I understand why military and security services are constantly wargaming, getting there units prepared for events before they happen, while there can be no substitute for the real thing,
failing to prepare is preparing to fail. The same applies when it comes to pentesting, you need to constantly put into practice the skills you learn, one way to do this is via deliberatly vulnerable virtual machines like DVWA or Metasploitable, of which there are many some offline some online these are getting learning/teaching tools for anybody remotely insteresed in any aspect of computer security.
In the previous post I mentioned how I struggle badly with sticking to a project right through to the end, well this is another example. I'd like to introduce an awesome site I first started using back in 2014 that site is
http://overthewire.org/wargames they over a wide varitey of hacking wargames (online) they vary greatly in the skills you will need and the skills you will acquire, as I've now set myself a schedule to aid with all the learning i'm doing i will be updating (well at the very least uploading my videos) as I go along.
When i started on overthewire in 2014 I'd already begun uploading some videos to youtube only in the last week did i notice something saying PLEASE DON'T UPLOAD SPOILERS, i have 2 issues with that
- well i have to disagree with that, if people want to not learn anything by reading spoilers that has to be option they are allowed to take if they choose
- after not using overthewire for over 2 years i needed to to get back to the point i was last at on OTW, by looking at my youtube videos i could immediately see where i was last upto.
the latter actually saved me the rig-moral of relearning the techniques i learned the first time i started with OTW, essentially the videos acted as a prompt to quickly bring me upto speed.
When i initially started using overthewire.org i immediately noticed a page called wechall scoring. The top of the page read the following
OverTheWire makes use of a scoreboard provided by WeChall to allow
players to track their own progress and promote some healthy competition
between players. To make use of this scoreboard for OverTheWire games,
you need to follow these steps:
awesome there is a way for me to keep track of the progress of my activities on overthewire. the first thing i need to do was
- First, go to WeChall and register for an account.
why the need to register an account at another website i grumbled at first but on the first visit to wechall.net I realised just how many different wargame sites there is out there. Currently at the time of posting there are 58 different wargame/hack sites that incorporates the wechall scoring system.
I've currently only used overthewire although i've briefly had a look at a few of the other sites but I cant recommend this type of practice highly enough, while i'm putting most of my focus into web application security this will help fine tune a lot of other core skills. certainly while hacking on overthewire I've learned a lot of advanced features on some of the basic linux commands like
ls,grep,cat,file,du,type,sort,uniq,strings,gzip
and lots and lots more commands i only ever used for very basic things anyway the bottom line get onto overthewire.org setup wechall scoring on your machine and hack away every day
for now you keep an eye on my overthewire playlist over at
youtube which i'll most likely update in batches
PEACE
