Online red & blue attack/defense simulations

Quite amused at the concept that people will publish an "insecure" network so other people can practice hardening it. If you can harden something, you can also break it, which is rather the point of having security in the first place so why provide a training ground for hackers (I know you're not, but you get the point)..

You're a contractor, remember. You run a business. If the knowledge is necessary for your work, get a decent training course and do it properly; and if cyber security is what you trade in, YourCo can pick up both the bill and the expenses.

Have you checked out https://www.vulnhub.com?

Not full on networks but vulnerable OS builds for you break in to?

You could learn to exploit them and then learn to secure them and try again...

Thanks for the replies.

@malvolio:
I agree with you in that real infrastructure is breakable and so it seems counter intuitive to leave it wide open to the internet - That's why any company offering this sort of service would need to think carefully about the underlying infrastructure (e.g. running their switches / firewalls virtually in GNS3 etc, virtual hosts that wipe after each session etc - or if that is considered too 'exposed' then perhaps a simple cut down version of clickable/CLI enterable security settings along with a 'run attack simulation' button and a summary of results). I don't believe for one moment that providing these sorts of environments would provide a training ground that hackers don't already have access to (or can very easily make themselves using readily available virtualisation technologies). I also think that knowing how you're likely to be attacked, helps you to better defend.

I haven't forgotten that I'm a contractor - bench time serves as an excellent reminder - but I disagree on your all or nothing suggestion with regards to training/professional development - I see value in pursuing knowledge outside of a full blown (and all things considered, expensive) training course, particularly as security is not my company's USP, merely a part of the package my clients benefit from. I'm not looking for CV material with this, which a training course would undoubtably be best suited for - more an improved understanding so that my next design will be more secure than my last.

@Mag:
That's a great suggestion I'd never heard of before - it does seems a little red team focussed for my needs (I'm looking to focus more on the blue team stuff) but it's definitely something I'll be having a play around with.

https://en.wikipedia.org/wiki/WarGames - your original inspiration?

Forget tools and hacking scripts. Security is risk based. Know your environment in detail, and the threats to that environment. Understand where the risks points are, how they can be exploited and mitigate against that.
Ethical hacking is bulltulip. And trying to hack something yourself is a waste of time as it doesn’t represent a real world risk.
Buy a book on CISSP and read it.

Ever thought of attending a Hack-a-thon? Essentially, a marathon for hackers... sounds like a fun way to test your skills/see the skills of others!