Hack the Box : Offshore

by Vince
in Blog
Hits: 368

From the Hack the Box website:  "What Are Pro Labs -- Interactive, hands-on, complex scenarios that give players the chance to penetrate enterprise infrastructure and hone their offensive engagement skills. Pick any of our Pro Labs, own it, and get your certificate of completion."

When people say to me that they want to be a penetration tester, I tell them that it's a fun field to be in but you will NEVER stop learning.  I know of more than a few people who finish a certification and then declare that they need a break.  That's not me.  I enjoy the grind.  When Vulnub was a thing, I would download the newest boxes.  From there, I bounced around the various CTF platforms.  I've also constructed several internal labs.  And most recently, I dove head first into the HTB Pro Labs. 

When I'm working, I'm hacking.  And when I'm not working, I'm hacking.  And that leads us to Offshore.  

Offshore is not new but I highly recommend it to anyone that wants a challenge that is somewhat realistic.  There are aspects of Offshore that are CTF-like and if I'm being honest, I could do without that.  But given what you get for very few bucks, I'll take the bad with the good.  I found the environment to be challenging but not outside of my comfort zone.  Given the nature of the labs, most notably, the nightly reset, the biggest thing I learned was how to automate the daily setup for pivoting into, and out of, the various compromised subnets.  It forces efficiency because past the witching hour, there is no persistence. 

A final thought for anyone considering the Pro Labs or Offshore in particular -- if you haven't worked in complex environments, your weaknesses will become apparent quickly.  The Pro Labs require you to have your TTPs, post exploitation, and note taking skills dialed in.    And much more.  

I thoroughly enjoyed the experience and now I'm headed into Cybernetics.