I recently came across Hack The Box and have been having fun pwning some of those machines using the techniques that I have learned in the free Metasploit Unleashed course. Metasploit really is a great tool, and even though I could have got some “user owns” without it, I found that once I had learned how to use things like msfvenom, it saved me having to write some of my own trivial scripts, which saved me time.
I’ve currently got 3 “System Owns” and 4 “User Owns”, which puts me on “Script Kiddie” status. I’m hoping to get a few more and move to a better status fairly quickly, if I can find the time to play around some more.
I especially like the way you have to hack the invite before you can gain access to any machines. It was probably the easiest part of any of the challenges I have attempted, but that might be because I’m pretty familiar with web technologies.
If you haven’t tried it out, I would encourage you to do so. The website is very polished, and there are quite a lot of machines to attack 🙂
I took a day off from work on Wednesday last week to go to B-Sides London, and had probably the best day this year! There were so many interesting talks and loads of great people to chat to (and potential job opportunities). I even won a wristband which game me access to the MWR sponsored afterparty with free drinks 🙂
The most entertaining talk by far was by @info_dox titled “A look at TR-06FAIL and other CPE Configuration Disasters”. Darren showed up with a pint in his hand and proceeded to tell us all about the problems with the Broadband Forum‘s protocols and their various implementations.
I came away with a bit of swag too, 3 T-Shirts, and a signed copy of “Breaking Into Information Security by Andy Gill (which reminds me, I must get in contact with him for the digital copy he promised me).
I’d like to say a big thank you to all the volunteers who made it such a great event. Hopefully in the future, I’ll be able to give something back by helping out at one of these events, or something similar.
Last week I signed up for the PWK course from Offensive Security starting in mid June with the intentions of getting the OSCP certification. I booked 60 days of lab access; I hope that’s enough, but if I don’t manage to find enough free time in those 60 days, I should be able to book some time off work towards the end. Failing that, I can always buy more time in the labs if I really need it.
I’m interested to see how I’ll handle the 24 hour exam at the end. Sounds like a fun challenge, which I suppose if what the whole point is (as well as proving skills).
In the weeks before that course starts, I’m working my way through the Metasploit Unleashed course, also by Offensive Security. Looks like a great tool, from what I’ve learned about it so far.