TL;DR
This note is a sum-up on my experience using Hack The Box. It is a Map of Content linked to :
- Retired machines write-ups
- Notes taken when working on learning modules
Hack the Box use case
Hack the box has been my latest learning platform after Tryhackme, Root Me and PortSwigger Academy.
It can be divided in two main categories :
Learning Security
Hack the Box Academy can be compared to Tryhackme’s learning path while being less guided and requiring more prior knowledge. It’s worth mentioning that Tryhackme’s content quality tends to be more disparate. In this regard, I’d recommend anyone interested in IT to search for the core concepts tied to their specialty by looking up at roadmap.sh and THEN getting your hands on Hack The Box rather than TryHackMe.
TryHackMe mention
I started learning offensive security through it. My opinion towards it is biased, since I didn’t know how to properly learn and retain information. I spent multiple months working through modules without having a deep understanding of what I was doing, only by following step by step explanation. Before diving in any of these platforms, I highly recommend anyone reading through Learning Process.
Regarding Web content
Hack The Box Academy Bug Bounty Hunter (or soon to be Certified Web Exploitation Specialist) seems to have great resources (Actively going through the content). However websecurity academy is remains free and very complete.
Get the most out of it
Hack the Box really shines when combining learning content and practicing by compromising machines, though it can get expensive depending on your profile*.
If you can afford both, consider learning as much as you can on academy until you can’t absorb more information and then take a break by practicing on retired machine. Keep writing-up your work and linking it to the learning material you just consumed.
Otherwise, focusing on learning through a complete job role path is tedious but will allow to surf through easy to medium machines once you’re finished.
Pricing change*
INFO
The financial question is particularly valid now that Hack The Box announced its intent to fuse VIP and VIP+ to a more expensive subscription on Hack The Box labs. The monthly Lab subscription is now ~16€.
Certifications
Here’s a touchy topic. I’m looking forward to acquire CWES (previously called CBBH), CPTS and eventually CWEE later. To be honest, I intend to pass these for my personal enjoyment, learning progress and market value. As such, I already started working on both first courses and taking notes, which I intend to publish progressively.
Being able to assess the exam requires to validate the Job Role Path tied to the certification. A Job Role Path is split into modules, each of them separated into topics. Some of the modules are common to both CBBH and CPTS so there will be redundancy in the notes listing below :
CPTS
CWES
| Module | Status | Publication |
|---|---|---|
| Web Requests | Completed | Published |
| Introduction to Web Applications | Completed | Published |
| Using Web Proxies | Completed | Published |
| Information Gathering - Web Edition | Completed | Unpublished |
| Web Fuzzing | Completed | Published |
| JavaScript Deobfuscation | Completed | Published |
| Cross-Site Scripting (XSS) | Completed | Published |
| SQL Injection Fundamentals | Completed | Published |
| SQLMap Essentials | Completed | Published |
| Command Injections | Completed | Published |
| File Upload Attacks | Uncompleted | Unpublished |
| Server-side Attacks | Uncompleted | Unpublished |
| Login Brute Forcing | Uncompleted | Unpublished |
| Broken Authentication | Uncompleted | Unpublished |
| Web Attacks | Uncompleted | Unpublished |
| File Inclusion | Uncompleted | Unpublished |
| Attacking GraphQL | Uncompleted | Unpublished |
| API Attacks | Uncompleted | Unpublished |
| Attacking Common Applications | Uncompleted | Unpublished |
| Bug Bounty Hunting Process | Uncompleted | Unpublished |
CWEE
Let's finish both the above first
Machine Write-ups
Currently not a priority
Most of the recent write-ups were done on active machines, I’ll try to keep an eye on the retirements and publish it soon after. In the meantime, I’d recommend checking https://0xdf.gitlab.io/ for quality write-ups.
Write-ups were not made with publishing in mind, transferring a whole write-up to this specific vault is taking me longer than simply copy pasting.
Linux
| Write-Up | Machine Link | Publication |
|---|---|---|
| Cypher | Cypher Machine Link | Published |
| Nibbles | Nibbles Machine Link | Published |
| GetSimple | GetSimple Machine | Published |
| Artificial | Artificial Machine | Unpublished |
| Environment | Environment Machine | Unpublished |
| Code | Code Machine | Unpublished |
| Cap | Cap Machine | Unpublished |
| Lame | Lame Machine | Unpublished |
| Nocturnal | Nocturnal Machine | Unpublished |
| Dog | Dog Machine | Unpublished |
| Planning | Planning Machine | Unpublished |
| Titanic | Titanic Machine | Unpublished |
Windows
NOTE
Windows labs are not my specialty, ask Wuentin to publish some.