Practice

Introduction

All the theories in the world will be of no use to us if we cannot transfer them into practice and apply our knowledge to real-world, hands-on situations.
Technical skills are only half the battle, however. We also need excellent written and verbal communication skills to be effective penetration testers. This includes seemingly minor things like being able to write a clear and professional email and present and defend our work during a client meeting and through a professional report.
Need to practice leading a kickoff call with a customer? Have a friend or teammate act as a fictitious customer. Use that time to practice asking your initial scoping questions and defining the pentest you expect to deliver. These same actions can be used when practicing delivering your post-engagement report walkthrough briefing for a client.

Practicing Steps

Modules

Here is a good blueprint for tackling a module:

Read the module

Practice the exercises

Complete the module

Start the module exercises from scratch

While solving the exercises again, take notes

Create technical documentation based on the notes

Create non-technical documentation based on the notes

Retired Machines

When we have completed (at least) two modules and are satisfied with our notes and documentation, we can select three different retired machines. These should also differ in difficulty, but we recommend choosing two easy and one medium machines.
At the end of each module, you will find recommended retired machines to consider that will help you practice the specific tools and topics covered in the module. These hosts will share one or more attack vectors tied to the module.
The order in which we can proceed to practice with the retired machines looks something like this:

Get the user flag on your own

Get the root flag on your own

Write your technical documentation

Write your non-technical documentation

Compare your notes with the official write-up (or a community write-up if you don't have a VIP subscription

Create a list of information you have missed

Expand your notes and documentation by adding the missed parts

Finally, we should create technical and non-technical documentation again. We will find that this one will likely be more extensive than the previous ones because we are working with many more topics we need to cover and document here.
The most significant advantage of this approach is that we go through the entire penetration testing process, improving the way we capture essential information and have everything we need to prepare our documentation based on our experiences and notes.

Active Machines

After building a good foundation with the modules and the retired machines, we can venture to two easy, two medium, and one hard active machine. We can also take these from the corresponding module recommendations at the end of each module in Academy.
The advantage of this method is that we simulate as realistic a situation as possible using a single host that we have no familiarity with and cannot find documentation on (blackbox approach).
Ideal practice steps for active machines would look like this:

Get the user and root flag

Write your technical documentation

Write your non-technical documentation

Have it proofread by technical and non-technical persons

Proofreading gives us our first impressions of how the readers receive the two types of documentation. This gives us an idea of which aspects of our documentation need to be improved for both technical and non-technical audiences.

Pro Lab/Endgame

Once we feel comfortable going against singular hosts and documenting our findings, we can take on Prolabs and Endgames.
These labs are large multi-host environments that often simulate enterprise networks of varying sizes similar to those we could run into during actual penetration tests for our clients.

PreviousPost-Engagement NextAcademy Module Layout

Last updated 3 months ago

Introduction

All the theories in the world will be of no use to us if we cannot transfer them into practice and apply our knowledge to real-world, hands-on situations.

Technical skills are only half the battle, however. We also need excellent written and verbal communication skills to be effective penetration testers. This includes seemingly minor things like being able to write a clear and professional email and present and defend our work during a client meeting and through a professional report.

Need to practice leading a kickoff call with a customer? Have a friend or teammate act as a fictitious customer. Use that time to practice asking your initial scoping questions and defining the pentest you expect to deliver. These same actions can be used when practicing delivering your post-engagement report walkthrough briefing for a client.

Practicing Steps

Modules

Here is a good blueprint for tackling a module:

Read the module

Practice the exercises

Complete the module

Start the module exercises from scratch

While solving the exercises again, take notes

Create technical documentation based on the notes

Create non-technical documentation based on the notes

Retired Machines

When we have completed (at least) two modules and are satisfied with our notes and documentation, we can select three different retired machines. These should also differ in difficulty, but we recommend choosing two easy and one medium machines.

At the end of each module, you will find recommended retired machines to consider that will help you practice the specific tools and topics covered in the module. These hosts will share one or more attack vectors tied to the module.

The order in which we can proceed to practice with the retired machines looks something like this:

Get the user flag on your own

Get the root flag on your own

Write your technical documentation

Write your non-technical documentation

Compare your notes with the official write-up (or a community write-up if you don't have a VIP subscription

Create a list of information you have missed

Watch walkthrough and compare it with your notes

Expand your notes and documentation by adding the missed parts

Finally, we should create technical and non-technical documentation again. We will find that this one will likely be more extensive than the previous ones because we are working with many more topics we need to cover and document here.

The most significant advantage of this approach is that we go through the entire penetration testing process, improving the way we capture essential information and have everything we need to prepare our documentation based on our experiences and notes.

Active Machines

After building a good foundation with the modules and the retired machines, we can venture to two easy, two medium, and one hard active machine. We can also take these from the corresponding module recommendations at the end of each module in Academy.

The advantage of this method is that we simulate as realistic a situation as possible using a single host that we have no familiarity with and cannot find documentation on (blackbox approach).

Ideal practice steps for active machines would look like this:

Get the user and root flag

Write your technical documentation

Write your non-technical documentation

Have it proofread by technical and non-technical persons

Proofreading gives us our first impressions of how the readers receive the two types of documentation. This gives us an idea of which aspects of our documentation need to be improved for both technical and non-technical audiences.

Pro Lab/Endgame

Once we feel comfortable going against singular hosts and documenting our findings, we can take on Prolabs and Endgames.

These labs are large multi-host environments that often simulate enterprise networks of varying sizes similar to those we could run into during actual penetration tests for our clients.