Additional labs and resources

While our main focus has been on Windows 10, Metasploitable 2, and Metasploitable 3, there are several other similar projects for exploring vulnerabilities and testing your skills. Seasoned security experts and penetration testers may remember a tiny vulnerable web server called BadStore. This vulnerable server was no larger than 15 MB (yes, megabytes) and contained several vulnerabilities from cross-site scripting to SQL injection. Although no longer available as a direct download on the official site, it can still be found around the web.

https://www.vulnhub.com/ is exactly what its domain indicates: a hub for vulnerability projects. Several vulnerable VMs are listed on the site for download, which can be used for practice and Capture the Flag (CTF) scenarios and tournaments, including Damn Vulnerable Linux, Kioptrix, and others.

Several websites also exist for those interested in practicing their skills or learning within a contained environment:

• Wargames: Wargames, located at http://overthewire.org/wargames/, has basic to advanced levels and is free for practicing:

• Hack this site: Hackthissite.org also has many challenges (lower-left side) and offers missions for beginners as well as programmers. These challenges are free but signing up is required:

• Hellbound Hackers: As with Hack This Site, Hellbound Hackers (https://www.hellboundhackers.org/) also offers many challenges for free, including pen-testing challenges. Signing up is also required to access the challenges: