rhondamuse.com

Exploring Capture the Flag: A Journey Through TryHackMe and HTB

Written on

Chapter 1: The Beginning of My CTF Journey

In December 2019, I stumbled upon a tweet inviting participants to a "24-hour CTF" event. Typically, I struggle with infosec tweets filled with acronyms, but this one caught my eye due to a vibrant flamingo graphic. My fascination with flamingos drew me in, and I began to research this CTF phenomenon.

I wanted to participate in this intriguing event. My quest led me to a variety of Capture the Flag platforms, igniting a passion for these challenges. TryHackMe had been on my radar for quite some time. Initially, I hesitated to dive into HackTheBox (HTB) because of its steep difficulty level. However, a 10-day OWASP challenge on TryHackMe in July 2020 motivated me to activate my dormant account, and I’ve been exploring its hacking rooms ever since.

Engaging visual of cybersecurity challenges

Chapter 2: Overview of TryHackMe and HackTheBox

TryHackMe

TryHackMe (THM) is an online platform dedicated to building cybersecurity skills through theoretical exercises, CTF competitions, and hands-on labs. It caters to users interested in learning, practicing, competing, and creating cybersecurity content. Both free and paid memberships are available, granting access to a growing array of challenges and workshops. Users can earn experience points and badges by completing tasks in various themed rooms.

Image showcasing TryHackMe's interactive rooms

TryHackMe Modules

Rooms on TryHackMe serve as virtual environments where users can engage with CTF challenges, workshops, and educational sessions. Each room acts as a distinct page containing tasks that encompass theory, instructions, and related questions. Many tasks come with supplementary materials or virtual machines (VMs) to enhance the learning experience. The rooms are organized into Learning Paths and Modules focused on specific educational goals.

Upgrading to a paid membership on TryHackMe ($10/month or $8/month for students) unlocks numerous advantages:

  • Full access to all content, including private rooms, walkthrough videos, and exclusive events.
  • Enrollment in Learning Paths like Complete Beginner, Cyber Defense, Offensive Pentesting, and more.
  • Access to a browser-based Kali machine, eliminating the need for VPN connections.
  • Use of a private OpenVPN server with a static IP address.
  • Reduced wait times for starting virtual machines.

The value of a paid membership depends significantly on how frequently you plan to use the service. THM caters to all skill levels, offering diverse content that emphasizes offensive cybersecurity while increasingly addressing defensive training. For beginners, the Complete Beginner Path is an excellent starting point, covering essential topics like Linux basics, network security, and web application security in manageable lessons.

King of the Hill (KoTH)

King of the Hill (KoTH) is an engaging competitive game hosted by THM, where participants face off against up to ten others to compromise a machine and secure its vulnerabilities. The objective is to gain access and prevent others from doing the same!

Image depicting the King of the Hill challenge

KoTH not only encourages users to apply their knowledge in a competitive environment but also promotes defensive strategies to thwart opponents. The game consists of 60-minute sessions on a rotating pool of machines, with points earned by becoming the King or finding flags. While it may seem intimidating for newcomers, the best way to assess readiness is to participate.

This video provides a walkthrough of a Capture The Flag challenge on TryHackMe, perfect for beginners looking to get started.

Hack The Box

Hack The Box (HTB) is an online platform that advances cybersecurity skills through penetration testing challenges. HTB adopts a gamified CTF style, encouraging users to hack into systems and capture flags. Membership options include Standard, VIP, and VIP+, each providing varying access to content.

As a Standard member, you’ll have limited access to weekly rotating virtual machines and challenges. VIP members enjoy shared access to both current and retired boxes, complete with documented walkthroughs. VIP+ members receive exclusive access to boxes and unlimited use of the PwnBox, the platform's custom online distribution.

Image illustrating the Hack The Box interface

HTB users can select from numerous weekly rotating VMs or simpler challenges without needing VPN access. These challenges cover various categories, including reverse engineering, cryptography, web security, and more. With a paid subscription, members can access advanced Pro Labs and EndGame scenarios, providing real-world simulations.

HTB is a genuine hacking environment, evident from the initial registration process that requires users to "hack the invite code." For those new to the field, HTB has introduced a "Starting Point" module to guide users through early challenges, as well as HTBAcademy, a learning platform designed to enhance pentesting skills applicable in HTB.

This video covers Day 1 of the HTB Cyber Santa CTF, making it beginner-friendly and accessible for newcomers to the CTF scene.

HTB Academy

HTB Academy is a relatively new cybersecurity learning platform that aims to provide a comprehensive step-by-step learning experience. With both free and paid options, HTB Academy employs a cube point system to grant content access. Each module requires a certain number of cubes, and upon completion, users can exchange cubes for access to additional modules.

Image highlighting HTB Academy's modules

The modules are structured as standalone courses that encompass all necessary knowledge for hands-on exercises. They are divided into sections, offering both theory and practical application on specific subjects. Collectively, the modules form Learning Paths, such as Basic Toolset and Active Directory Enumeration.

HTB Academy is an emerging platform full of potential. Its gamified interface allows users to navigate content based on structure, difficulty, type, and tier, making it easy to find relevant information. The engaging labs and digestible content cater primarily to beginners and intermediates focused on offensive security or those eager to embark on their HTB journey.

Share the page:

Twitter Facebook Reddit LinkIn

-----------------------

Recent Post:

Exploring the World of Headphones: A Comprehensive Guide

Discover the various types of headphones and their unique purposes, along with personal recommendations for different scenarios.

The Myth of Passion in Software Development: A Reality Check

Exploring the misconception of passion in software development, this piece discusses the reality of corporate programming.

Understanding the Perils of Impulsivity in ADHD

This article explores the impulsivity often associated with ADHD, emphasizing its dangers and offering insights on effective management strategies.

Establishing Healthy Boundaries: A Guide to Self-Protection

Discover how to identify and communicate your boundaries effectively to foster healthier relationships.

Effective Leadership: Cultivating a Solution-Oriented Environment

Explore how effective leaders foster solution-oriented environments and the importance of problem-solving in teams.

Reclaiming Dreams: From Heartbreak to Healing and Hope

A poignant reflection on love, loss, and self-discovery, emphasizing the journey from heartbreak to reclaiming one's identity.

Your Life Isn’t Raining Everywhere: Recognizing the Illusion

Explore the idea that difficult moments in life are often temporary and localized, not all-encompassing.

Insect Brains: The Blueprint for Future AI and Machine Learning

Exploring how insect neurobiology inspires advancements in AI and machine learning, focusing on autonomous vehicles and visual processing.