Try Hack Me

I find myself debating on going after the CEH after watching some further podcasts about it – apparently it’s only good if you need a specific DoD requirement met for employment – either that or you’re really just getting started on the red team side and don’t know where to go.

I recently discovered tryhackme.com and I’ve been doing down a rabbit hole there (you can see my progress via: https://tryhackme.com/p/Stubbs.Mcgee) and I didn’t know nearly as much as I thought I did – well about the red team side of things anyway. But, I’ve been going through the Complete Beginner path and I’ve gotten ~80% through as of right now with a 24 day streak.

So far, the highlights of path have been:

  • a good intro to Metasploit Framework
  • using hash cracking tools like John the Ripper
  • an introduction to network exploitation
  • an intro to web exploitation
  • the basics of cryptography
  • exploiting windows using MSF

I started out with the free rooms, but after the first few I hit a pay wall – but a 1 year subscription is only $90 – so I went ahead and signed up – and haven’t regretted it.

The environment is pretty awesome, with a paid subscription you get access to a VM attack box that runs in your browser window – if you don’t want to use it (or are using the free rooms) you can connect via OpenVPN to THM’s network and use your own OS (I would definitely recommend a Kali box).

Currently I’m going through a modules on Shells and Privilege Escalation – primarily in Linux. So far it looks like a revisit to a lot of things that were touched on in prior modules.

After the module on Shells and Privilege Escalation, there’s a module on Basic Computer Exploitation – the last module in the path and it looks like a practical test of previously developed skills.

After completing the path there’s apparently a certificate of completion which is cool.

There are other paths and a lot of other rooms that are available go through and it looks like this is some great prep work for the CEH/OSCP exams.

I’m debating on doing some write-ups for the exercises, but there are a bunch that are already available online so I’m working on a different spin, so we’ll see what happens.

Leave a comment

Your email address will not be published. Required fields are marked *