There are a large number of sites where you can practice all different kinds of CTF’s. Below you will find an overview of the sites I frequently visit(ed).
Over the Wire (Bandit)
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. Wargames are, in this case, a different description for CTF.
Very thorough and well structured introduction to CTF’s. Maintained and created by Tandon School of Engineering.
More focused on offensive and defensive skills, CTF365 offers a large set of servers to get your CTF groove on. CTF365 is a real life cyber range where users build their own servers and defend them while attacking other servers. It’s what would happen in real life when your server or computer networks are under attack by hackers.
Overview site of all CTF’s running and nice archive of which have run as well. Also contains some nice write-ups.
Google organizes a yearly CTF challenge for both beginners, intermediates and CTF veterans.
“We believe that the security community helps us better protect Google users, and so we want to nurture the community and give back in a fun way.”
Hack The Box
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.
As an individual, you can complete a simple challenge to prove your skills and then create an account, allowing you to connect to our private network (HTB Labs) where several machines await for you to hack them. By hacking machines you get points that help you advance in the Hall of Fame.
Ippsec Youtube channel
This guy creates awesome video’s about retired Hackthebox-machines. One of the most valuable sources out there.
Liveoverflow Youtube channel
Channel that focuses on reverse engineering challenges and payload creation. Gives very detailed explanation on what is happening and gives some nice introductory video’s.
You’ve been given access to a device that controls a lock. Your job: defeat the lock by exploiting bugs in the device’s code. You’re playing “Capture The Flag”. You collect points for each level you beat, working your way through steadily more complicated vulnerabilities. Most levels showcase a single kind of real-world software flaw; some levels chain a series of them together.
You’ll use the debugger to reverse-engineer the code for each level. You can provide the device with input, then step through the code watching what the device does what that input. You’re looking for a specific input that unlocks the device. Maybe that input is the correct passcode. More likely, though, it’s something else: an input that exploits a bug in the device’s code.
PicoCTF is a free computer security game targeted at middle and high school students. THe game consists of a series of challenges centered around an unique storyline where participants must reverse engineer, break, hack decrypt or do whatever it takes to solve the challenge.
‘pwnable.kr’ is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’. please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose.
Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.
RingZer0 Team CTF
RingZer0 Team’s online CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges. As you complete challenges you can move your way through the rankings against other users also completing the challenges.
Vulnhub hosts a number of machines that can be downloaded to you local machine, hooked up to a VM and be tested. The goal of the site is to provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.
Where to start hacking (Reddit)
Before I begin – everything about this should be totally and completely ethical at it’s core. I’m not saying this as any sort of legal coverage, or to not get somehow sued if any of you fuck up, this is genuinely how it should be. The idea here is information security. I’ll say it again. information security. The whole point is to make the world a better place. This isn’t for your reckless amusement and shot at recognition with your friends. This is for the betterment of human civilisation. Use your knowledge to solve real-world issues.
Gives a very nice overview of all different kinds of sources for starting in the CTF-field. Lots of these sources are also noted on this site.
CTF-like video games
Tired of playing CTF’s but you do want to stay in the flow? Check out these games that have CTF-aspects to them in often a highly stylized way.