We are delighted to share the launch of both Genesis and Breakpoint, two new Professional Labs scenarios designed for those just getting started in the field of cybersecurity and those looking to challenge themselves and hone their red teaming skills. While of course being useful to offensive security practitioners, the remedial advice for both scenarios also makes these labs valuable for the blue team.
Genesis and Breakpoint were both developed in cooperation with @MinatoTW, Content Engineer at Hack The Box. These labs bring together the basic skills needed to build a career in penetration testing and an opportunity to enhance and test those skills in a realistic red teaming engagement.
Genesis is an ideal first lab that features a wide-range of OWASP Top 10 vulnerabilities, common privilege escalation techniques, and real-world security misconfigurations. It covers how to exploit the vulnerabilities, and importantly, how they can be mitigated.
Breakpoint is more challenging than Genesis, but offers players the chance to practice their newly acquired skills in a red team simulation environment. Read on to learn more about each scenario in detail.
What is Genesis about?
Genesis LLC is a start-up cybersecurity company. Prior to using their services, a potential client has asked for an internal pentest report of the Genesis network, as part of their due diligence. Genesis has tasked you with assessing the security of their internal infrastructure and creating a pentest report.
What do you need to know to take on Genesis?
-
A basic knowledge of penetration testing tools
-
A basic understanding of Windows and Linux operating systems
What will you learn?
After completing Genesis, you will have gained familiarity of the tools and techniques that are used to exploit enterprise networks, and have gained knowledge in the following areas:
-
Enumeration
-
Exploit modification
-
Lateral movement
-
Mitigations and best practices
-
Privilege escalation
-
Situational awareness
-
Web application attacks
What is Breakpoint about?
This scenario focuses on a software development startup, who take security seriously. They have enlisted your services to perform a red team assessment of their environment. The goal of this challenging lab is to gain a foothold, elevate privileges, establish persistence and move laterally, in order to reach the goal of domain admin.
-
What do you need to know to take on Breakpoint?
-
Experience in assessing Active Directory environments
-
Knowledge of Microsoft infrastructure design concepts
-
Knowledge of Microsoft security controls
-
Understanding of common administrative configurations
-
Understanding of development tools and workflows
What will you learn?
After completing Breakpoint, you will have gained familiarity of the tools and techniques that are used to exploit enterprise networks, and have gained knowledge in the following areas:
-
Active Directory enumeration and exploitation
-
Code review
-
Evading endpoint protections
-
Lateral movement
-
Local privilege escalation
-
Phishing techniques
-
Situational awareness
-
VoIP exploitation
How to play the new scenarios
These new Professional Labs will initially be an exclusive for Hack The Box for Business customers on our Enterprise Platform, with a view to making them available to the rest of the community in 2022.
Not a Hack The Box For Business customer yet?
Happy hacking!
Hack The Box team
