DVWA VS DetectionLab

Step 2: Deploy DVWA (Damn Vulnerable Web App) DVWA is a classi learning platform containing common vulnerabilities like XSS, SQLi, CSRF, and file upload flaws. ✓Installation Steps:https://github.com/digininja/DVWA.git 1.Move DVWA into ServBay’s root directory (/Applications/ServBay/www/) Then modify the config.inc.php.dist file suffix to config.inc.php, and modify the database user name and password. Other configurations do not need to be changed.

For this tutorial, I'll be using my personal PC, running a virtualized instance of Kali Linux, and a Samsung Galaxy A23 with Termux installed to host the web application that we will attack. The Samsung Galaxy will run an Apache server that serves DVWA (Damn Vulnerable Web App), an application intentionally built with security flaws so we can practice pentesting in a realistic setting.

There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop

I'd suggest you to download for example a VM of Damn Vulnerable Web Application (https://github.com/digininja/DVWA), learn and practice the attacks, and then try to protect the host from these attacks to prevent or limit access to the system.

I deployed a Damn Vulnerable Web Application (DVWA) for you, I DM'ed the url and creds. It's a controlled sandbox, intentionally vulnerable app for you to try out your hackerman skills. Go nuts, have fun dude.

For app security check out the damn vulnerable web app: https://github.com/digininja/DVWA

A fresh install laptop is probably going to be a frustrating first place to start as it is unlikely to be exposing any services for you to scan or test. You could install some vulnerable services, like the damn vulnerable web application here which has good setup instructions and many, many walkthroughs.

I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.

Detection Lab Link: https://github.com/clong/DetectionLab

Not sure what your goal with splunk is but I'd recommend Detection lab! Once you get the pre reqs setup, building and tearing down is super easy and you get a pre-baked ad environment to generate logs for you. https://github.com/clong/DetectionLab

I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab

While it's true what most are saying, that you don't need a powerful system to learn hacking....... You DO have a valid point that a powerful system enables things a weaker system may not. For example with 64GB of RAM you can run a full network lab simulation such as https://github.com/clong/DetectionLab additionally a solid high end graphics card will let you run things like hashcat a lot faster. In theory you could make a rainbow table. You still need a lot of time to understand all the basics but yeah there's a few cool things you can do with more power it's not ENTIRELY unneeded. I wish I knew about the local defcon group long ago. They're welcoming and some have capture the flags you can play. Understand the various job roles there are in security and figure out which one you like. You get paid to do specific things not just learn about hacking.

Github DetectioLab