Hello all,
First of all I would like to congratulate the Hack The Box team for creating possibly one of the best free penetration testing playgrounds .
Well my idea is why not to create a new certification guys? Like OSCP but a HACK THE BOX cert. It appears that you have everything ready to go. Plenty of smart people around in the lab that would involve I believe.
It can’t compare to OSCP - but maybe more like the accomplishment cert you get from virtual hacking labs after you pop 20 machines?
I suggested this a few months ago. It is a bit soon yet, but I could definitely see it if we could get some good material together and a private lab for certifications, after we grow some more. Who knows what the future might bring 
@codingo said:
It can’t compare to OSCP - but maybe more like the accomplishment cert you get from virtual hacking labs after you pop 20 machines?
More like an exam dude and a different lab not the free one.
Personally I would like to involve in a cert like this @Arrexel
What other people think would they would like to try a cert from HTB?
I think it would be cool to have some type of cert from here, although a lot of planning and effort would need to go into it.
@SirenCeol and @goutsou , to issue a cert that is aknowledged in the market, we need to grow more. Issuing certs like all those pen-test learning sites seems to me of no meaning. When the time comes we have plans on doing so, but we will be looking at it after the pro labs roll out for some time and after we have a more recognizable name.
Right now, we are thinking of offering a value-add to the VIP users that will be like an online professional profile suitable to be demonstrated on CV’s etc. that will include progress and also categorize skills based on machines owned, eg. Good on Exploit development or SQL Injections etc.
@ch4p said:
@SirenCeol and @goutsou , to issue a cert that is aknowledged in the market, we need to grow more. Issuing certs like all those pen-test learning sites seems to me of no meaning. When the time comes we have plans on doing so, but we will be looking at it after the pro labs roll out for some time and after we have a more recognizable name.Right now, we are thinking of offering a value-add to the VIP users that will be like an online professional profile suitable to be demonstrated on CV’s etc. that will include progress and also categorize skills based on machines owned, eg. Good on Exploit development or SQL Injections etc.
Sounds good dude
hello, it would be awesome to have an htb cert.
I’ll preface this by saying that I love HTB, and I’m not trying to disparage it. I hope this is viewed as advice and not an attack.
If HTB was going to do add a certification then another consideration is the “realism” behind machines. The OSCP is taken seriously because it reflects more of a corporate network - the lab has interdependent machines, multiple subnets, strongly discourages msf, etc’. The other element, probably the most important is that their machines, for the most part avoid things like a service there “just because” (they’re built out more, even if it’s a rabbit hole) and don’t tend to implement areas like stenography.
I don’t think HTB’s position in the market is as an “authority” like Offensive Security, and I don’t mean that in a bad way. I think HTB is more of a fun, less serious, competitive CTF. If I am stuck on a box, people will help. If I’m stuck on an OSCP lab machine, that won’t happen outside of resouces and links - and in both cases, that’s great. I don’t want my certifications watered down, but I also want to see an area in the market where people can progress from VulnHubs, and I see HTB filling that space.
A dashboard of achievements like CodeCademy or PenTester Lab’s certification implementation (as an addon without an exam, not the core focus) is a far better idea. It keeps the fun of the current lab, and also keeps HTB as a competitive platform, not a certification based one.
@codingo my point also. As I said, if certs are to be issued, they will be issued under the pro labs umbrella. Something that has a long way to go.
In the meantime, professional profiles is more or less what you suggest.
in that case, htb could make a final exam with private access for the session exam.
@peek said:
in that case, htb could make a final exam with private access for the session exam.
+1
Do we really need more certs in the info sec community?
@codingo said:
If HTB was going to do add a certification then another consideration is the “realism” behind machines. The OSCP is taken seriously because it reflects more of a corporate network
PWK/OSCP isn’t really a “corporate network”… They have 3 machines maybe that are part of the domain (i.e. they take domain credentials as login)… They do have 4 networks separated by firewalls that allow you to practice port-forwarding/pivoting but other than that, In my opinion HTB is very very close to the PWK labs and on top of that there are new machines all the time.
One of the other things about PWK (which they do a good job of) is making sure you do everything manually… This is an essential skill but there are some cons to this:
All in all with PWK you basically just learn the critical skill of following a methodology and you learn it in the best way possible. Struggling through OSCP was the learning experience of a lifetime… But the exploits and attack methods you learn are not realistic (as in relevant) anymore. You really won’t see a lot of that stuff in the wild.
