My Expirience at HackTheBox

3 minute read

Español aquí

There are things that come into your life and you do not realize how much impact they will cause, until the time passes and you look back and you understand that this “thing” has had so much to do with where you are now, what you know, the friends you have, the contributions you have made and how much you still need to learn. That “thing” has been HackTheBox for me.

On June 14, 2017 for the first time, after almost 10 years in IT, working as Infrastructure Manager, Network and Systems Administrator and more, I discovered Metasploit and used the MS08-067 against a Windows XP, get that reverse shell was an unforgettable memory, was at that time that I realized how much I lacked to learn in Security.

My desire to learn continued and thank God, I found a website that would change my life forever, I’m not exaggerating, I’m talking seriously, you’ll see why; that website is HackTheBox!

HackTheBox

HackTheBox more than a website or access to a VPN, is a community of Hackers who share information and create challenges, very similar to real life the environments and common security problems, to learn and practice Pentesting techniques, Forensic Analysis , Web Applications, Buffer OverFlow, Reverse Engineering and much more.

Here I did my first steps to get OSCP certification in 234 days, I started in June 2017 and I got certified in January 2018, how did I do it? Well, here’s the good things about HackTheBox:

The Community

I had no idea of ​hacking at all and I needed some help to get started and the HackTheBox community was key to that, I met many people who selflessly took a bit of time to share their knowledge and teach me different topics, the interesting thing is that many of them were already professionals with years of experience in Security, and took some time to explain me a particular topic, which I thought was incredible. I also met the legend of ippsec, if you do not know who he is, visit his YouTube channel, you will learn a lot; he has been my teacher even though he doesn’t know, I have learned a lot from his videos, I think the Information Security Community is really grateful to ippsec and his contributions. It was here, and with all this, that I understood the hacker community is not as I thought, rather than reserve knowledge for personal use, we are a community that shares and helps, that grows and advances through the sense of collaboration. We are not geniuses, but we share the little we know.

The Challenges

Another great aspect of HackTheBox is the diversity of challenges you will find, different OS like Linux, Windows, Android, etc; Web vulnerabilities, custom applications, bad configurations (just like in real life), etc; In HackTheBox you can learn and practice almost everything.

The community, the challenges and sharing with people with objectives similar to mine, were key to achieving the OSCP, but once I finished I decided to specialize in Offensive Security against Windows environments, so I needed to learn and practice more advance security for Active Directory and HackTheBox bring us ProLabs!

ProLabs

What are the ProLabs? They are real life simulations of business environments, with complex implementations of Active Directory, whose objective is to attack and learn techniques and procedures of Offensive Security that are common in companies. It is not the typical CTF, here the objective is to identify bad configurations and abuse them to obtain Domain Admin or Forest Domain.

HackTheBox currently has 2 ProLabs: RastaLabs and Offshore, I had the opportunity to do both of them, you will definitely learn different things from each other. If you are still very new doing this, gather a group of friends and work together, so you will learn from each other while doing the ProLabs and perfecting your knowledge of Active Directory Security. Undoubtedly I can say that after doing the ProLabs I feel more confident in my skills for both enumeration and attacks on complex and secure Active Directory environments.

Final Thoughts

I want to end this post by thanking @ch4p for the effort and initiative to make HackTheBox, to each of its members who contribute so much to our community: g0blin, ippsec, mrb3n, Arrexel, Rasta Mouse, mrh4sh, lkys37en, other moderators (if I miss anyone) and each one of you, for making HackTheBox so great! I have found good friends here, thank you all. You Rocks!

HackTheBox-Defcon

HackTheBox

God bless you!

Serving Christ is not a task, but a relationship. Friends of God. Jn 15:15

Updated: