Virtual Hacking Labs Review
by yunaranyancat
Heyy, today, I will be reviewing Virtual Hacking Labs, VHL.
This post is mainly about my journey from starting VHL until I have managed to compromise 20 machines in the labs which is one the requirements to be elligible to apply for the Certificate of Completion.
About VHL
Okay, first, I will explain briefly what is VHL. VHL or Virtual Hacking Labs is a penetration testing platform for cybersecurity enthusiasts, which works almost the same as HackTheBox.
You will be given three options for the pricing. If you want to get VHL certified, you need to buy at least 31 days of the lab access, which costs around 93€, which what I bought.
It is a self-paced course so you can learn anytime when you are free. If you buy the 31 days or 93 days , you will also get a PDF version of the course so you can read it while offline.
Requirements
You don’t need that much prior experiences in pentesting. But, having good knowledge in Linux distros or Metasploit framework can help you in progressing throughout the lab.
Getting Started
Once you bought the course, you will be presented with a student panel, which contains the course, lab dashboard and other related things.
Vulnerable Machines
There are three different difficulty levels.
Beginner
These boxes are aimed to those who just started or want to dive in the world of pentesting. You can follow what’s in the PDF/hints to get into user and get root. Some of the boxes might have direct root exploit, so that no privilege escalation is needed.
Advanced
These boxes have little hints and you might need to do a bit of research outside the labs to compromise the machines.
Advanced+
These boxes are aimed to challenge students to think out of the box, and to not rely much at hints (these boxes have too little to zero hints) and train your Google-Fu skills. And I think that’s great because you’ll know if you have reached your limit so you can improve where you’re weak at.
For starters, I would recommend doing the boxes based on the ascending order of the difficulty so you won’t get lost.
Certificate Of Completion
One of the requirements for students to be elligible to apply for the Certificate of Completion is to compromise at least 20 machines and to do a thorough documentation for every machine compromised.
There is a text file which contains a secret string in every machine, so it can be used as a proof that the machine has been compromised with root or SYSTEM privileges.
Make sure , your documentation has enough information , and the attacks can be replicated by following your narratives.
Once you submit the documentation, you’ll need to wait until it has been verified. Then , you will be sent a beautiful VHL Certification of Completion like mine below. :P
Additional Information
There is no forum yet on VHL, so you won’t be able to discuss anything related to labs, or pentesting in general. But, I considered it as a challenge given by VHL . It took me almost 7 days to compromise those 20 machines. I didn’t touch the Advanced+ machines yet, until now but I’ll try to find time to jump back into VHL.
OSCP
Based on the reviews I got from one of the OSCP communities , VHL is a good place to learn if your lab time has finished, or maybe you want to find a place to start preparing for OSCP.
Bye !
If you are still wondering whether you should take VHL course or not, check out the reviews from the website itself, or you can use the one week pass to see whether you’ll like it or not.
That’s all for today. Thank you!