Username or email address. Forgot your password? Roster Assistant Log in. June 21st, 2018 - And Now Just Because It S Such An Amazingly Stupid And Fun Web Hack Circa 1997 That I Stumbed Upon Recently And It Had The Keyword Lyberty In It'Start menu Wikipedia June 23rd, 2018 - The Start menu is a user interface element used in Microsoft Windows since Windows 95 and in some other operating.
Introduction
I decided to sign up for Virtual Hacking Labs after failing the OSCP exam for the first time. That’s when I started looking for new platforms to practice, and after a long research VHL seemed to be one of the best options and I am grateful I signed up for this as this was definitely one of the reasons I was able to pass my OSCP exam later on.
The platform provides you with very detailed course material which you can refer to when completing the machines in the lab and it covers all the main phases of a penetration test such as information gathering, exploitation, post exploitation and privilege escalation, with a few practical examples as well. In all honesty I skipped most of this and I focused on the salient parts as it seemed redundant after having already done the entirety of the PWK material and exercises provided by Offensive Security, but the content is definitely valid and is especially useful when going through the lab Machines.
The boxes in the labs are divided in three difficulty levels:
- Beginner
- Advanced
- Advanced+
There is a handy progress panel where you can track the progress of both the course material and the labs. As you complete sections of the course or boxes in the lab, your progress will be updated accordingly.
Pros
- The subscription costs about 40 dollars a month which isn’t too cheap in and of itself, but in my case I was planning to only subscribe for a month so it was definitely bang for your buck.
- Quite lengthy course material, but organised in a manner which made it very easy to find what you are looking, thanks to the VHL web platform, and as opposed to having a 800 page PDF document.
- Access to a virtual lab with 40+ hosts to practice your penetration testing skills, which isn’t shared with other students unlike the PWK labs.
- The platform provides you with the “VHL Certificate of Completion” after successfully compromising at least 20 lab machines (Beginner or Advanced), and the “VHL Advanced+ Certificate of Completion” after successfully compromising at least 10 Advanced+ machines. You have to provide proof of compromise and for the Advanced + you have to exploit at least two vulnerabilities without using any automated tools or publicly available scripts).
- Handy hints provided for beginner and intermediate machines, which often point you to a specific section of the course material rather than giving you a straight answer, which helps you develop the mindset required for penetration testing.
- Ability to boot multiple machines at ones, which can speed up the process by enumerating multiple machines at the same time and help you mimic an exam-like or real-life environment.
- Some boxes aim to teach you how major software have had critical issues in the past such as Apache Struts, Drupal Geddon and others, and how the underlying framework can often be your target.
- There is an official Discord channel you can join to discuss the lab machines with other students and exchange tips/ideas.
Cons
- Lack of privilege escalation vectors – you are expected to use kernel exploits for a lot of boxes and others have very trivial vectors, there were a couple of interesting ones but apart from them it was pretty unimpressive overall.
- Lack of Windows machines – I don’t think there were nearly enough compared to the PWK labs, especially when it comes to post exploitation which can often be overwhelming for many Linux users.
- I personally think hard boxes should have hints, as these are where you are most likely to be stuck, maybe implementing a timer on the hints like the Proving Grounds platform does.
- No buffer overflow practice machines – this isn’t a big issue as there is already plenty of practice material and boxes online that cover this topic, but it would be one of the things this platform needs to be complete.
- The page where you reset boxes is separate to the one where you mark them as complete, which can be a little annoying as you need to keep going back and forth, it’d be great if it was all in one dashboard.
- Marking boxes as complete does not require you to enter the user or root flag, so theoretically you can mark all boxes as complete without having done any of them. I’d think this would be a fairly easy functionality to implement so I’m not exactly sure why it wasn’t included.
Despite the few issues listed above none of them were deal breakers and they can all be fixed/changed, and I believe once they are VHL would be the best place for OSCP practice.
Conclusion
I was able to complete all of the available boxes apart from two in about 3 weeks studying about 4-6 hours a day every day. I really enjoyed the experience with this platform overall and I would definitely recommend it to anyone preparing for the OSCP certification exam.
See all blog entries
Should You Be Able To Repair It? We Think So.
You own it, you should be able to fix it. So much equipment on sale today has either been designed to be impossible to maintain, unnecessarily too complex to maintain, …read more
Practical Print Makes IPad A Magnificent Eye Piece
Be it the ever shrinking size of components, the miniscule size of the printing on such pieces, or the steady march of time that makes visits to the optometrist an …read more
A Whole Lot Of Stepper Motors Make The Most Graceful 7-Segment Displays
Now you see me 2 hindi dubbed download. Over the years we’ve seen many takes on the 7-segment display. Among the most interesting are the mechanical versions of what is most often an LED-based item. This week’s offering …read more
Homebrew ROM Reader Saves Data From A Vintage Minicomputer
Have you ever heard of a Centurion minicomputer? If not, don’t feel bad — we hadn’t either, until [David Lovett] stumbled upon a semi-complete version of the 1980-ish mini in …read more
FreeBSD Experiment Rethinks The OS Install
While the medium may have evolved from floppy disks to DVDs and USB flash drives, the overall process of installing an operating system onto a desktop computer has been more …read more
ESP8266 Network Meters Show Off Unique Software
Like the “Three Seashells” in Demolition Man, this trio of bright yellow network monitors created by [David Chatting] might be difficult to wrap your head around at first glance. They …read more
Making A Left-Handed NES Controller
The controller for the original Nintendo Entertainment System is a classic, but perhaps not best known for its adherence to good ergonomic principles. Regardless, it can grow awkward to use …read more
Older posts