Sometimes, you need a vulnerable machine. Whether you are looking to learn about attack methods, or test your new controls – it is helpful to have a machine that contains vulnerabilities. As a reminder, these are vulnerable machines. Do not connect them to production networks or other non-research environments.
Here is a list of some of my favorite sources:
- Metasploitable: https://www.offensive-security.com/metasploit-unleashed/requirements/
- Metasploitable 2: https://metasploit.help.rapid7.com/docs/metasploitable-2
- OWASP Hackadmeic: https://code.google.com/archive/p/owasp-hackademic-challenges/downloads