Learning Security

There are many free sites and utilities you can use to learn more about attack vectors.

DO NOT RUN THESE IN PRODUCTION.

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project  OWASP top 10 scenarios.

https://www.hackthissite.org/  Lots of web hacking scenarios.

http://www.dvwa.co.uk/  Vulnerable web app.

https://github.com/Subterfuge-Framework/Subterfuge/blob/master/README.md  easy MITM.  Not even fair.  Try learning the old ways with Ettercap, arpspoof etc.

https://github.com/beefproject/beef  BeEF browser hooking.  XSS someone and control their browser, then pivot to other hosts or tools. 

https://www.shellterproject.com/introducing-shellter/Example, add code to a legit .exe so that it opens a reverse shell to your metasploit server.  With BeEF you can do this inline as well so that all 32/64 bit PE files are slipstreamed.

https://github.com/beefproject/beef/wiki/Metasploit  BeEF integration with metasploit.  Again, not even fair.

https://www.offensive-security.com/metasploit-unleashed/  free Metasploit training.

https://github.com/n1nj4sec/pupy  Get to know the different RATs out there.  Cybergate, poison ivy, pupy, etc.

https://tuts4you.com/Endless supply of tutorials on reverse engineering, coding, etc.  

https://www.vulnhub.com/ Tons of vulnerable VMs to try to hack.

https://www.corelan.be/ Lots of hacking tuts.

http://thestarman.pcministry.com/asm/  Learn assembly code.  It’s fun!