Course Reviewed
Format:
This course is online.
Materials:
There are no course materials but https://www.zeropointsecurity.co.uk/rastalabs might provide some needed information.
Class size:
The class size unknown.
Environment
The lab environment is shared.
Estimated cost:
At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)
£20.00 per month with a £70.00 setup fee.
£220.00 annually with a £70.00 setup fee.
About the Course:
"RastaLabs is a red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills."
My motivation:
My Review:
I started back into the lab and things were a lot better the second go around. I might dedicate some time and see how far I can get and write a full review.
I started this lab, and, at first, I was a little bit upset with the first part, but after a few days I began to change my mindset from a CTF to a real world like situation and I now see, and understand, why it was critical to put people through the work required for the first part. For the most part, it was very realistic, and after the fact, I realized it was a little more fun than I gave it credit for.
So after gaining a foothold, I started doing some enumeration. Within a few seconds of looking around, I really started to believe there must be close to about half the population of China connected to the same box I was on. There were artifacts from other people all over the box, and it was running pretty slow for me to interact with and then after a few hours on the box, I lost connection. After a little more struggling, I got back on the box, spent a few hours and lost connection. A few days later, I worked my way back on the box, tried to do a few things and finally logged out and haven't connected back to the lab since then.
I might go back and give this another shot, or I might just cancel my subscription and call it a bust. I do feel that some of my dislike for this lab was due to being burned out... and as such, I have not written as much of a review on this as I would like for fear that it might accidently influence someone not to try these labs themself and make up their own mind.
Better review coming soon... maybe!
Ok, I saw on Facebook where the RastaLabs updates were being performed. I thought, great, new update, let me knock this out before the next update. I have been paying for this lab for almost a year now and it was time to get it done.
So I setup a VM on a machine I could leave on 24x7 and let it stay connected via VPN (should have done this for the AWAE before my time ran out, but I didn't.) So I log in, grab a foothold, and start looking around like it was a brand new lab. I was making good progress, and then things changed.
Suddenly everything changed. It was like one day everything was going good, the next day nothing was going at all. After I calmed down, I looked at the Facebook notice. Oh snap, the update was for that day not the day I thought. New Defender updates and everything I used to do was broken. After a little while, I was able to get a few things working. Then a few more. Enough changes to everything I was used to doing, and I was partially back in business.
As I collect all the information I normally go after, I start comparing things to what I had collected vs what I just collected. Mostly the same. So I move forward. Then I reach a point where I am stuck, so I go and ask for help. I was like, I have done x, y and z, and I can't seem to make progress like everyone else. I get responses that range from, well, you have to do x and then things will work (which I said I had already done) to responses such as here is a web page to learn more about what you are trying to do. (I love it when people point you to places to fill in a knowledge gap, because you get to learn and expriment on your own.) So I moved on and I got the information I am looking for in a different way.
Then I am moving through boxes pretty fast, grabbing information, and moving along. Again, I can tell I think 100% different from other people because I grab a flag and the flag seems to indicate I needed to do something different. But since they had just updated the lab and I was seeing the same things, I am thinking that what I am doing is real world and valid.
I reached a point where I could see part of some information I needed. And I spent a whole lot of time trying to get it. I asked someone on the forums for help, and they pasted a link to an article and said that would help.
A whole day goes by with me trying everything I can in that article. I was on the last variation of the commands and was thinking, something is messed up. When I hit enter, I got the info. I was so happy that I was able to complete that and learn stuff, that I stepped away from the computer. When I came back, someone had made changes to the computer and the information I needed was right there in plain site. Ugh. I missed a spoiler by a very short time.
With the new information in hand, I move forward. Then, talk about luck, I caught a lucky break with some previously gained information. The data matched what I had collected several times before, so I marked that as a valid WIN. A lucky break, but that happens in the real world, so I took that lucky break and ran with it.
I now have three flags left. I am working on two of them, but the third is sort of lost on me. Let us see how much progress I can make this week.
Somoeone on the forums gave me a tiny hint on the flag I was lost on. Turns out I needed to make modifications to a tool I was using in order to get the correct data. That was easy. For the next two flags, I had a couple of people step in to assist me with them. Special shout out to the person who worked with me until I finished them. I submitted the flags to HTB and got my CoC and breathed a sigh of relief.
Misc:
The Exam:
There is no exam at the present time, but if you submit all flags and request it, you can get a Certificate of Completion.
My two cents:
I love and hate this lab so much that I don't have words to express my feelings. The Windows Defender updates made life in the lab a nightmare, although I was able to accomplish the tasks that I need to (sometime in very strange ways.) I also found some really strange quirks with Windows Defender running on Windows 10 (but I can't post the details at this time.) I think I liked this more because of how hard things were, because it forced me to think a lot differently than before.