Another consideration would be course material. That would be a lot of work (I would love to help!).
You are right about the CTF style stuff here in HTB though, not realistic but its an important skill to practice (it also keeps things interesting). But I’d rather not go through the another PWK/OSCP. Its important to keep things different enough because I don’t think trying to make another cert similar to PWK/OSCP would be a good idea.
I like Arrexel’s idea to just see whats happen. This is a really great service, growing really fast and pretty much everyone I know in the community has already heard of it.
@codingo said:
A dashboard of achievements is a far better idea. It keeps the fun of the current lab, and also keeps HTB as a competitive platform, not a certification based one.
I also very much agree with this.
Achievement points… more addictive than crack. Great post btw @day1player
Although I think we’re mostly in agreement on the HTB approach @day1player I do want to touch on your points regarding the OSCP:
- You aren't able to get familiar with actual tools
- Burp/Zap
- Metasploit
- Cobalt Strike
- SET
- PowerShell Empire
- sqlmap
This isn’t correct - you can use Burp Free/Zap as far and wide as you want, Metasploit on a single machine in the exam (and handlers everywhere), or as much as you want in the labs and although you can use the others in the labs (sqlmap / powershell empire), you won’t need to. Cobalt Strike is just a wrapper for metasploit anyway (and a ■■■■expensive one at that) - the point of OSCP is the core understanding so it has no relevance there.
- There is no Red Team aspect
- Yes, this is a pen testing cert, but learning the IoCs and how to evade IDS/IPS would be a killer skill to have
- Deeper understanding of the tools you use to find IoCs and help blue teams and incident handlers
- Setting up persistence on devices
It’s important to remember that OSCP is a beginners qualification that’s aimed at teaching enumeration and basic exploitation. This would all be great, but it would deviate from that ideal.
Struggling through OSCP was the learning experience of a lifetime.. But the exploits and attack methods you learn are not realistic (as in relevant) anymore. You really won't see a lot of that stuff in the wild.
A lot of the exploits, no. But some of it I still see. You’d be surprised how many organisations (retail, health) are still running extremely old systems. The web skills you learn are all particularly prevalent on internal applications that you come across. Plus people still run SMB1, even after the year we’ve had…
@codingo Yes you’re right about a lot of that for sure. You do have the ability to use that stuff if you wish but its not needed to crack the machines. When I went through it I was focused on doing everything manually, because thats pretty much the purpose of the PWK, and I avoided the tools.
A lot of people who take the PWK course will apply the rules of the exam to the labs themselves in order to practice, as did I. With the limited amount of time you have in the labs to learn the manual way, its not realistic to also learn all of the tools in the same amount of time.
Which is where HTB/Vulnhub comes in. I’ve actually been using tools a lot more in HTB which is pretty cool.
@codingo said:
It’s important to remember that OSCP is a beginners qualification that’s aimed at teaching enumeration and basic exploitation. This would all be great, but it would deviate from that ideal.
In response to this about the Red Team aspect; yes you’re right, which is part of the reason I bring it up. OSCP already does a great job doing the beginners stuff, lets just let them do what they do best. I really wanted to identify what PWK/OSCP lacks, thats the stuff that could be incorporated into a next level platform. I wouldn’t want to see other labs competing with Offsec, I’d rather see them build on top of it. Pen Testing is hugely different than Red Teaming, and Offsec doesn’t teach Red Teaming.
@codingo said:
Cobalt Strike is just a wrapper for metasploit anyway (and a â– â– â– â– expensive one at that)
Cobalt Strike is not a wrapper for metasploit. Its actually not a pen testing tool per say, but more of a Red Team tool. It also only targets Windows machines (for now) and does a ■■■■good job of it. CS offers pretty great C2 capabilities and offers a much better platform for persistence during an engagement. The point of CS is to be able to move around a windows domain, passing hashes, finding files, enumerating things and “living off the land” etc. It is not an exploitation framework, though it does have some exploit capabilities.
Also as to how expensive it is, you can get a copy for free at home if you have a .edu email address, and also Mudge (creator of CS) posted a tutorial on how to crack CS for those that don’t want to pay for a license.
All fair points, sounds like we’re on a similar page although I personally don’t think a red team certification would add much value to a market that tends to teach those skills in the field - I’m happy to be proven wrong though. I’m certainly misinformed about Cobalt Strike - will need to spend today adding it to my playbooks