Virtual Hacking Labs — Penetration Testing Course Review

Mr. Robot
Mr. Robot
Oct 16, 2019 · 5 min read

Note: This is not a promotion / advertisement, I want to give you my honest opinion and help you decide whether you should sign up for Virtual Hacking Labs or not.

My Background

I started with beginner Vulnhub machines and wargames. Capture The Flag games also played an important part in my learning process. Eventually, I ended up on Hack The Box. I took every chance to learn something new.

I’m determined to get a penetration tester job and I knew that I have to get certifications that prove my hacking skills. So, I decided to sign up for 3 months of VHL lab access. Let’s see why VHL!

Why Virtual Hacking Labs?

It’s very cheap compared to similar courses. I’m fresh out of university looking for jobs, so money played a decisive role.

It has 40+ vulnerable hosts with real-life vulnerabilities. You don’t have to worry about tricky CTF black magic, it’s all based on real life. Some of the machines have dependencies on other machines which is a nice touch. Every machine has a difficulty rating so that you can work your way up from the easier machines. You can even get hints for the Beginner and Advanced machines which might lead you in the right direction. Advanced+ machine don’t have hints, they are considered a challenge.

You’ll get a very detailed courseware that is more than 350+ pages long. I was familiar with most of the stuff but I learned some new tricks and attack vectors, especially for privilege escalation. I have to admit that Windows and Active Directory environments are among my weaknesses. I feel like I learned a lot about Windows, but AD penetration testing wasn’t included in the courseware, even though, they had related machines. For me, this was the only missing topic.

The Certification

If you get root/administrator access on at least 20 lab machines (Beginner or Advanced) and provide documentary proof of that achievement, you can apply for the VHL Certificate of Completion. If you manage root/administrator access on at least 10 Advanced+ machines (and exploiting at least two vulnerabilities without using any automated tools or publicly available scripts), then you are entitled to apply for the VHL Advanced+ Certificate of Completion. Certificates of Completion come in the form of a personalized PDF and sent by email.

I was able to root 41 machines out of 43 in the first month. I mentioned that I had to redo every machine and document them along the way, so this took me another month. I made individual reports for each machine using Markdown which also took me a couple of days.

All things considered, I was happy with my speed and submitted my reports when I finished. I had to wait 4 “long” days to get my certification, but it was worth the wait. I got both certificates which I’m proud of.

Do You Have What It Takes?

I mean, you need to read and modify exploits on a basic level. A good understanding of how operating systems work is also a plus. If you can compromise a beginner machine from Vulnhub for example, I think you are good to go. Finally, you must be willing to learn constantly on your own. Don’t just sign up for the certificate, it’s pointless…

My Study Tips

1. Take your time!

You don’t have to rush anything. Take your time. Study that specific vulnerability and do your research on it. You can even set up a personal virtual environment to experiment with it. Don’t forget that you are there to learn!

2. Document everything from the start!

As for documentation, I had a bad tactic. I just run through the course material and started rooting the machines. I deliberately didn’t take notes, I just wanted to see how many machines can I root. So, I had to go through every box at least twice. I’m not complaining, I learned a lot by doing the machines multiple times.

I use for documentation. It has all the features that I need. I simply copy the screenshots, code snippets and store it safely in the cloud.

3. Use the student panel!

One thing I did right from the start was using the student panel. It helped me track my courseware progress and I was also able to keep track of the rooted machines which was handy.

4. Join the Discord server!

If you want to network with like-minded people, I recommend joining the Discord server. You also can get hints for machines that you are stuck with. They are very helpful and it’s a great community. But please, don’t ask for solutions and don’t post solutions/spoilers!

Discord Server Link:

5. Use your own Kali VM!

Last but not least, use your own Kali VM! You get outdated virtual machines with a Forticlient SSL VPN client. There is nothing wrong with them, they are perfectly fine and you can easily following through the material and get the same output. However, I suggest using a fully updated VM which might prevent some problems like missing Nmap NSE scripts… I heard others had issues on the Discord server. As for the VPN client, you can easily install it using the APT package manager.


If you have any questions, feel free to reach out to me! My Twitter Account:

Before You Go

InfoSec Adventures

Adventures in the world of IT Security.