links.md

Not The Hidden Wiki

CTF Platforms

---

1. HackTheBox App - link
2. HackTheBox Academy - link
3. TryHackMe - link
4. VulnLab - link
5. VulnHub - link
6. CryptoHack - link
7. Portswigger Web Security Academy - link
8. CTFTime - link
9. PicoCTF - link
10. PWNable - link
11. RE Challenges - link
12. XSS Game - link
13. Game Of Active Directory - link
14. Vulnerable Active Directory - link
15. Vulnerable Active Directory Plus - link
16. All Damn Vulnerable Resources - link
17. Lets Defend - link
18. CyberDefenders - link
19. Ethernaut - wargames - link
20. API Security University - link
21. Expose Lab - link
22. Damn Vulnerable GraphQL Application - link
23. CloudLabsAD - link
24. Offensive Security Labs - link
25. ICS Security Labs - link
26. SANS Holiday Hack Challenge - link
27. Damn Vulnerable DeFi - link
28. Vulnerable app with examples showing how to not use secrets - link
29. Learn to Code Blockchain DApps by Building Simple Games - link
30. CodeWars: Achieve mastery through challenge - link
31. Sad Servers - link
32. RHme Challanges 2015 - link
33. RHme Challanges 2016 - link
34. RHme Challanges 2017 - link
35. Crackmes - link
36. Cryptopals - link
37. ROP Emporium - link
38. CloudGoat - link
39. IAM Vulnerable - link
40. SadCloud - link
41. Damn Vulnerable GraphQL Application - link
42. MemLabs: Educational, CTF-styled labs for individuals interested in Memory Forensics. - link
43. PWNED Labs - link
44. Hands-on Security Labs focused on Azure IaaS Security - link
45. Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure - link
46. AWSGoat : A Damn Vulnerable AWS Infrastructure - link
47. AzureGoat : A Damn Vulnerable Azure Infrastructure - link
48. Damn Vulnerable Web Application (DVWA) - link
49. Damn Vulnerable Web Services - link
50. Damn Vulnerable Hybrid Mobile App - link
51. A deliberately vulnerable CI/CD environment - link
52. Vulnerable REST API with OWASP top 10 vulnerabilities for security testing - link
53. Damn Vulnerable Serverless Application - link
54. Damn Vulnerable Thick Client App developed in C# .NET - link
55. Damn Vulnerable Java (EE) Application - link
56. Damn Vulnerable IoT Device - link
57. Damn Vulnerable Python Web App - link
58. Damn Vulnerable Bank - link
59. Damn Vulnerable WordPress Site - link
60. Damn Vulnerable NodeJS Application - link
61. Damn Vulnerable Rails app - link
62. Damn Vulnerable Grade Management System - link
63. Damn Vulnerable C# Application (API) - link
64. Damn Vulnerable iOS App - link
65. Damn Vulnerable iOS App #2 - link
66. The Damn Vulnerable Router Firmware Project - link
67. Damn Vulnerable Functions as a Service - link
68. Damn Vulnerable Cloud Application - link
69. Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab - link
70. An active directory laboratory for penetration testing - link
71. The Ethernaut is a Web3/Solidity based wargame - link
72. APIsec University - link
73. OverTheWire - link
74. CrypTool - link
75. Root Me - link
76. Webhacking.kr - link
77. Damn Vulnerable Restaurant - link
78. Reverse Engineering challenges - link
79. HackMyVM - link
80. UnderTheWire - link
81. Google CTF - link
82. Proving Grounds Play (Offsec) - link
83. OWASP crAPI - link
84. OWASP NodeGoat - link
85. OWASP Juice Shop - link
86. OWASP Mutillidae II - link
87. vAPI (vulnerable API) - link
88. AI Security Challenge - link
89. Gandalf: Test Your Prompt Injection Skills - link