Offensive Security

Resources for offensive security training. Compiled by the members of Root66Tulsa Cyber Clubs.

Multi-Discipline

OverTheWire - Learn linux basics!

TryHackMe - A guided CTF style learning platform

Hack The Box - Features both challenge machines and guided learning paths.

Network Pentesting

GOAD - Game of Active Directory (GOAD) is an Active Directory lab environment to test your network penetration testing skills.

Web Application Security

PortSwigger Web Security Academy - A free learning platform that focuses on web application security.

TryHackMe Web Application Pentesting - TryHackMe module specific to Web Application Testing.

OWASP Top 10 - OWASP Top 10 Web Application Vulnerabilities.

OWASP Juice Shop - An intentionally vulnerable Web Application to test your penetration testing skills.

API Security

APIsec University - A free learning platform that focuses on API penetration testing.

VAmPI - A vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs.

Mobile Application Security

Intro to Mobile Pentesting - Blog post by Hack The Box on getting started with mobile application security.

LLM Prompt Injection

Gandalf AI - Test your prompt injection skills to reveal a password.

Misc

IppSec - In Depth Walkthroughs of retired Hack The Box machines.

Common Attack Pattern Enumerations and Classification (CAPEC) - Publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

Mitre Attack Framework - Adversary Tactics and Techniques based off real world events.

Disclaimer: Usage of offensive security tools against systems you do not own or have explicit permission to perform testing against is illegal and unethical.
The golden rule: No Crimesies.

← NCAE Cyber Games