Labs

Practice Labs – Working on Your Skills

Labs – Education & Preventing ‘Skill Fade’

It’s important to stay on top of your game through education and learning. One of the best ways to achieve this is by practicing your skills on the various labs available.

Regardless if you’re just starting out or looking to develop your testing skills – There are tons of labs and training resources available. This post covers several options, some of which are free and others that offer a subscription service.

I’m often asked what’s the best way to prepare for Offensive Security’s OSCP certification. The answer would be these little gems below:

Available Resources

  1. Pentester Lab
  2. VulnHub
  3. HackTheBox

 

Pentester Lab

Pentester Lab offers both a free and subscribed service at $20 per month. It’s a hands on way to learn web application penetration tests whereby exercises start from a basic level and get progressively difficult.

PentesterLab Exercises

The exercises are split down into ‘Badges’, with each badge aimed at a specific type of vulnerability. For example, the ‘Intercept Badge’ in the screen shot above relates to ‘Man-In-the-Middle’ exploitation.

There’s a great variety of exercises on PTL. I really enjoy the smaller exercises in the ‘Essential Badge’. The Essential Badge aims at covering the most common web vulnerabilities with easy-to-understand examples, such as XSS, SQLi, Directory Traversal and SSRF.

VulnHub

VulnHub is free of charge. It’s aim is to provide material that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.

Each individual exercise has it’s own VM (ISO) available for download. A lot of these VM’s are considered similar to some of the OSCP lab exercises, making VulnHub a perfect way to prepare yourself.

HackTheBox

Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.

As an individual, you first have to complete a challenge to prove your skills and then create an account, allowing you to connect to the private network (HTB Net) where several machines await for you to hack them. By hacking machines you get points that help you advance in the rankings.

HTB is great for those who are looking to get some lab time before starting OSCP.

In order to join HTB, you first need to solve an entry-level challenge here. Which is a fun way of joining the community. HTB also has it’s own Slack channel where members can meet to offer assistance.

HTB is free, but a subscription service (£10 per month) is also available. Personally, I opted for the subscription service as it’s less crowded. It’s gets rather frustrating when other free members start to reset the box or delete your payloads!

Conclusion

All three of these sites are excellent training resources, especially if you’re looking to work towards OSCP or continue building on your training and development. They all provide relative material that will help keep  you on top of your game.

There are also plenty of other labs and training resources available. If you have any you recommend please drop me a message – I’d love to hear from you. You can either tweet me here, or drop me an email on the contact page here 🙂