You may be already aware of how broad Information Security is and there are many avenues to explore. I had narrowed down what I wanted to focus on and it boiled down to a combination of things I was already familiar with from working in regular IT, and some things I had not done before.
While some of my interests lean toward the day job of protecting an organization one way or another, there are plenty of ways to use these skills and have some fun in a constructive manner and without breaking the law. One thing that wasn’t mentioned that often in my earlier years of learning about the security/hacking culture was how to build those skills without causing real world damage.
I often ran into a couple of questions regarding how I would sharpen my skills which were partially answered by setting up a home lab; however, its not like any or everyone plans to build a large lab in their home. I wasn’t necessarily working toward just applying these skills to the day job as I tend to enjoy doing Capture the Flag events once in awhile and sometimes I want to practice on something I’m even less familiar with.
This is where Vulnhub comes in. The site has plenty of challenges to conquer with some challenges having CTF elements to them, but most having traditional pentesting activities. You can download virtual machines with pre-configured web applications to tinker with and there over a hundred to choose from if you go back far enough. These VMs have been tested to run different virtualization clients but I have consistent success with Virtualbox. I will be posting articles for each one I work on with a write up and tag the articles with VulnHub along with other non vulnhub VMs.
Initially, I will be following walkthroughs others have created (and citing them) as I build up my skills and in time the goal is to eventually create my own walkthroughs for future VMs. I’ll be sure to include basic setup instructions before diving into the write up. Aside from sharpening my pentesting/CTF skills, the goal is to eventually do a presentation at a meetup or conference.
Resources