FAQS

Certificate

Do all subscriptions include a Certificate of Completion?

All subscriptions greater than a week pass contain a free Certificate of Completion when you have compromised at least 20 lab machines.

Does your course qualify for CPE/CEU?

Completing the penetration testing course may qualify you for 40 (ISC)² CPE credits/hours. Course completion consists of completing the courseware, completing at least 20 lab machines on the lab network and supplying documentation as proof. By completing the course the student will be eligible to apply for the Certificate of Completion that can be used as proof of finishing the course.

It is up to ISC2, EC-Council or any other certification body to determine if and how many CPE will be awarded.

Is the Certificate of Completion printed?

No, we deliver a pdf version of your personalized Certificate of Completion by e-mail after meeting the requirements.

What are the requirements for a Certificate of Completion?

To be eligible for the VHL Certificate of Completion you need to:

  • Get root/administrator/system access on at least 20 lab machines.
  • Supply documentation of the exploited vulnerabilities.
  • Supply screenshots proving that you rooted the lab machines.
  • Supply the contents of key.txt files from the rooted lab machines.

Please send the documentation and proof to the following e-mail address: info @ virtualhackinglabs.com

Courseware

Are you offering a follow along course?

No, we are not offering a follow along course. We’ve chosen for a black box approach for the labs which means that only little information is given about the lab network and machines. The courseware describe the techniques to perform network enumeration, vulnerability assessments and different exploitation techniques.

When you’ve went through the courseware you should be able to compromise the lab machines or know where to find the information and how to apply it. This also means that a student has to research additional resources other than the courseware. New techniques and vulnerabilities are discovered on a daily basis which makes research a crucial part of the learning process to become a skilled ethical hacker.

Does the courseware PDF have the same content as the online courseware?

Yes, the courseware PDF has the same content as the online courseware.

How frequently is the courseware updated?

We’re updating the courseware on a regular basis with new chapters, paragraphs, modifications, corrections and student feedback. The last modification date is displayed on the course page. Be sure to download the courseware PDF again to make sure that you have the latest and most current edition.

What subjects are covered by the courseware?

The courseware covers a wide range of subjects from network enumeration to exploiting vulnerabilities. A complete overview of the courseware subjects can be found on the course page.

We also provide a free courseware sample that can be requested here.

What will I learn form the labs and courseware?

Throughout this course we will be primarily focusing on the technical side of penetration testing. This means that we will learn how to identify vulnerabilities in systems, services and configurations. With this information we work with exploits that take advantage of these vulnerabilities as real attackers do. The learning goal here is to be able to identify vulnerabilities and to understand how systems are exactly vulnerable by exploiting them. We will be looking at systems and services as attackers do. With this information you will be able to detect potential security issues, solve or mitigate them and apply countermeasures. Key here is that you cannot fix anything that you don’t understand. We’re learning things by breaking things. To be able to fully understand how systems are vulnerable we will be analysing vulnerable code, exploiting real vulnerabilities and practicing scenarios in the labs.

General

A little bird told me new courses are in development as part of the subscription?

That little bird is right. Your monthly memberships make it possible for us to expand and improve the penetration testing course and develop new courses with labs. As Virtual Hacking Labs is subscription based we are offering new courses under the same monthly subscription without additional fees or memberships.

The new courses with labs will mainly focus on:

  • Advanced penetration testing
  • Web application penetration testing
  • Security research
  • Exploit development
  • Red Teaming

Can I share my account to access the virtual hacking labs?

Sharing your account to access the virtual hacking labs is not allowed. If suspicious activity is detected that indicates excessive account sharing, we will suspend the account immediately. This does not mean that you can’t access the labs from several locations, such as from home and work, which is perfectly fine.

We are trying to keep the pricing as friendly as possible for each individual user to benefit all aspects of our services. Sharing accounts may restrict this for all parties involved sharing the same account. Only a single person can access the labs on an account at the same time and only 1 person can be eligible for the certificate of completion. Also note that course and lab progress is limited to tracking the progress for a single person.

If you need access for a large group of users (25+), please contact us using the contact form.

Can I write a walkthrough for my blog when I’ve compromised a host?

Congratulations! It is great when you have compromised a host in the virtual hacking labs! Every host in the labs was configured by us with great care. The findings necessary to compromise the host contributed to your learning experience in different ways. When other students encounter your blogs posts with a walkthrough in the process of finding ways to compromise the host, it may spoil their learning experience. Therefor we request you to not write walkthroughs for compromised hosts on your blog or publish and other information which may degrade someone else’s learning experience.

Do you have open job positions are Virtual Hacking Labs?

Open job positions will be listed in the news section.

Do you provide trial/demo accounts?

No, at this moment we do not provide trial or demo accounts. We do provide a courseware sample.

Does access to the labs include courseware?

Yes, our memberships are all-inclusive, which means that they include both courseware, lab access and a certificate of completion for month passes or greater.

The courseware includes information about:

  • How to install Kali Linux and setup a VPN connection to the labs.
  • How to use different hacking tools such as Metasploit, Nmap, Nikto & Netcat.
  • How to perform network enumeration.
  • How to perform a vulnerability assessment.
  • How to compile exploits for Linux and Windows.
  • How to exploit vulnerabilities.
  • Privilege escalation on Windows & Linux.

More information about the courseware contents can be found on the course page. A free course sample is available on this page.

How can I become a penetration tester or ethical hacker?

This is probably one of the most asked questions by people new in the field of penetration testing and ethical hacking. The field of information security is very wide and we understand that sometimes it’s hard to find your way through this maze. We do not offer individual certification or career advice but we can offer you a virtual environment where you can start learning penetration testing techniques instantly at an affordable rate.

