Self security in HTB infrastructure

Hello everyone, I am a beginner, what do u recommend to do before connect to to the HTB servers? Maybe isolate VM, configure iptables or something like that?

It is possible you are overthinking things here, but it entirely depends on your threat model.

As an example - what do I do? Almost nothing. I use VMs with OpenVPN to connect into HTB and generally go out of my way to turn off anything like a firewall on the VM. History has taught me that 65% of the time, the reason you fail to get a reverse shell is because a host firewall on your attack box is getting in the way.

But it is really down to you and your own use of the systems and risk modelling.

While it is entirely possible that someone could [accidentally|deliberately] launch attacks against your VM, this is very unlikely. Your IP address is dynamic and will change on a regular basis so it is hard to think of how someone could build an attack against you for the time you are connected to the VPN.

Obviously it is not impossible though.

My only real suggestion here would be to use a VM to connect to HTB and not have anything important, sensitive or interesting on it. If someone is going to attack you via HTB and they have a way to escape the VM into the host, you are facing an adversary who is well resourced enough they will compromise you in different ways.

+1 for that @Tazwake said. I also just use a VM and turn the firewall off on it.

I think I read somewhere that HTB actually stop users connecting to each other, and can only connect to the target machines. So in theory you should be safe from people’s attempts anyway, but of course as we all know there are often ways around these restrictions lol

Yes, launching attacks is not something that happened to me when connected to HTB servers. It’s most likely to be attacked when opening a pop-up window or scam website that promises you something you believe and open them. That’s why it is essential to learn more about cybernetic security. As a hint, you can read more here about that and how to know if a site is a scam or not.