Course Reviewed
Format:
This course is online.
Materials:
There are no course materials that I am aware of, but if there is a site with any information, please let me know.
Class size:
The class size was limited.
Environment
The lab environment is open.
Estimated cost:
At the time of this review, the course was open to Enterprise customers with licenses.
About the Course:
"Genesis LLC is a start-up Cyber Security company."
"Genesis has tasked you with assessing the security of their internal infrastructure and creating a pentest report."
My motivation:
This was part of our Enterprise licenses and I was interested in taking it to see just how easy it was.
My Review:
This was listed as easy, and not too long after I started I was already several boxes deep into the lab. My flags were so out of order it wasn't even funny. A few days into the lab and I was moving fairly fast through the boxes.
Enumeration was the key to everything. And then I found a box that was listed as being vulnerable to an exploit, which I uploaded, ran and bricked the box. I moved on and worked other boxes, but the next day the box was still bricked.
Fast forward a bit and I was stuck on a site. I had done a ton of enumeration, but I was making no progress whatsoever. And the box I bricked was still bricked (no ping, no arp, no thing). I then request HTB redeploy the lab, and when I found the screen to do that, I also found I had access to a walkthrough.
So while waiting for the lab redeployment, I started going through the walkthrough with the plans to stop at the box I had bricked and the box that I was stuck on.
The box I had bricked came first in the walkthrough. So I waited until the redeploy and then I went and finished that box. Which, just as I thought, gave me some information to move forward on another box.
I eventually eneded up back at the one box I was super stuck on. So I went back to the walkthrough, moved forward until I came to the box I was working on, and, guess what, they were doing what I had done that wasn't working. I went back and setup like I had done previously, in my browser tab I started type what I had done before, selected one from the list, click enter and it worked. I think my scans messed that one up.
Along the way I actually totally missed one thing, and had gone back to that box a few times and kept overlooking it. I have no clue why, but like I said earlier, enumeration is 100% the key to this lab. I found what I had missed before and moved forward in the lab.
Flash forward to a change in my work schedule leaving me in a state of not having the energy to even do proper enumeration in the lab. I started going down these super complex attempts to compromise this one box, and nothing was working. When I finally found the answer, it was simple.
So lessons learned during this lab... 1) Enumeration 2) Keep it Simple 3) I don't think like other people (a lot of how I did the boxes in this lab were not how the walkthrough did them...yeah, I read the whole walkthrough after I finished.) 4) I learned some really cool things from the walkthrough.
Misc:
This has by leaps and bounds be my favorite HTB Pro Lab to date. Why? Because it was straight forward, real world, and there were no complex CTF tricks for the sake of having complex CTF tricks.
The Exam:
There is no exam at the present time, but if you submit all flags and request it, you can get a Certificate of Completion.
My two cents:
This was really fun. Probably the most fun I have had with HTB content. If your company has an Enterprise account and the licenses for this lab, and you are new to penetration testing, this is the lab for you.