Home

Review of Hack The Box - APTLabs

These are my personal opinions based on my background and training experience.



Course Reviewed


Format:

This course is online.


Materials:

There are no course materials that I am aware of, but if there is a site with any information, please let me know.


Class size:

The class size is unknown.


Environment

The lab environment is open.


Estimated cost:

At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)

$27.00 per month with a $95.00 setup fee.
$297.00 annually with a $95.00 setup fee.



About the Course:

"APTLabs simulates a targeted attack by an external threat agent against an MSP (Managed Service Provider). The lab requires prerequisite knowledge of attacking Active Directory networks. APTLabs consists of fully patched servers, prevalent enterprise technologies, a simulated WAN network, and much more!"


"Your goal is to compromise all client networks and reach Domain Admin wherever possible. On completion of this lab, you will be familiar with long-lasting TTPs, how to attack enterprise technology, and be a true Google-ninja."


My motivation:

I love Hack The Box and wanted to try this some day. I also wanted something challenging and new that would force me to learn new techniques and tools along the way. And this did all of that and more.


My Review:


Ok, this was a pretty crazy experience. I had joined a new HTB team a few months back, and one of the guys mentioned starting the lab, and since I was almost done with the Red Team Ops course, I thought I would go ahead and jump in and have at least someone else in the lab that I knew and could bounce ideas off of.


Things started off fairly fast and the first couple of flags were super easy to find. Then things got a little tricky. I got to learn some new techniques and have fun learning new tools too. It was at this point that one of my tool didn't work exactly like my team mate's tool. With a little persistence, my tool worked correctly, and I was able to get setup with the first foothold.


The next couple of boxes were both interesting. I learned a few new tricks which were fun. Then I reached a part where I found an unintended path forward, and my team mate figured out how to take advantage of the unintended method in a manual way and we both jumped ahead in the lab.


It was around this time we both got stuck. By stuck, I mean really stuck. It took a pretty good amount of time, a little asking for help, and slowly putting things we had found together to move forward. (One thing I recommend is that if something that you think should work doesn't work, try it the next day if you can't move forward another way.) But once we moved forward, it was fairly straight forward. Lots of new techniques for me, and some new tools, and using tools that I rarely use. Excellent experience during this portion of the lab.


Then we circled around to where we got stuck the first time. It didn't take long to find the path forward, but it took effort. It seems like the last part happened fairly fast compared to the other parts, up until just about at the very end.


I had about 10 open terminal windows and each was doing various things. I was trying all sorts of exploits and rushing to enter commands and just hoping to get the last two flags. I had noticed a small detail that made me try a previously used exploit, but I kept getting error messages. I was on the web searching stuff, and doing a lot of copy/paste of commands, but not having any luck. I was also trying things in each window since each shell was running as a different user across two boxes.


By this time I had a couple of browsers with numerous open tabs in each, probably upwards of 12+ terminals open, and I was getting no where. Suddenly I noticed one of my attempts had gotten results. I had copied and pasted something off a site and changed the IP to mine and things started working. A one in a million shot. It was the wildest thing. We think we know why it worked, but the odds of the right command being copied and pasted into my shell was astronomically high. Hey, sometimes you get lucky, sometimes you don't.


That led to new access... and suddenly the final flag was in reach and then submitted. Done. Wow. Less than a month. But a LOT of time and effort. A LOT of time and effort.



Misc:

I really liked this pro lab.


The Exam:

There is no exam at the present time, but if you submit all flags and request it, you can get a Certificate of Completion.



HTB APTLabs CoC


My two cents:

This was really fun. There are LOTS of challenging areas in the lab. You might even learn a few new tools and techniques along the way. I only bumped in to other unknown people maybe twice during the month (and I took note of some stuff one user was leaving on disk which didn't really help in the long run, but made me think and try other stuff.) Also, don't forget the prolabs-apt channel on the HackTheBox discord.






Copyright © 2024

Contact: redteamtrainingreviews @ redteamtrainingreviews.com