Virtual Hacking Labs Penetration Testing Course Review


Introduction

Like many people who want to start learning penetration testing, I guess most of us share the same goal of getting OSCP, which is the most reliable industrial standard on penetration testing. 

However, it is quite frustrating to start, simply because OSCP covers a lot of topics and you have to deep dive into each of them. Also, I know from many reviews that the OSCP materials are quite old and boring, and you have to explore more yourself on the topics discussed in the course materials.

This is the reason why I want to find a platform or course that is more beginner friendly, more structural and realistic. 

Browsing reddit, there are so many people recommend Virtual Hacking Labs (VHL) as a bridge to OSCP. Seeing that the price is quite cheap as a penetration test platform, I decided to purchase a 3-month pass and see how it works.


Course Materials



There are totally 9 penetration testing related chapters (https://www.virtualhackinglabs.com/?courses=penetration-testing). I should say all of them are exceptionally easy to understand and precise - it will not dive into a topic too deeply to confuse you, and give you "just enough" information and examples for you to fall into place as fast as possible.

I have joined eLearnSecurity courses (eJPT and eWPT) but I just find that the materials in VHL is more easy to absorb.


The Labs

Your goal for the lab is to find out the content of a key file, which, in most of the time, requires you to obtain the root / admin privilege on the box.

There are currently 42 lab machines residing in the VPN network in VHL. It is great that VHL has divided the boxes into different difficulties - Beginner, Advanced and Advanced+, and therefore if you're new to hacking, you can pick the easier ones. For Beginner and Advanced boxes, there are hints available in VHL's lab dashboard so if you get too lost you can use the hints to pump yourself a little bit.






Another good thing is that there are tags and related courseware section in each of the Beginner and Advanced boxes, and therefore whenever you're stuck, you know that there are weaknesses in the areas mentioned and so you can jump back to the topics and read them again! In this way you will get the most of the courseware since you will know exactly what your weaknesses are and try to dive more deeper into them.

The boxes are set to be realistic and so you will not find yourself hacking a box that is too CTF-like. I have come across quite a lot of popular web applications and they are so fun to work on. For the more advanced boxes, sometimes it is so difficult to get the initial foothold since the vulnerable part may not be a well-known one, and you have to look into the context for you to move on.


Certificates of Completion


To obtain the certificate of completion, you have to root 20+ machines and provide complete lab report on your working procedure and proof.

There is also an Advanced+ certificate of completion, which requires you to root 10+ Advanced+ machines, as well as successfully perform manual exploitation (without automated tools like SQLMap / Metasploit) of at least two vulnerabilities on any two of the lab machines.


My Journal on VHL

At first I just want to try experiencing the penetration testing process. I still remember that when I had been stucking on the easiest lab machine for several days, and finally find out it was due to a stupid misunderstanding, the happiness is so difficult to explain.

As time goes by, I find myself enjoying the challenging set by VHL. The boxes are designed to let you learn different skills you need, and therefore I haven't find myself bored when working on the labs. For example, I have never thought of composing a RPM package in my life ever! Those are the challenges set by VHL which force you to understand and try such "ridiculous" concepts.

 


And for sure, in the process I have tried to maintain a good practice on documentation. For every step and attempt, I will take screenshot and note down the reason of taking such actions in the process using CherryTree.

It should be mentioned that it is so important for you to find some study buddies who can discuss with you and solve problems together! Though there is no official channel / forum in VHL, there is an unofficial Discord channel, where people can freely discuss and ask questions. There are many friendly bros who are willing to help and give you insight on solving the boxes. There is an invite if you are interested in joining: https://discord.gg/QxxjGHZ 

After almost 2 months of torture, I finally rooted all the boxes and it is ABSOLUTE SATISFIED! I have never thought to obtain the Advanced+ certificate in the first place but eventually I did it! Just try harder and don't limit yourself :)

Again, a big thanks to Virtual Hacking Labs for such amazing course and I highly recommend this platform to all of the people who want to step into the field of penetration testing, or just want to learn some hacking skills.


Certificates





Comments

Popular posts from this blog

Hack The Box - Bashe Write Up