Virtual Hacking Labs — Penetration Testing Course Review

Mr. Robot
InfoSec Adventures
Published in
5 min readOct 16, 2019

Note: This is not a promotion / advertisement, I want to give you my honest opinion and help you decide whether you should sign up for Virtual Hacking Labs or not.

My Background

I got my Bachelor’s Degree in Software Engineering a few months ago. In the first year of the university, I shifted my interest towards offensive security and penetration testing. At the time, my university didn’t have any IT security related course that I could take, so I learned everything by myself. Most of the concepts weren’t hard for me because I had a pretty good background. I was comfortable with programming, database management, networking, etc…

I started with beginner Vulnhub machines and wargames. Capture The Flag games also played an important part in my learning process. Eventually, I ended up on Hack The Box. I took every chance to learn something new.

I’m determined to get a penetration tester job and I knew that I have to get certifications that prove my hacking skills. So, I decided to sign up for 3 months of VHL lab access. Let’s see why VHL!

Why Virtual Hacking Labs?

You have multiple options when it comes to hands-on penetration testing and certifications. Offensive Security Certified Professional (OSCP) and Junior Penetration Tester from eLearnSecurity (eJPT) are just two of the most famous ones. I can’t do a comparison since I haven’t done these yet. However, I can tell you why I started with VHL.

It’s very cheap compared to similar courses. I’m fresh out of university looking for jobs, so money played a decisive role.

It has 40+ vulnerable hosts with real-life vulnerabilities. You don’t have to worry about tricky CTF black magic, it’s all based on real life. Some of the machines have dependencies on other machines which is a nice touch. Every machine has a difficulty rating so that you can work your way up from the easier machines. You can even get hints for the Beginner and Advanced machines which might lead you in the right direction. Advanced+ machine don’t have hints, they are considered a challenge.

You’ll get a very detailed courseware that is more than 350+ pages long. I was familiar with most of the stuff but I learned some new tricks and attack vectors, especially for privilege escalation. I have to admit that Windows and Active Directory environments are among my weaknesses. I feel like I learned a lot about Windows, but AD penetration testing wasn’t included in the courseware, even though, they had related machines. For me, this was the only missing topic.

The Certification

If you get root/administrator access on at least 20 lab machines (Beginner or Advanced) and provide documentary proof of that achievement, you can apply for the VHL Certificate of Completion. If you manage root/administrator access on at least 10 Advanced+ machines (and exploiting at least two vulnerabilities without using any automated tools or publicly available scripts), then you are entitled to apply for the VHL Advanced+ Certificate of Completion. Certificates of Completion come in the form of a personalized PDF and sent by email.
Source: https://www.virtualhackinglabs.com/labs/penetration-testing-lab/

I was able to root 41 machines out of 43 in the first month. I mentioned that I had to redo every machine and document them along the way, so this took me another month. I made individual reports for each machine using Markdown which also took me a couple of days.

All things considered, I was happy with my speed and submitted my reports when I finished. I had to wait 4 “long” days to get my certification, but it was worth the wait. I got both certificates which I’m proud of.

Do You Have What It Takes?

The courseware is very detailed and keeps the beginners in mind, but if you don’t have any experience with computers, you are going to have a hard time. I don’t want to discourage anybody, but if you are a complete beginner to the whole penetration testing scene maybe you should start somewhere else.

I mean, you need to read and modify exploits on a basic level. A good understanding of how operating systems work is also a plus. If you can compromise a beginner machine from Vulnhub for example, I think you are good to go. Finally, you must be willing to learn constantly on your own. Don’t just sign up for the certificate, it’s pointless…

My Study Tips

1. Take your time!

You don’t have to rush anything. Take your time. Study that specific vulnerability and do your research on it. You can even set up a personal virtual environment to experiment with it. Don’t forget that you are there to learn!

2. Document everything from the start!

As for documentation, I had a bad tactic. I just run through the course material and started rooting the machines. I deliberately didn’t take notes, I just wanted to see how many machines can I root. So, I had to go through every box at least twice. I’m not complaining, I learned a lot by doing the machines multiple times.

I use https://www.gitbook.com for documentation. It has all the features that I need. I simply copy the screenshots, code snippets and store it safely in the cloud.

3. Use the student panel!

One thing I did right from the start was using the student panel. It helped me track my courseware progress and I was also able to keep track of the rooted machines which was handy.

4. Join the Discord server!

If you want to network with like-minded people, I recommend joining the Discord server. You also can get hints for machines that you are stuck with. They are very helpful and it’s a great community. But please, don’t ask for solutions and don’t post solutions/spoilers!

Discord Server Link: https://discord.gg/bQfGnVQ

5. Use your own Kali VM!

Last but not least, use your own Kali VM! You get outdated virtual machines with a Forticlient SSL VPN client. There is nothing wrong with them, they are perfectly fine and you can easily following through the material and get the same output. However, I suggest using a fully updated VM which might prevent some problems like missing Nmap NSE scripts… I heard others had issues on the Discord server. As for the VPN client, you can easily install it using the APT package manager.

Conclusion

I loved every bit of Virtual Hacking Labs. Overall, it was a great experience for me (including the struggles)! I learned a bunch of new things and improved my methodology. Additionally, the certification and almost rooting all the computers in the lab gave me a good confidence boost for OSCP.

If you have any questions, feel free to reach out to me! My Twitter Account: https://twitter.com/t0thkr1s

Before You Go

Thank you for taking the time to read my article. If you found it helpful, please hit the 👏 button 👏 (up to 50x) and share it to help others with similar interest find it! + Feedback is always welcome! 🙏

--

--

Mr. Robot
InfoSec Adventures

Self-taught developer with an interest in Offensive Security. I regularly play on Vulnhub and Hack The Box.