Virtual Hacking Labs Penetration Testing Course Review


Introduction

Like many people who want to start learning penetration testing, I guess most of us share the same goal of getting OSCP, which is the most reliable industrial standard on penetration testing. 

However, it is quite frustrating to start, simply because OSCP covers a lot of topics and you have to deep dive into each of them. Also, I know from many reviews that the OSCP materials are quite old and boring, and you have to explore more yourself on the topics discussed in the course materials.

This is the reason why I want to find a platform or course that is more beginner friendly, more structural and realistic. 

Browsing reddit, there are so many people recommend Virtual Hacking Labs (VHL) as a bridge to OSCP. Seeing that the price is quite cheap as a penetration test platform, I decided to purchase a 3-month pass and see how it works.


Course Materials



There are totally 9 penetration testing related chapters (https://www.virtualhackinglabs.com/?courses=penetration-testing). I should say all of them are exceptionally easy to understand and precise - it will not dive into a topic too deeply to confuse you, and give you "just enough" information and examples for you to fall into place as fast as possible.

I have joined eLearnSecurity courses (eJPT and eWPT) but I just find that the materials in VHL is more easy to absorb.


The Labs

Your goal for the lab is to find out the content of a key file, which, in most of the time, requires you to obtain the root / admin privilege on the box.

 There are currently 42 lab machines residing in the VPN network in VHL. It is great that VHL has divided the boxes into different difficulties - Beginner, Advanced and Advanced+, and therefore if you're new to hacking, you can pick the easier ones. For Beginner and Advanced boxes, there are hints available in VHL's lab dashboard so if you get too lost you can use the hints to pump yourself a little bit.




Another good thing is that there are tags and related courseware section in each of the Beginner and Advanced boxes, and therefore whenever you're stuck, you know that there are weaknesses in the areas mentioned and so you can jump back to the topics and read them again! In this way you will get the most of the courseware since you will know exactly what your weaknesses are and try to dive more deeper into them.

 The boxes are set to be realistic and so you will not find yourself hacking a box that is too CTF-like. I have come across quite a lot of popular web applications and they are so fun to work on. For the more advanced boxes, sometimes it is so difficult to get the initial foothold since the vulnerable part may not be a well-known one, and you have to look into the context for you to move on.

Certificates of Completion


To obtain the certificate of completion, you have to root 20+ machines and provide complete lab report on your working procedure and proof.

There is also an Advanced+ certificate of completion, which requires you to root 10+ Advanced+ machines, as well as successfully perform manual exploitation (without automated tools like SQLMap / Metasploit) of at least two vulnerabilities on any two of the lab machines.


My Journal on VHL

At first I just want to try experiencing the penetration testing process. I still remember that when I had been stucking on the easiest lab machine for several days, and finally find out it was due to a stupid misunderstanding, the happiness is so difficult to explain.

As time goes by, I find myself enjoying the challenging set by VHL. The boxes are designed to let you learn different skills you need, and therefore I haven't find myself bored when working on the labs. For example, I have never thought of composing a RPM package in my life ever! Those are the challenges set by VHL which force you to understand and try such "ridiculous" concepts.

 


And for sure, in the process I have tried to maintain a good practice on documentation. For every step and attempt, I will take screenshot and note down the reason of taking such actions in the process using CherryTree.

It should be mentioned that it is so important for you to find some study buddies who can discuss with you and solve problems together! Though there is no official channel / forum in VHL, there is an unofficial Discord channel, where people can freely discuss and ask questions. There are many friendly bros who are willing to help and give you insight on solving the boxes. There is an invite if you are interested in joining: https://discord.gg/QxxjGHZ 

After almost 2 months of torture, I finally rooted all the boxes and it is ABSOLUTE SATISFIED! I have never thought to obtain the Advanced+ certificate in the first place but eventually I did it! Just try harder and don't limit yourself :)

Again, a big thanks to Virtual Hacking Labs for such amazing course and I highly recommend this platform to all of the people who want to step into the field of penetration testing, or just want to learn some hacking skills.


