Hacking Dojo

Just got this in the mail. From the creator of Heorot.net, another training option for aspiring security professionals:

http://hackingdojo.com/

Monthly subscription at $95. Apparently limited enrollment.

Find more posts tagged with

Comments

Bl8ckr0uter

Limited to 100 folks. Interesting. 95 dollars is cheap - if you aren't there for very long. Looks pretty interesting.

Looks like they are signing people up for the "foundational" level. Hmm.....

L0gicB0mb508

Bow to your sensai!

Xargon61

I've decided to give it a try and have signed up for the first month. I'll let you know if it's any good.

xheathx

How has everyone's experience been with hacking dojo? I am interested in joining the class starting in March but would like to hear some feedback from fellow TE members.

SephStorm

Check out the reviews on EH.net

The Ethical Hacker Network - EH-Net - Index

The course lead Grendel posts there and answers questions, and I believe there are a few members who have/are taking the classes.

GAngel

I was in the program from December until last week. There are alot of little tips I picked up. Overall its a good class. I'm jsut way to busy and the internet is a bit shite over on this side of the world.

the_Grinch

Currently in his course and I like it a lot. You will definitely learn something, we've just been covering linux commands (I'm behind by two classes so gotta catch up) and I've found things I didn't know about.

Ohmjones

Wanted to breathe some life into this post;

So I knew absolutely zero things about Operating Systems and penetration testing back in Feb of 2015 when I first signed up for the PWK course (OSCP). Now, 2017 after a very long time in that course; I have hacked all the systems in the lab (including the IT, DEV & ADMIN subnets). The course forced me to learn things from a high-level to a low-level, but it was fairly disparate in nature and I've taken the OSCP exam 3 times without passing.

In comes Hacking Dojo.

Since starting Hacking Dojo, I have gone through the first three levels (not officially mind you, I feel the value in HackingDojo is the videos and step-by-step process they are in). Mukyu (novice), Shodan (foundational) and Nidan (intermediate); despite having spent the better part of 2 years in the OSCP course there was just not enough pieces to the over-all puzzle that are given to you by offsec. Great, they go over 90% of what you need to know to carry out a pentest - but none of it includes the experience one would need to see those 'red flags'.

Hackingdojo is filling in these gaps that the self-education forced upon one, by offensive security causes. If I could do it all over again, I would have done Hacking Dojo - officially (the belts seem like cool things to get, but now I'm at a point where I'd rather just pass my OSCP) get the various belt levels and then do the PWK course. However, I didn't - here's some specifics of what I'm not currently doing that the dojo is teaching me.

1.) script all the things.

Ohmjones

Uh, can't seem to edit lol. Anyway;

Script all the things.
- Need to grab ftp directories or all the files?
- Super short wordlist for 'tries-by-hand' online password attacks
- opening links, directory navigation for web-apps type stuff
Google everything.
- If you read anything that looks like a service, application or back-end appliance that you don't recognize. Google it; learn about it at a high-level with an emphasis on hierarchy, etc.
diff things.
strings things.
read, every, single, line. always.

There's more, but I'm not getting paid to teach.

Ohmjones

Thomas is a cool dude, pretty sure hes the guy who is going out of his way to be available.

His course needs to be a pre requisite for the uninitiated prior to jumping into offsec training. Offsec will teach you how to teach yourself but it wont be enough. At least, for those who want into the field with zero experience.

Dr. Fluxx

Ohmjones wrote: »

Wanted to breathe some life into this post;

So I knew absolutely zero things about Operating Systems and penetration testing back in Feb of 2015 when I first signed up for the PWK course (OSCP). Now, 2017 after a very long time in that course; I have hacked all the systems in the lab (including the IT, DEV & ADMIN subnets). The course forced me to learn things from a high-level to a low-level, but it was fairly disparate in nature and I've taken the OSCP exam 3 times without passing.

In comes Hacking Dojo.

Since starting Hacking Dojo, I have gone through the first three levels (not officially mind you, I feel the value in HackingDojo is the videos and step-by-step process they are in). Mukyu (novice), Shodan (foundational) and Nidan (intermediate); despite having spent the better part of 2 years in the OSCP course there was just not enough pieces to the over-all puzzle that are given to you by offsec. Great, they go over 90% of what you need to know to carry out a pentest - but none of it includes the experience one would need to see those 'red flags'.

Hackingdojo is filling in these gaps that the self-education forced upon one, by offensive security causes. If I could do it all over again, I would have done Hacking Dojo - officially (the belts seem like cool things to get, but now I'm at a point where I'd rather just pass my OSCP) get the various belt levels and then do the PWK course. However, I didn't - here's some specifics of what I'm not currently doing that the dojo is teaching me.

1.) script all the things.

What specific classes do you suggest. Im doing my prestudy now. Not signed up yet so I can take my time to learn.

Ohmjones

So, if you have a budget you can use- I sincerely think the HackingDojo will give you all the basics you need to do well in the OSCP course. I test to move up to the Nidan level this weekend and so far, it's been very valuable having someone who is a professional penetration tester go over the whole process and provide resources to study (PWK will provide the resources to study, but it still won't be enough - the overview of the pentest process they offer will make zero sense to someone who has never been a sys admin, developer, etc..).

Only problem, for $99/mo, it's outdated. The ISSAF doesn't exist anymore, it'd appear, and is what the course is based off of. Outside of that, you will learn.

If you don't have money, I would sincerely suggest the following:

A) Navigate the kali linux menu. Learn what tools exist on the box. Go through each one, read the description & play with it locally.

Pick two tools out of each type (i.e. information gathering, password attacks, etc). Read their manpages, try the tools against specific vulnerable VM's and just get generally comfortable seeing how tools work/interact with machines.
C) Script basic ****, like a local auditing script for a linux and windows box. This will teach you the basic scripting stuff you will need to develop. It'll also get you comfortable with the operating systems (windows/linux, you'd be smart to find time to do this with freebsd, etc but the OSCP is primarily linux & windows with the occasional freebsd/unix OS thrown in.

If you have done those three things, sign up for the OSCP. Being comfortable with the operating systems and basic scripting will go a long way to getting you through the course materials. If you are comfortable with tools, then when you run into a WP server or something, you'll know about wpscan or dotdotpwn when you run into a potential directory traversal vector.

SaSkiller

What caused your issue with passing the OSCP? I can't imagine that if you are poping every box in the PWK lab you can't pass the lab technically its either time or reporting right?

McxRisley

I passed the OSCP the other day and I didnt script anything during my time in the labs and on the exam. Scripting can aid you but it is a myth that it's needed for the course.

Dr. Fluxx

Do you that it will be different for everyone per exam?
As in some will need heavy scripting vs some will no based on the structure of he exam in your specific instance.

McxRisley

Yes there are a number of exam machines that you could be given BUT you still dont have to script anything. IF you feel the need to script some things, there is no need to reinvent the wheel, there are many scripts that others have made that are freely available by doing a simple google search.