Resources - HK Notes

# Vulnerable Machines/Applications | | Description | | --------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/) | Is a modern vulnerable web application written in Node.js, Express, and Angular which showcases the entire [OWASP Top Ten](https://owasp.org/www-project-top-ten) along with many other real-world application security flaws. | | [Metasploitable 2](https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide/) | Is a purposefully vulnerable Ubuntu Linux VM that can be used to practice enumeration, automated, and manual exploitation. | | [Metasploitable 3](https://github.com/rapid7/metasploitable3) | Is a template for building a vulnerable Windows VM configured with a wide range of [vulnerabilities](https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities). | | [DVWA](https://github.com/digininja/DVWA) | This is a vulnerable PHP/MySQL web application showcasing many common web application vulnerabilities with varying degrees of difficulty. | # YouTube Channels | Name | Description | | ------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) | Provides an extremely in-depth **walkthrough of every retired HTB box** packed full of insight from his own experience, as well as videos on various techniques. | | [VbScrub](https://www.youtube.com/channel/UCpoyhjwNIWZmsiKNKpsMAQQ) | Provides HTB videos as well as videos on techniques, primarily focusing on **Active Directory** exploitation. | | [STÖK](https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg) | Provides videos on various infosec related topics, mainly focusing on **bug bounties** and **web application penetration testing**. | | [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) | Provides videos on a wide variety of technical infosec topics. | # Blogs [0xdf hacks stuff | CTF solutions, malware analysis, home lab development](https://0xdf.gitlab.io/) # Tutorial Websites For practicing scripting skills. [OverTheWire: Wargames](https://overthewire.org/wargames/) [UTW – Under the Wire… PowerShell Training for the People](https://underthewire.tech/) # Beginner HTB Machines - [Lame](https://www.hackthebox.eu/home/machines/profile/1) - [Blue](https://www.hackthebox.eu/home/machines/profile/51) - [Nibbles](https://www.hackthebox.eu/home/machines/profile/121) - [Shocker](https://www.hackthebox.eu/home/machines/profile/108) - [Jerry](https://www.hackthebox.eu/home/machines/profile/144)