u915

Daniel Cano Merchán - Hacking & Tech

Tryhackme offensive pentesting review

Honest review about the tryhackme Offensive pentesting learning path and some personal feelings about it.

Time to complete the labs

It took me a month to complete all the rooms. My objetive was to complete all the rooms in 1 or 2 months without burning my self.

Normally I spend 2 to 4 hours depending on the day to advance on the path. I studied after work if I was able to do it, so not all days were study days. I just took my time when it was possible if not, no problem, but I tried to be more or less constant on my work and work every day if I could. Some weekends I put extra effort, but in a relaxed way.

Price

The price is good $10 per month. In my opinion it is worth, the machines are only for you so it is like a VIP+ HTB subscription. Also you have a Kali image ready to use in your browser, but I did not use it because I have my custom environment and I used it.

Difficulty

The level, at least on this learning path, is easier than Medium HTB machines. It is like easy to medium machines but with a friendly environment. Some of the machines are guided so sometimes they are pointing you to the next step. The first rooms are basic and the last ones are more or less like black box penetration test.

It is feel time

This is the last tryhackme post for now. I already completed the Offensive Pentesting Learning path a few weeks ago. I learned new tricks and also practiced things that I already knew, but I am not interested in uploading more writeups because I considerer that the last lessons/challenges are more guided. I recommend you this path if you are starting and you know a little about pentesting in general but got the basics and you need to polish your skills in a friendly environment.

Also the part of Windows AD, kerberos and lateral movements in a Windows domain are good, you can practice about Windows AD, LDAP, Kerberos, Domain controllers, etc. Practice Windows enterprise fundamentals and how it works is a good boost in your skill arsenal if you do not know nothing about it, go ahead you will learn new things with examples. Also the part of stack buffer overflow is not bad I think it is a good point to practice more bufferoverflows if you already know how a bufferoverflow works, because they assume you know a little about stack bufferoverflows. In my case learned a new way to find badchars in a faster way.

In general I enjoyed the path and also tested another hacking platform, because I had always used HTB before. Also there are a lot of writeups out there, if you are stuck you can take your time and compare. But in my opinion you should try to hack all the machines without checking another writeups, do it when you have already rooted the machine, sometimes you will find another path to hack the machine or maybe you hacked the machine using a different way, learn from others and grow, do not take this platform like HTB or capture the flag.

In my opinion this path is focused on learning, covering the basic and polishing your skil. Also the path contains a good amount of Windows knowledge. At least for me, I am more used to Unix environments, was good to know more about the Windows environment and powershell.


Thanks for reading!