Well, at least the free machines. I’m not ready to pay for VIP just yet, lol. So, archetype, oopsie, vaccine, shield, and pathfinder.
That was a hell of an initiation. It feels as though these machines are designed as like a brick wall to weed you out if you’re not already conversant with a lot of the key required skills. The walkthroughs lead you down rabbitholes or give you misleading information, steps get skipped, nothing is properly explained, stuff almost never just works without a lot of additional wrangling, and a lot of the core things you need to know how to do are just never told to you at all. I would not say someone who’s “new to hacking and cyber security” is equipped to take these on.
That said, I was able to do it, thanks to my existing experience with linux, python, ruby, and a loooooooot of googling and youtubing and troubleshooting and poring over CVEs. It feels like I’ve been through the wringer. Took me about two weeks, all told. I feel like, in overcoming this lab, I indirectly learned a lot of what’s going to be required of me to succeed in this field. Being able to synergize incomplete information to get a picture of what I need to do. Being able to independently find solutions to obscure problems. Being always aware of context and keeping good notes. Being able to do research and understand dense reports and extract the key info. Knowing your tools and where to find things you’re missing. And always always always being thorough with enumeration. So, in that larger sense, SP was exactly what it needed to be, for me.
*Hacker voice:* I’m in.
Your thoughts? What was your experience with SP like, or did you skip it? What was it like learning to hack in general, for you? Old hands and hacking vets, I’d love to hear your stories from back in your nublet days!