlues:6 : Textpattern and Dirtycow exploit
Evilbox : Website parameter and write permissions exploits
Potato : PHP Type Juggling & LFI machine
Lampiao : 1 : Drupal & Linux Kernel 2.6.22 < 3.9 – ‘Dirty COW exploit
Funbox: Scriptkiddie : ProFTPd exploit
Funbox : Easy : Web exploit machine
Funbox : Rookie : FTP exploit machine
Funbox : EasyEnum : Enumeration machine
Sunset: Midnight : WordPress & SUID exploit
Sunset : Noontide : Unreal IRC exploit
Sunset : Dawn : SMB enumeration & cronjob exploit
Sunset : Decoy : chrootkit exploit
Sumo : 1 : Shellshock and Dirty Cow exploit
Gaara : Thorough enumeration and decryption box
Cybersploit 1 : Ubuntu 12.04.5 exploit
HACLABS: NO_NAME CTF : Command injection vulnerability
Quaoar : Hackfest 2016 CTF
Deathnote : Straight forward box
Ripper 1 : Web application testing & enumeration
Tophatsec Freshly : Find the secret hidden in a sensitive file
Mercury : SQLmap
c0ldBox : WordPress machine
Jagnow 1.0.1 : Enumeration
FUNBOX: LUNCHBREAKER CTF : Machine using bruteforce
Pentester Lab: From SQL injection to Shell
Lin.Security:1 NFS exploit
Driftingblues : EyesOfNetwork exploit
HackTheBox
Bashed : scriptmanager exploit
Netmon : PRTG RCE exploit
Armageddon : Drupal exploit
Sauna : Active Directory DCSync attack
Active : Easy Active directory machine
Nibbles : Nibbleblog exploit
Forest : Active Directory exploit
Previse : Web intercept exploit
Artic : Coldbox fusion exploit
Shocker : Shellshock exploit
Blocky : Password reuse exploit
Knife : PHP RCE
Sense : Pfsense webserver exploit
Irked : IRC exploit
Buff : Exploit using port forwarding
Mirai : IoT exploit
Networked : File Image exploit
Valentine : Heartbleed exploit
Devel : Windows RCE exploit
Beep : LFI enumeration and webmin exploit
Timelapse : Exploiting using SMB and LAPS
Tier 0 : Starting Point Machine
Tier 1 : Starting Point Machine
Optimum : Windows 2012 R2 Server exploit
Return : Windows Printer service exploit
Jerry : Apache tomcat code execution exploit
Blue : Eternal Blue SMB exploit
Lame : Samba Username map script
Cap : Wireshark recon
Granny : IIS 6.0 Vulnerability code execution
Legacy : MS08-067 exploit
Grandpa : IIS 6.0 Vulnerability code execution
TryHackMe
Mr Robot : Based on the Mr. Robot show
GamingServer : Boot2Root box for beginners
Startup : Abuse traditional vulnerabilities via untraditional means
Gallery : Exploit our image gallery system
Fowsniff : Boot2Root machine
Tomghost : Identify recent vulnerabilities to try exploit the system
Lian yu : Arrowverse themed beginner CTF
Pickle Rick : Exploit a webserver
Simple : Beginner level ctf
Attacktive Directory : Active Directory
Persecure : my learning archive 