Little Background About Myself
I recently graduated in year 2020. I am currently working as a full stack developer and have interest in security from my college days. In my college days,I have participated in CTF’s , solved HTB , Vulnhub ,Portswigger and many more which I discovered during those days. I wanted to have more practical experience on web security side and I had heard a lot about Pentesterlab. So this time having some free time in my hand, I finally thought of giving it a try. I took the subscription in year 2020 and always wanted to share my experience using the platform so here I am after delaying it for so many months.
I will go in short about what I liked and expected more from the platform.
Learnings:
All the Badges are really good and has some really good challenges. Some of the badges really gives a good understanding about the basics like Unix , Essential and Android Badge.
The badges which I enjoyed the most was Orange and Brown. Recon Badge is fun too!!. User with the FREE subscription can have a look at all the badges and their respective challenges to get a understanding about the challenges . There are some of the challenges which are available for FREE subscription although most of the good challenges are covered in PRO subscription.
How to get your queries resolved:
Scenario 1 :
If you get stuck solving any of the challenges and feel like if you have followed all the instruction given in the challenge
OR
If you have solved the challenge.
In both the cases, I would recommened to watch the video as your way of solving the challenges might be different and you might learn something new(Happened to me in many of the challenges).
Scenario 2:
If you have your exploit ready for challenges. Its not working as expected and your approach is different from the solution provided in the video.
This case happened to me in two or three badges for some of the challenges.
You can directly reach out to Louis Nyffenegger (Founder of PensterLab) via the support email:
support@pentesterlab.com.
I got the response amazingly fast which I was not expecting at all.
I recommened having a mail thread(Attach your POC and the problem you are facing) for different Badges.
Discord Non official Community
I was googling stuff for one of the challenge which I was facing some difficuly running my exploit in python and found this discord channel on one of the discussions on reddit: _pentesterlab_
The members are active and helps without giving the direct solution which I liked the most. After joining the channel, even I was very active and trying to help people if I have an idea about the problems other’s are facing.
Things which I expected more
Many of the CVE’s based challenges are in Ruby language. I felt that there should be more CVE’s challanges based on other language like Python, Java etc.
One good thing that happened to me due to this was after solving the CVE’s challenges, I am now a little bit familiar about Ruby language and can write some simple exploit.
Before this, I had heard just about Ruby as I do my most stuff in Python.
Summary:
All together, It was a great learning experience and I would recommened to anyone who wants more practical experience and want to gain some confidence.
◎ Finished Badges
This is my first blog, feel free to drop any suggestions via my social handles. Thanks for reading !!!.