Course Reviewed
Course Format:
This course is online.
Course Materials:
This course materials included videos, course slides, and course slide notes.
Class size:
The class is just for you and is taken offline.
Lab Environment
The lab environment is shared with other students. I don't recall the exact number of other student machines in the lab environment I was in, but it was a small number if memory serves me correctly.
Estimated cost:
At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)
30 Days $399.00 USD
60 Days $599.00 USD
90 Days $749.00 USD
Review:
This course will teach you some advanced concepts and movement within multi-forest environment. These are some critical skills when performing a Red Team assessment as you might find multiple forested environments.
The course:
I am currently signed up for this class and have spent a considerable amount of time in the lab. 30 days wasn't enough to even wet my feet, so I have gone back for more.
And all I can say is WOW!
From the start, the videos are of the same high quality as the Active Directory and the Red Team labs' videos. The topics were almost all new to me.
When I received the e-mail to start the lab, I noticed that they had VPN access via OpenVPN or through a web browser. I can access the labs from a browser, even if I don't have access to my Kali Linux VM. So I got around to trying the browser access and I liked it a lot. I have even begun to use the browser access more often than the OpenVPN access. The student VM took up the whole browser window and made it a lot easier to see/use. And to search the web, it is just a tab away. It took a few hours to get used to the copy and paste from the browser to the host machine, and vice-versa, but I got the hang of it and I can move back and forth quickly now.
I also noticed that they said you can ask for help and/or a mind map. Not knowing what to expect, I e-mailed asking about the mind map and how it compared to the "Sections" on the official website. The response I received: "Mind maps provide the attack paths to achieve the final goal in the form of diagrams. While the 'Sections' are a bit cryptic, mind maps clearly show what you have to do complete the labs."
That is amazing! It took all I could do to not ask for a mind map or a hint (just to see what the mind maps and hints would be like) but I didn't want to spoil my progress. Well, it didn't take long for me to reach a point I needed more than a little nudge or hint, but full blown serious help.
Several weeks into the class and I had learned a lot but I had also run into a lot of road blocks. When I e-mailed, I provided what I had done up to that point, and where I was stuck. What I got in return was a pointer to return to where I had been previously, and a hint to look for some information. They then told me that from there I would have access to another machine and could move forward. The hints were a bit more specific than I expected, BUT, just what I needed. After returning to a previously owned target, I found that I had seen exactly what I needed, I just didn't have the understanding to know what I was looking at. Hindsight is *ALWAYS* 20/20.
It was about this point that things went South for me. I thought I read some stuff that I did not read, and I ran down the wrong path for the better part of a week. I finally reached a point where the hints weren't helping and I was horribly stuck. I was in a panic. I was doing what I thought they told me and it wasn't working. I broke down and asked for a "mind map" to get past that section. The response was that they had posted them online already. They had just posted the mind maps to the download area (the place you get the videos and documents when you sign up) and I looked at the first one (Yeah, I had jumped around and haven't done the sections in order, so I was needing help on the first couple of sections). It wasn't as much information as I feared (it isn't a step-by-step command guide but rather highlights with enough information to allow you to struggle a little but not too much), but it was good enough to point me in the direction I was going already with no success.
I also took this time to go back and review everything. I had not read what I thought I had read, so I was really confused. When I broke down and asked for my next hint, I got some information pointing me to something I have not really seen in training like this (no spoilers) and I would have never thought in the direction they expected me to.
It finally reached a point where there were constant e-mails from me back and forth to The Lab Team with screenshots of what I was doing and them nudging me forward. We got through it, I breathed a sigh of relief, reached the end of the section I was working on and took a break.
So a few words about the support. Top Notch! Most of my e-mails were sent after a long day of trying various things and reaching a point that I logged out of the labs, sent the e-mail, and went to bed. When I woke up, the replies were waiting on me and I could start back fresh. The times that I e-mailed while working on stuff, the replies were reasonable and the patience shown while dealing with some of my crazy questions was beyond impressive.
When I started the next section, I made some quick progress (which will help me in other sections), but I have hit another roadblock which was 100% my own fault... I did not want to have to keep bugging The Lab Team for help, but I was pretty sure I understand what I needed to do by reading the Section description and breaking down and going to the mind map that covered that section. So I took some more down time, I printed the sections from the web page and all the mind maps. Then I went through my notes and screenshots and collected a lot of data. Next, I started testing and testing and testing and every test kept hitting the road blocks over and over.
So I broke down and e-mail again, only to be told that I needed to do exactly what I was doing. So I tried again! Still failing. So I went back and ran my enumeration yet again. Same data, still not success in getting it to work. This is the point that I realized just how work-like this stuff was....only I was paying to do it and not being paid to do it.
I looked at my notes. I looked at my screenshots. I looked at the hint to make sure I wasn't reading things that were not there. And I reasoned that before I e-mailed asking for ultra specific help, I needed to do something I really didn't want to have to go through the trouble of doing, but I had to in order to cover all my bases. A day later and I am typing up an e-mail to ask why what I am doing is not working when I opted to create a new text document and paste the data I had with the data I just spent a day collecting and compare the two. Guess what? I don't know what happened, but the data I had from the first time did not match. I had screenshots, so I went back and checked them. The screenshots didn't match my earlier notes either. I still don't know how that happened, but I used the correct data and things worked.
