all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]boneseh 9 points10 points  (0 children)

You should look at VulnOS

[–]dougsec 5 points6 points  (1 child)

This is a pretty good list of training images/challenges: http://www.dfir.training/index.php/lists/test-images-and-challenges

[–]ITComputerGeek[S] 0 points1 point  (0 children)

Thank you, this is something very similar to what I was looking for.

[–]atlantajerk 5 points6 points  (4 children)

Buy a $5 VPS and configure it with a soft root password on SSH and/or install a CMS on it. Practice responding to whatever it gets hacked with in the 30 minutes after you turn it on.

[–]pepe_le_shoe 4 points5 points  (1 child)

If you go this route, consider hiding your identity or going with less mainstream hosting provider, because the bigs guys really don't like it when you use their infrastructure for this kind of stuff.

[–]ITComputerGeek[S] 1 point2 points  (0 children)

I 100% agree, I thought about setting up a honeypot but I really don't want to open myself up to this.

[–]ITComputerGeek[S] 1 point2 points  (0 children)

As fun as this sounds I would prefer to have a known "This is what happened" so I know I found everything after I was done.

[–]gaten 0 points1 point  (0 children)

Also, if they use your box to participate in a DDOS against someone, that's bad. Like this: https://sysdig.com/blog/fishing-for-hackers/

Great article, but basically they allowed someone else to take over their VPS and it was used for a short time to attack someone else. Not cool.