Virtual Hacking Labs after OSCP

securityorcsecurityorc Member Posts: 58 ■■■□□□□□□□
I've finished the year with a bang and got my OSCP. After thoroughly enjoying the labs, I've been wondering if I could gain more by continuing with https://www.virtualhackinglabs.com/ - all the reviews are positive, but people have mostly used it as preparation for OSCP. I'm not sure where it ranks in terms of difficulty and variety, I'm looking for some added value out of it, so wouldn't want it to be easier compared with the PWK labs. Anyone that has experience with it and can shed some light if it's suitable for after OSCP?

Comments

  • N7ValiantN7Valiant Member Posts: 363 ■■■■□□□□□□
    edited January 2020
    Meh, hard to say unless you've done both labs and OSCP to rate relative difficulty.  I just did 20 boxes on VHL and got their basic certificate, which I doubt is recognized by anyone in the world.  If I had to guess based on what's been recommended, Beginner box = 10 point machine, Advanced = 20 point machine, and Advanced+ = 25 point machine.

    Wouldn't know how that translates across the PWK lab since I don't start until next week.

    I don't know if there's a point to it after OSCP though.  I'd rather just continue with active HTB boxes.
    OSCP
    MCSE: Core Infrastructure
    MCSA: Windows Server 2016
    CompTIA A+ | Network+ | Security+ CE
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    @securityorc Thanks. I have used this and it is nice to know others have stated the same thing. I think I will hit this cert soon.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Grats on the OSCP! I have not yet used VHL, but it's on my extended to-do list.

    If it helps at all, I'd suggest a more cost-efficient approach and hitting up HTB for a while. There's lots of retired boxes to learn from.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    ..yeah... sorry @securityorc ... Congratulations on the pass!!!!
    I will be taking this cert this year.
  • securityorcsecurityorc Member Posts: 58 ■■■□□□□□□□
    I've decided to start building my AD attack skills instead and will go for https://www.zeropointsecurity.co.uk/red-team-ops in February

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    I've decided to start building my AD attack skills instead and will go for https://www.zeropointsecurity.co.uk/red-team-ops in February

    I just saw this from rasta as well. It looks good, however I would rather spend that money on Pentester Academy Red Team courses. Pentester Academy is more recognized in the industry as well. If Rasta's was a little cheaper say 250-300 for the 30 days or 400 for 60 days then I would probably jump on it. Its bad enough you are paying in euros right? 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • securityorcsecurityorc Member Posts: 58 ■■■□□□□□□□
    chrisone said:
    I've decided to start building my AD attack skills instead and will go for https://www.zeropointsecurity.co.uk/red-team-ops in February

    I just saw this from rasta as well. It looks good, however I would rather spend that money on Pentester Academy Red Team courses. Pentester Academy is more recognized in the industry as well. If Rasta's was a little cheaper say 250-300 for the 30 days or 400 for 60 days then I would probably jump on it. Its bad enough you are paying in euros right? 

    It's worse...in pounds xP But I'm hyped for it, Rasta knows his tradecraft. I am not a big fan of PentesterAcademy, their teaching approach just doesn't resonate well with me, though I have not tried the red team labs. I was planning a progression of Rasta's Red Team Ops -> Offshore -> Rastalabs -> Pentester's Academy intermediate and advanced red team labs (skipping the 1st tier one).

    As for certificates..none of them have any real value in my opinion. In fact, I'd feel bad claiming to be a "certified red team whatever". It's the practice and the knowledge acquired doing things that I'm after. Right now, I don't have the hardware capital to build my own labs, but that's a project I'll have to get going someday.

    I hope I'll get my company to pay for it but if not...I've spent my own money on worse things...IHRP *cough cough*
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    I wouldn't necessarily feel bad about having a red team cert, pentester academy's PACES and Advanced labs are very challenging and have impressed Rasta himself. Nikhil is a very good teacher, I took his Advanced Active Directory for Red and Blue team course at Blackhat last year, it was very well done. He has a new course and training for blackhat this year. The guy is a guru and always on top of AD/red team pentesting. I wouldn't mind having Rasta's certs as well since he is respected and known in the industry. 

    At the end of the day it truly is about the knowledge acquired and the proficiency to execute those skills in the real world.  

    Your progression path looks good. Look at it this way, all those courses are still cheaper than 1 SANS course and that is not even including your 6-7 day hotel fees lol

    Did you already sign up for the Red Team Ops course?

    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • securityorcsecurityorc Member Posts: 58 ■■■□□□□□□□
    I want to start it mid-February, had an active PentesterLab subscription that I'll freeze while working on it. And the countdown starts from the moment of purchase, but all seats were filled to capacity at launch as well, so hopefully that will be enough time for some spots to free up.
Sign In or Register to comment.