So going back to my comment about this being more like work than play... I took the night off (second time this week) to give myself a break. I have reached a section I really want to spend some time on, because I am pretty sure it will be as awesome as I think it will be. And very much a topic I have not experienced in the past.
Yes, that section was very fun, but wasn't exactly as I expected. I still learned a lot.
Some of the sections following this one were quick to get through, and some have taken a while with some questions asked and hints required. If you take the Attacking and Defending Active Directory Lab, and I highly recommend you do if you aren't an AD expert already, you will find the stuff you learned there is needed here. As for me, I found myself going back to the lab guide, searching for commands, copying them, editing them for GCB and pasting them into a PowerShell window. It saved time, plus I had a reference that I could review and ensure my commands and my thinking were on point.
So I have finally reached Section 11, and I find that this is pretty much all new to me. The challenge is pretty intense. But, alas, my time left in the lab is running short.
No matter what happens between now and the end of my lab time, I want to say that this has been a journey of pure joy, lots of learning, and a whole lot of trial and error. Over the past few months, I have devoted a whole lot of my days and almost all of my weekends to this class. I have come home from work and been completely burned out and not even wanting to turn on my computer. But then I start thinking of things I haven't tried, commands I want to run, and I tell myself I will turn on my computer, log in to the lab, and check a few things. Hours later, I realize it is time for bed and I reluctantly begin logging off and calling it a night.
As a side note: I recently had a death in the family which has shaken me to my very core. I think I have turned to the labs as more of a comfort zone. Something familiar. (I will say after running some of the same commands over and over, what seems like thousands of times, there is much comfort in the repetition. Plus, I have gotten the chance to memorize commands from typing them over and over.)
Section 11 and Section 12 were worth the price that I paid by themselves. They were simply great. They forced me to learn new tools and new techniques, pushed my understanding of Microsoft Windows, and reminded me that in a Red Team engagement, even if you stop and think about what you are doing, sometimes things just won't go as planned.
Well, I did finish!!!! I almost felt like the clocking was about to strike midnight and with one second left, I did it. But it wasn't really that close. I got some last minute advice from the lab team which showed me a much easier way to accomplish what I was working to accomplish using a much more complex and error prone technique.
Misc:
I will still say it has been worth every single second of the time spent and effort spent finishing the GCB Lab. I just hope that my next Red Team Course that I take is this good. And to The Lab Team, if you are reading this, thank you again for all the help you have given me. It helped me gain a lot of knowledge that I wouldn't have gotten otherwise.
The Exam:
Seems like I am forgetting to do something. Oh yeah...the exam. I ALMOST forgot about that. I have a lot of time sensitive things coming up and so it may be awhile before I get to take the exam and write a generic review of it, but I am working to schedule it for early next year.
UPDATE #1: So I scheduled and took the exam. The weeks leading up to the test were kind of rough, and I was burning out fast (too much training and learning without any breaks!) By the time the exam rolled around, I was mentally and physically exhausted, but I was pushing forward because I had vacation scheduled and would take a break during that. I was not prepared, and I made a lot of mistakes. I spent almost 24 hours trying to get off the starting box, and the sad thing was, the path off was very clear. I made mistake after mistake after mistake. At some point, I stopped treating it like an exam, and just started going at it like a CTF free-for-all. After the halfway point, I just wanted to compromise all the boxes in the lab and complete the attack part, even if I didn't get to start the defense portion. I didn't make it before going to bed super early on the second day. I woke up early and thought about the exam for a little while. In hindsight, I believe the attack part of the exam was fairly easy based on the course materials they provide. It might have taken more than a day, had I been more prepared, but I think the attack part was a very solid half of the exam. I still had several hours after I woke up the next day in which to try and finish the attack part, but I had already mentally ended the exam and was not willing to log back in. I never got to the defense portion, so I have no information to share about that. I have not done anything training related, YET, this weekend, and am recovering my motivation to the point I might dive back in. Then I will make a decision if I want to try and take this exam again.
UPDATE #2: Today I receieved and e-mail saying I had passed the PACES exam. The only things worth mentioning here are: I have had very little hands on for months and months leading up to this exam. So when I started the test, I was more lost than the first time, and I struggled to remember even the simple commands. It took a while to remember commands, and I kept typing stuff wrong and reading command output incorrectly. At several points during the exam, I was banging my head against the wall trying to figure out a path forward. Each time I hit one of those points, I stopped and went back and carefully read all command output. It was hard until the end, but I can't say I was rushed like the first time. I did get very upset with myself for letting my skills get so rusty, but at least they came back quickly enough. So if you are about to take the exam for the first time, second time or whatever attempt you are on, go about it in a methodical way.
My two cents:
My advice before starting the exam would be to be well rested both mentally and physically, and be ready to spend some time doing the initial enumeration. Nikhil Mittal and PentesterAcademy did a fantastic job with all three of these labs and exams, and I believe this lab has been very important in my learning path by helping me develop very valuable skills. If I opt to take the exam again, and I make it past the attack portion, I will post an updated review.
I hope this review has been helpful, and I hope, if you haven't already, you will sign up for this course and take the time to work through it.
An image of what the PentesterAcademy Certified Enterprise Security Specialist (PACES) certificate, which I got several days after submitting the exam report and passing the exam, looks like.
