Something about the way this is written sets off alarm bells for me. This is a learning resource, and yet the review includes this paragraph:<p><i>The practical experience of breaking real world cryptography through exercises such as Electronic Code Book, Cipher Block Chaining, Padding Oracle, and ECDSA. Note: Although the number of crypto exercises here cannot compete with CryptoPals (which is exclusively about breaking real world cryptography), at least at PentesterLab you get certifications (badges) as evidence of your acquired skills.</i><p>I can't see these exercises because they cost money, but I'll charitably guess that the ECB exercise is an attack on cut-and-pastability of ECB, the CBC exercise rewrites a plaintext from unauthenticated CBC, "Padding Oracle" is what it sounds like, and ECDSA is a repeated ECDSA nonce.<p>Those are fine exercises (though, as the review points out, you can get better ones for free elsewhere). But did the students doing them really learn what they were doing? "Electronic Code Book" isn't an attack and it's not comparable to "Padding Oracle" or "ECDSA". The clunky way the exercises are described leave me with the suspicion that people do these things to collect badges, and little else.
I've been using <a href="http://www.pentesteracademy.com/topics" rel="nofollow">http://www.pentesteracademy.com/topics</a> for many years now. Highly recommend them esp. for Network Pentesting, Windows Red-Blue teaming and others.