Cyber Range Training

SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.

A list of vulnerable applications for testing and learning

Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.

A non-commercial wargame site offering pwn challenges related to system exploitation with different difficulty levels.

A wargame designed to test your hacking skills and knowledge

InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques.

A lightweight CTF platform with simple setup and difficulty-based scoring that removes timezone advantages from competitions.

WebGoat is an OWASP-maintained deliberately insecure web application designed to teach web application security through hands-on exercises with intentional vulnerabilities.

Local pentest lab using docker compose to spin up victim and attacker services.

A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.

A security dataset and CTF platform available in full (16.4GB) and attack-only (3.2GB) versions, pre-indexed for Splunk to help security professionals practice analysis skills.

echoCTF is a cybersecurity framework for running Capture the Flag competitions and training exercises on real IT infrastructure.

Korean cyber-security challenge platform for exploiting and defending web application vulnerabilities.

Intentionally vulnerable Kubernetes cluster environment for learning and practicing Kubernetes security.

A network of physical and online cyber warfare ranges for training and testing

A Node.js CLI tool that automates the setup of CTF events using OWASP Juice Shop challenges across multiple CTF frameworks.

A free, safe, and legal training ground for ethical hackers to test and expand their skills

SALO is a framework that generates synthetic log events for security testing and research without requiring actual infrastructure or triggering real events.

A wargame composed of 27 levels, with files needed in /vortex/ directory.

NightShade is a Django-based capture the flag framework that enables organizations to create and manage cybersecurity competitions with support for multiple contest formats and multi-tenant architecture.

A comprehensive collection of free online laboratories and platforms for practicing penetration testing, CTF challenges, and cybersecurity skills development.

An annual jeopardy-style capture-the-flag contest with challenges related to cybersecurity.

DetectionLab is a pre-configured Windows domain environment with security tooling and logging designed for cybersecurity training and detection capability development.

A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.