Hi everyone, I hope this message finds you well. I’m a Software Engineer with 5 years of experience but zero experience with hacking.
I joined Hack The Box 2 months ago, and I’ve been working through the academy modules. I can confidently say that I have learned a lot so far, and there’s still much more for me to learn.
Up to this point, I have covered the following content from the Pentester path:
- Penetration Testing Process
- Getting Started
Reconnaissance, Enumeration & Attack Planning 3. Network Enumeration with Nmap
- Information Gathering - Web Edition
- Vulnerability Assessment
- File Transfers
- Shells & Payloads
- Using the Metasploit Framework
In addition, I’ve been participating in Capture The Flag (CTF) challenges on RootMe, which I enjoy because they provide resources in the challenge descriptions. These resources include RFCs, papers explaining specific vulnerabilities, and more. The challenges range from easy to hard, and I appreciate the learning process they offer. However, I’ve also attempted some machines on Hack The Box, and the experience is different. Unlike RootMe, the HTB machines don’t have readily available resources to explore and utilize for completion. In RootMe, I have a clear direction, although I understand this might not mirror real-world scenarios. Still, I can learn about vulnerabilities, conduct research, and develop my own scripts to exploit them. In contrast, with HTB, I often find myself unsure of where to begin.
So far, I’ve only tackled the starting point machines on HTB, which come with guided mode (though I usually aim to avoid hints). I distinctly remember working on the “Responder” challenge. Given my limited knowledge of Windows security, I struggled to imagine the necessary steps to complete the challenge. How could I figure out the required actions if I lack understanding of Windows systems?
I am aware of the resources available through the HTB academy, but I’m uncertain about the best approach to the platform. Should I complete all of the academy modules before diving into the machines, challenges, labs, fortresses, etc.?
I find myself a bit confused about how to effectively utilize Hack The Box and extract the maximum benefit from it. I understand that this journey takes time (similar to how it took me years to achieve a solid level of proficiency in software development) and involves a different mindset. Nevertheless, I believe in my ability to develop this new skillset.
If anyone could share their experiences, I would greatly appreciate it. Hearing about your journeys would provide me with valuable insights on how to approach both the academy and the platform on Hack The Box.