Virtual Hacking Labs after OSCP

securityorc

I've finished the year with a bang and got my OSCP. After thoroughly enjoying the labs, I've been wondering if I could gain more by continuing with https://www.virtualhackinglabs.com/ - all the reviews are positive, but people have mostly used it as preparation for OSCP. I'm not sure where it ranks in terms of difficulty and variety, I'm looking for some added value out of it, so wouldn't want it to be easier compared with the PWK labs. Anyone that has experience with it and can shed some light if it's suitable for after OSCP?

N7Valiant

Meh, hard to say unless you've done both labs and OSCP to rate relative difficulty.  I just did 20 boxes on VHL and got their basic certificate, which I doubt is recognized by anyone in the world.  If I had to guess based on what's been recommended, Beginner box = 10 point machine, Advanced = 20 point machine, and Advanced+ = 25 point machine.

Wouldn't know how that translates across the PWK lab since I don't start until next week.

I don't know if there's a point to it after OSCP though.  I'd rather just continue with active HTB boxes.

bigdogz

@securityorc Thanks. I have used this and it is nice to know others have stated the same thing. I think I will hit this cert soon.

LonerVamp

Grats on the OSCP! I have not yet used VHL, but it's on my extended to-do list.

If it helps at all, I'd suggest a more cost-efficient approach and hitting up HTB for a while. There's lots of retired boxes to learn from.

bigdogz

..yeah... sorry @securityorc ... Congratulations on the pass!!!!

I will be taking this cert this year.

securityorc

I've decided to start building my AD attack skills instead and will go for https://www.zeropointsecurity.co.uk/red-team-ops in February

chrisone

securityorc said:

I've decided to start building my AD attack skills instead and will go for https://www.zeropointsecurity.co.uk/red-team-ops in February

I just saw this from rasta as well. It looks good, however I would rather spend that money on Pentester Academy Red Team courses. Pentester Academy is more recognized in the industry as well. If Rasta's was a little cheaper say 250-300 for the 30 days or 400 for 60 days then I would probably jump on it. Its bad enough you are paying in euros right? 

securityorc

chrisone said:

securityorc said:

I've decided to start building my AD attack skills instead and will go for https://www.zeropointsecurity.co.uk/red-team-ops in February

I just saw this from rasta as well. It looks good, however I would rather spend that money on Pentester Academy Red Team courses. Pentester Academy is more recognized in the industry as well. If Rasta's was a little cheaper say 250-300 for the 30 days or 400 for 60 days then I would probably jump on it. Its bad enough you are paying in euros right? 

It's worse...in pounds xP But I'm hyped for it, Rasta knows his tradecraft. I am not a big fan of PentesterAcademy, their teaching approach just doesn't resonate well with me, though I have not tried the red team labs. I was planning a progression of Rasta's Red Team Ops -> Offshore -> Rastalabs -> Pentester's Academy intermediate and advanced red team labs (skipping the 1st tier one).

As for certificates..none of them have any real value in my opinion. In fact, I'd feel bad claiming to be a "certified red team whatever". It's the practice and the knowledge acquired doing things that I'm after. Right now, I don't have the hardware capital to build my own labs, but that's a project I'll have to get going someday.

I hope I'll get my company to pay for it but if not...I've spent my own money on worse things...IHRP *cough cough*

chrisone

I wouldn't necessarily feel bad about having a red team cert, pentester academy's PACES and Advanced labs are very challenging and have impressed Rasta himself. Nikhil is a very good teacher, I took his Advanced Active Directory for Red and Blue team course at Blackhat last year, it was very well done. He has a new course and training for blackhat this year. The guy is a guru and always on top of AD/red team pentesting. I wouldn't mind having Rasta's certs as well since he is respected and known in the industry. 

At the end of the day it truly is about the knowledge acquired and the proficiency to execute those skills in the real world.  

Your progression path looks good. Look at it this way, all those courses are still cheaper than 1 SANS course and that is not even including your 6-7 day hotel fees lol

Did you already sign up for the Red Team Ops course?

securityorc

I want to start it mid-February, had an active PentesterLab subscription that I'll freeze while working on it. And the countdown starts from the moment of purchase, but all seats were filled to capacity at launch as well, so hopefully that will be enough time for some spots to free up.