Skip to main content

Vulnerable Machines/Applications

OWASP Juice ShopIs a modern vulnerable web application written in Node.js, Express, and Angular which showcases the entire OWASP Top Ten along with many other real-world application security flaws.
Metasploitable 2Is a purposefully vulnerable Ubuntu Linux VM that can be used to practice enumeration, automated, and manual exploitation.
Metasploitable 3Is a template for building a vulnerable Windows VM configured with a wide range of vulnerabilities.
DVWAThis is a vulnerable PHP/MySQL web application showcasing many common web application vulnerabilities with varying degrees of difficulty.

YouTube Channels

IppSecProvides an extremely in-depth walkthrough of every retired HTB box packed full of insight from his own experience, as well as videos on various techniques.
VbScrubProvides HTB videos as well as videos on techniques, primarily focusing on Active Directory exploitation.
STÖKProvides videos on various infosec related topics, mainly focusing on bug bounties and web application penetration testing.
LiveOverflowProvides videos on a wide variety of technical infosec topics.


0xdf hacks stuff | CTF solutions, malware analysis, home lab development

Tutorial Websites

For practicing scripting skills.

OverTheWire: Wargames

UTW – Under the Wire… PowerShell Training for the People

Beginner HTB Machines