Probably the best resource to get started. LiveOverflow runs a YouTube channel that goes through different hacking challenges and explains things from the ground up for people with little to no hacking experience. Heard about a big hack in the news? LiveOverflow also takes those and explains how those attacks work so that you can understand it as well.
The ‘CTF Field Guide’ and CTF WTF
“What’s a CTF? How do I start?” These site can give a beginner some quick pointers on how you might start to learn hacking and cyber security topics.
Found an old security competition/CTF and want to know how the problems were solved? This is a huge community-driven collection of write ups to CTF competition challenges for the past several years. Just don’t rely on them too much - the more you try the problems yourself and the less you rely on the writeups, the better you’ll get!
CTFTime: CTF Competitions This website keeps track of past, ongoing, and future CTF competitions and the teams that compete in them. The majority of these competitions may not be beginner-friendly, but many teams take the time to make write-ups of problems, which may be more useful for someone trying to learn how to think about these problems.
Security Creators A randomized list of security video creators/streamers, information about the type of content, and where/when to watch.
CTF Radiooo A CTF podcast with teachers, creators, competitors and more from around the CTF community!
Some competitions I think may be relatively beginner-friendly.
- picoCTF: picoCTF 2018 and picoCTF 2019; also picoCTF primer learning resources
- Google CTF Beginner’s Quest
- CSAW HSF
- HSCTF: also check out the HSCTF3 practice problems
- RuSecure CTF
Binary Exploitation Practice
- Exploit Exercises (VulnHub mirror)
Reverse Engineering Practice
Web Exploitation Practice
- OWASP Juice Shop
- XSS Payloads Training/XSS Payloads Twitter: posts links to XSS challenges; also lists excellent XSS/web exploitation resources
- PortSwigger Web Security Academy
- Hacker101 CTF
- Google XSS Game
- Damn Vulnerable Web App
- Google Gruyere
- Hellbound Hackers
- Hacker Gateway
- flaws.cloud - common AWS security issues
- flaws2.cloud - more common AWS security issues
Various Other Challenge Sites
(Huge list at captf + wechall + some I practice with.)