Spend enough time learning any skill and you will eventually get good at it.  Information security is no different in this regard.  What does set information security apart from other professions are some of the tools available to augment your training and get some practice and have some fun at the same time.

My personal favorite “training” tool is capture the flag.  In this scenario servers are setup which contain various hacking challenges to unlock the “flag” which is typically a string that needs to be fed back into the control server.  These systems are typically setup with leaderboards for those who like the competition as well as accompanying documentation to help out when you’re stuck (or just have no idea where to start!)

Without a doubt my favorite capture the flag style event is the SANS Holiday Hack Challenge which is released in December of each year.  This is a unique blend of in game discovery and web research.  This is coupled with hands-on “hacking” activities necessary to progress.  Very clever story lines and interesting challenges make this worth checking out.  The challenges range in skill levels so even if you’ve never tried something like this before, this is as good a place to start as any. This is a little different than your standard capture the flag, better in many regards, and certainly worth checking out.

Some of my favorite online CTF challenge sites can be found below.  I am always looking for new CTF challenge sites so please share in the comments!

• root-me.org
• pwnable.kr
• Gooogle Gruyere

If you are looking for challenges that can be installed/hosted locally check out some of these.  Be careful not to expose these publicly.  They are vulnerable by design so be careful!  Best to keep them bound to loopback (127.0.0.1) if possible):

• DVWA (Damn Vulnerable Web App)
• Mutillidae II
• Metasploitable 

As I said before, I love these things.  Please share your favorites in the comments!

…another ramble in the can!  You can follow me on Twitter@JaredGroves