Hackers taking down websites and company networks has been a recurring topic in the news over the last few years. Many of these system breaches seem simple or easy in retrospect. But what is often overlooked is the amount of time and effort the hackers invested in learning their skills and working on a particular target.
Some hacking is based on blind luck, while other hacking is fully attributable to technical skill. Hacks based on luck are those where the victim systems are poorly configured or not designed defensively or where a new exploit exists in the wild and the target has not yet installed the proper countermeasure.
For those compromises that are based on skill, the hackers are well versed in a programming language, operating system, protocol, application, etc. Due to this level of knowledge, they are able to manipulate the target in such a way to make an opportunity to gain access, rather than relying upon luck.
The distinction between these two forms of hacking can be loosely compared to the idea of becoming wealthy by working hard in a career for 30+ years versus winning the lottery.
In either case, once a breach has occurred, it can seem quite simple when reviewed afterwards. The hard part, whether by luck or by skill, is finding that one aspect of a target that can be used as a point of entry. The mark of a skilled professional or an amateur, whether ethical or criminal, is how consistently they can locate this point of compromise. As with most things in life, practice makes perfect (or at least perfect practice makes perfect, as practicing poorly or using the wrong technique will not produce mastery). When it comes to hacking or learning more about how technology works, interacting with simulated targets in a safe playground can help anyone develop stronger knowledge of networking, software and configuration.
There are a number of hacking playgrounds and challenge sites available on the Internet. Some of these are online, while others are downloadable virtual machines. By working through these challenges and games, you will develop your IT skills. The knowledge you gain can be applied to strengthening your own environment by understanding poor configurations as well as stress-testing your setup.
As with anything on the Internet, it is always wise to be a bit cautious. I would recommend using a browser with scripting disabled (i.e., JavaScript, Java, ActiveX and Falsh), at least initially. Or, use a virtual operating system, such as Ubuntu (http://www.ubuntu.com/) running within Virtual Box (https://www.virtualbox.org/), a free virtualization program. These precautions will minimize any risks associated with online content that has the potential to be malicious.
One popular site that maintains a list of online hacking challenge sites is WeChall at https://www.wechall.net/. At this site, you can visit the 50 or so free hacking challenge sites located online. WeChall is itself a discussion forum where you can seek advice or help from others.
Here are a few other online hacker challenge or wargame sites:
- http://www.try2hack.nl/
- http://smashthestack.org/
- http://www.overthewire.org/wargames/
For downloadable virtual machine challenges, here are a few to start with:
- http://google-gruyere.appspot.com/
- http://exploit-exercises.com/
- http://www.dvwa.co.uk/
These sites and services are offered for education and entertainment purposes. So have fun, and remember to learn about security along the way.
Related Courses
Certified Ethical Hacker v8
Security+ Prep Course
CISSP Prep Course