On November 14, 2019, Fortego Analyst and newly accredited OSCE (Offensive Security Professional Expert!) Dylan Makowski hosted a two-hour workshop on Hack The Box, the select tool among pen-testers eager to pass their OSCP exam. It was a full-house packed with Fortegoans, fellow CNO experts on our contracts, and even students working toward tech degrees. The feedback has been so tremendous that we’re looking into scheduling an encore presentation sometime next year. In the meantime, get a taste of what Dylan covered in the Q&A below, and check out his presentation deck here.
Q: What’s the difference between PWK (Penetration Testing with Kali Linux) and HTB?
A: PWK is tailor-made to get students ready for OSCP, albeit outdated and not a great reflection of how the OSCP is currently structured. HTB is a penetration testing playground curated by the community to help facilitate your penetration testing skills for any scenario.
Q: How can you use HTB to help with OSCP?
A: HTB is not meant to replace PWK in terms of prepping for PWK. The content provided within PWK is crucial to get students in the “hacker” mindset. Rather, HTB should be a supplement to the course materials provided in PWK, allowing you to hone your skills on an updated and massive infrastructure, as opposed to relying on the outdated PWK labs.
Q: Who should take OSCP/sign up for HTB?
A: Literally anyone with a curious mind! Computer security doesn’t have to be a dark art that has guarded secrets. Now that computer security has become more mainstream and an important part of our world, there are a multitude of resources to help anyone break into the scene. Basically, if you like taking things apart and figuring out how they tick, you should give it a shot.
Q: What are some helpful resources?
A: I recommend Ippsec Youtube channel for HTB machines, Mattermost chatrooms to help with anything security, and TJNull’s excellent guide to prep for OSCP.