117 points by memorable
a month ago
I've played hackthebox intensely for one month. A lot of fun, but it takes a lot of time to crack your first insane box. If people want university level courses in this, I recommend them to study at the Vrije Universiteit Amsterdam and take courses with the VUSEC group. The VUSEC group gave me the skills to immediately attempt an insane box and hack it (it did take a good 80 hours though :P).
Also, if there's any pentesting/reverse engineering company reading this I'm interested in doing an attacking related position. My skills are a bit rusty as a hacker (currently working as a software engineer), but then again I did hack an insane box while having rusty skills. So it might be worth something?
My email is in my profile.
Your advice about VUSEC is very cool. Slight piece of personal advice, when openly trying to get people to reach out to you by email, following that up with a comment in your profile saying you might not respond because of spam makes the reader ask why you haven't solved that issue yet.
Ah, I should update my profile description.
The insane challenges can be even harder than boxes imho.
When I first discovered htb I too had a couple months of hardcore grinding to become omniscient, then it became a bit too time consuming to keep doing them once I got in the top 10
I would definitely recommend if you’re gonna keep doing them to make a couple friends who are at the same level, it’s much more fun / less grind to tackle them in groups
Do they offer online course or is it something that’s in-person only?
I did their "hacking Wordpress" course once, thinking it would be a fun side-gig getting hired to pen-test business websites (and to accomplish the mission about 2 minutes later).
Little did I know that businesses with Wordpress websites aren't interested at all in pen-testing or security, least of all somebody showing up and offering this as a service.
I know of at least one business that runs on WordPress that has a bug bounty program. Also the WordPress project itself has one.
I've been a TryHackMe user for a while and have been really liking them so far. For those that have used both that and HTB, is one better than the other?
HackTheBox was great as practice before going for my OSCP. Haven't used it in a while but all the boxes were pretty high quality and ippsec's writeups helped teach me topics.
reminds me of the old school shells you could root online back in the early 00's. RootTheBox was a big one, and I remember a few others shell wargames being hosted.