I took time over the holidays to step away from things security, spend time with my family, and get over being sick. Before the holidays, I finished the TryHackme Red Teaming Learning path and the Cyber of Advent. The following post goes over my experience, problems, and thoughts on the courses.
The Red Teaming Learning path is relatively new, comprised of 36 rooms broken into six sections. The path says it's 48 hours of content, which is probably accurate as I worked on it through November and December. I specifically wanted to try this path as it featured seven rooms on Active Directory.
Before I get into the learning path, I'll mention that I paid for the premium access. From my understanding, this is required as all the rooms aren't free. The cost is about 10 dollars a month, and because of the holidays and life, it took me two months which means it's about 20 dollars to complete the path. Personally, I think it's worth it, but hopefully, reading this post will allow you to have an informed opinion.
The first section is Red Teaming Fundamentals. If you have any experience in red teaming, this section is easy and should take a little time to get through. There is one room for setting up a C2 server which is helpful for beginners as you usually don't get an environment to set that up and have it be explained along the way. I've never gotten the chance to play around with Armitage until this course.
The following section was on initial access, which is less classroom knowledge and more hands-on. I have always considered weaponizing payloads, using PowerShell, and deploying from a C2 server fun. The other room on password attacks was the first point I got stuck. The struggle was around questions on using Crunch to create a wordlist that needed explanation. Thankfully the Tryhackme discord has rooms dedicated to this learning path, and looking back at previous conversations, someone explained it more clearly. So remember to join the discord channel.
Post Compromise, things get a little more complicated. I'm used to enumeration, privilege escalation, and persistence, but we get into our first room related to Active Directory.
Oh, the Active Directory section. I was excited about this part of the path. I wanted to spend a lot of time focusing on this content and understanding Active Directory better. However, I ended up going back to the discord channel often to troubleshoot connection issues. The Active Directory rooms have shared networks, meaning others will be on the same network as you. There are a few things you'll want to check before you start to avoid the same issues as me.
Make sure the network state is running and not stopped. You could be trying to troubleshoot the DNS issues when the network just isn't on.
Run the following command if you have DNS issues in the lateral movement room. This is a pinned message in the discord channel, but finding a solution took me a while.
systemd-resolve --interface lateralmovement --set-dns $THMDCIP --set-domain za.tryhackme.com
In the Exploiting Active Directory room, have good note-taking on your credentials and IP addresses with hostnames. There is a lot of jumping around between machines.
Make a note of rooms that want you to use the Web-based Kali machines instead of the Attack machine. A different version of software exists on a different machine.
The Active Directory section causes a lot of headaches and distracts from learning the content. I'll be learning Active Directory through TryHackme's throwback network in the future. It's around 60 dollars for 30 days of access, but I've heard great things about it, and hopefully, there will be fewer connectivity issues.
After a few evenings and weekends, I finally finished the Red Team learning path. You get a badge for completing the Active Directory section itself, and you get a certificate of completion, which is featured in this article. Even with all the headaches, I recommend this learning path but encourage you to keep the discord near and not waste too much time trying to troubleshoot yourself.
Also during the holidays was the Cyber of Advent. This is an annual event that Tryhackme puts on from December 1st to the 24th. The background story this year was trying to save Christmas from an adversary. They cover everything from information gathering to exploitation, log analysis, and some physical security concepts. Each day is a new activity with a different focus on security. Also, there is a video to help walk you through the challenge. I watched the videos about half the time, and the other half, I just did the challenge myself.
The challenges took me about 30 minutes to complete. That was about the amount of time I had over the holidays, so it worked perfectly. Each day you complete a challenge, you get another entry into the drawing at the end. They had a ton of prizes, totaling thousands of dollars. Sadly, I didn't win anything this year, but it's a fun experience along the way.
Next, I will continue working through the Sektor7 malware development course, as that content is rather heavy, so I'm going slowly. I also plan on doing the Throwback network on Tryhackme to improve my Active Directory skills. Finally, I was sent a free offensive security and reverse engineering course by Ali Hadi on youtube that seems exciting. Still, it's 21 videos between 30 and 90 minutes each, which may take me some time.
I will continue to update the blog as I go through the content. I hope everyone had a good holiday and a happy New Year.
Comentarios