Certificates





Comments

  1. ICS Cyber SecurityFebruary 19, 2020 at 4:13 PM

    Here I found valuable information on penetration testing course. Thanks for sharing helpful information.

    ReplyDelete
    Replies
    1. Brian YauFebruary 24, 2020 at 1:05 PM

      Thanks! Glab that it is helpful

      Delete
    2. UnknownJune 27, 2020 at 12:01 AM

      Hello, I'm using the virtual hacking labs and have gained 19 roots in all. However, I meet some problems to solve the last one. could you please give me some hints? can you share me your email?

      Delete
  2. AnonymousMarch 26, 2021 at 2:40 AM

    A stitch in time saves nine as the adage says, it would be advisable to follow through the procedure to which I saved my life from the hands of a cheater, depression and pain. It’s so sad to share my story on here but I just want to let you all know especially those going through hard times in their relationships you are not left alone you just need to get the right hands to help you out. After several months of having an affair with a bully, which was a newly embraced attitude by him initially when we met he was the best thing that ever happened to me cause he never wanted me sad he cares a lot and get the right things done. A few months afterwards he started putting up strange attitudes like keeping late nights, getting drunk, chatting with some thrash girls downtown and lot more. Anytime I complain I get a slap on the wrist, I couldn’t continue with this life has it hurts me badly each and everyday of my life. All I ever wanted was a good home, peace of mind and enjoy a good life but I wasn’t getting that this feeling got me sick until a certain day I got the courage and I sought for help. I came on the internet despite not being a safe place, I got the most ever needed help of my life from this genius IT expert cyber.lord1010@gmail.com. Thank God I met Ben and he was the real deal, I saw great recommendations about him on how he helped others in their relationship, I contacted him within few minutes I got a response with some instructions and he requested for little info off his phone which I did gave him. In a short space of time, I got an email he’s got access to his phone without physical touch he sent all of his conversations with the girls ranging from text messages, call logs, iMessage and lot more. This info I retrieved off his phone saved my life, I would fully advice you get in touch with Ben at cyber.lord1010@gmail.com and get freed from your agony and pain before it’s too late.

    ReplyDelete

Post a Comment

Popular posts from this blog

Hack The Box - Bashe Write Up

Image
HTB - Bashed Basic Difficulty: Easy Tools: nmap python reverse shell script  (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) gobus ter LinEnum.sh (https://github.com/rebootuser/LinEnum) Walkthrough Recon nmap scanning for the win! nmap -sC -A -oN nmap-initial 10.10.10.68 -sC:  Default script -A:    Enable OS detection, version detection, script scanning, and traceroute -oN:  Output scan in normal format The result shows only tcp/80 is open. Let's navigate to the web page. It looks like a blog post mentioning a tool phpbash . Cli ck on the page to learn more:   It mentions that : I actually developed it on this exact server! Hence if we find out the location of phpbash, we can actually execute commands on the host! To find the location out, gobuster is a great tools for b rute -forcing directories! # gobuster dir -u http://10.10.10.68 -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium.t
Read more

The New OSCP Course & Exam Review

Image
Introduction Obtaining OSCP has been one of my goals in my career. When I first started my InfoSec career as a security analyst, I was confused how attacks actually work and without such knowledge, it is really difficult to set decent detection points. As said I do not have experience doing penetration testing, I decide to do A LOT OF preparations, as I think over-prepared is always better than under-prepared.  My aim would be a 1-take pass in the exam. Preparation before starting OSCP After setting up the goal, there has been a lot of preparations. As stated in the previous posts, I have done Virtual Hacking Labs, eLearnSecurity eCPPTv2, some Hack The Box, etc. I recommend before registering the official OSCP course, at least you should try Hack The Box, along with Ippsec's write-ups, which show how a professional penetration tester deal with boxes and how he comes up with what to do next. TJ_Null has a list of boxes with Ippsec videos: https://www.youtube.com/playlist?list=PLidcs
Read more