Our labs offer a wide range of entry level vulnerable hosts to practice different penetration testing techniques. When you have completed the beginner level hosts you can continue with the more advanced vulnerable systems which often require multiple steps to compromise. Also note that the labs are a great step-up for practical certifications such as OSCP, LPT, GPEN and eCPPT.

What will be in the virtual hacking labs?

The virtual hacking labs contain a number of vulnerable hosts to practice penetration testing techniques. The labs contains multiple Windows, Linux, Android machines with recently discovered vulnerabilities and older common vulnerabilities. We are constantly in the process of updating the labs with new machines vulnerable to recent discoveries.

Who are these hacking labs for?

The virtual hacking labs are for anyone who wants to learn and practice penetration testing in a legal way. Especially those who want to get into the field of penetration testing and ethical hacking in a professional way can benefit from our labs. The hacking labs contain both beginner and advanced hosts targeting new and more experienced penetration testers. The beginner level hosts are a great step-up to the advanced boxes.

Why are you offering these virtual hacking labs?

There is a constantly growing demand for specialized security professionals like penetration testers in the job market. This growing demand leads to many unfilled positions now and even more in the future. With this course and the virtual hacking labs we want to offer a accessible environment for anyone to start developing the skills necessary to fulfil a position in the security market. We are aiming to keep the labs as close to real life situations as possible. Therefore many of the vulnerable hosts in the labs are based on real situations as encountered on enterprise networks.

Link: http://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf
Link: http://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016

Additionally, learning how to hack on live production systems is a really bad choice. Even small mistakes can have an enormous impact on organizational processes resulting in financial loses, data corruption or down time. The Virtual Hacking Labs hosts and its environment are designed solely for the purpose of practicing penetration testing techniques.

Will you refund (unused) access passes?

No, we do not refund unused access passes. In rare occasions we can pause or extend access to the virtual hacking labs. Please read more about pausing lab access here.

Ordering

Are the VHL memberships recurring?

No, all memberships are nor recurring and can only be extended by purchasing a renewal pass from the shop.

Can I purchase an extension?

After your access pass ends you are able to purchase a new lab access pass. In this case you will be send new credentials to access the virtual hacking labs as if it was a new account.

If you purchase a new access pass with an account holding an active pass, we will extend the current access pass.

Can I receive an invoice?

Yes, your invoice will be send after completing the payment and will also be available for download in your account.

Can I register for a future date?

Yes, it is possible to register for a future date and secure a seat in the Virtual Hacking Labs. When you prefer a later start date please leave a comment with the preferred start date in the ‘additional information’ field during the order process. We’ll make sure your account will be activated at the requested start date.

Do you offer discounts for groups?

We offer discounts for groups of 25 people and up. Please contact us for more information.

Do you offer virtual hacking labs for enterprises?

We are currently offering public/shared virtual hacking labs only. Corporate hacking labs will be available in the near future. If you are interested in a corporate labs for 25+ accounts now, please contact us using the contact form.

How do I renew my access pass?

In order to renew your access pass, make sure you’re logged in and go to Renewal Shop.

Or follow these steps:

1.) Go to “My Account”

2.) In the column named “My Memberships” theres your membership, click on “View”.

3.) The renewal product will be visible and you’re able to add it to your cart.

On completion your membership and labtime will be extended and you can use your former credentials.

When does my lab access start after purchasing an access pass?

In most cases your order will be approved and delivered within a couple hours after your order details and payment have been received and verified. In rare occasions it might take up to 24 hours to activate your lab access. On such occasions we will try to contact you as soon as possible with the expected starting date and time.

A delay in activation of you lab access will never impact the duration of the lab access.

When will my lab access end?

Access passes to the virtual hacking labs will end:

Pass type Ends in
Week pass 7 days
Month pass 31 days
3 Month pass 93 days
6 Month pass 186 days
Year pass 365 days

Some examples:

  • A week pass activated on 1st of January at 12:00 will end 7 days later on 8 January at 12:00.
  • A month pass activated on 1st of January at 12:00 will end 31 days later on the 1st of February at 12:00.
  • A year pass activated on 1st of January 2017 at 12:00 will end 1 year later at the 1st of January 2018 at 12:00.

When will my order be delivered?

In most cases your order will be approved and delivered within a couple hours after your order details and payment have been received and verified. In rare occasions it might take up to 24 hours to activate your lab access. On such occasions we will try to contact you as soon as possible with the expected starting date and time.

A delay in activation of you lab access will never impact the duration of the lab access.

Payment

Can I receive an invoice?

Yes, your invoice will be send after completing the payment and will also be available for download in your account.

Do you offer student discounts?

At the moment we do not offer student discounts.

What currency is payment in?

The payment currency is:

Europe: EUR

Rest of the world: USD

What payment methods do you accept?

We currently accept the following payment methods:

  • Paypal
  • Bank Transfer

We do not accept payment using Bitcoin or other crypto currencies.

Why do I have to pay VAT?

According to EU regulations, all customers located within the EU are required to pay VAT unless they have a valid VAT ID. In this case they are exempt from VAT. As per the new set of European Union regulations for VAT that came into effect starting January 1st, 2015, all of the purchases made through the Virtual Hacking Labs by EU customers will be charged a VAT rate according to the customer’s country of residence or establishment.

Support

Can I call your support desk?

We do not offer support over the phone. We are happy to answer all your questions by live-chat (when available) and e-mail.

We will answer your support queries within 1 business day but generally within a few hours. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.

Do you have a student forum or IRC/Slack channel?

At this moment we do not have a student forum, IRC or Slack channel yet. We are currently looking at some alternatives from which we’ll be implementing one soon.

Do you offer support on the course?

The VHL Penetration Testing Course is a self-paced course and priced accordingly. We do not offer support for the courseware, lab machines or related course related subjects. Occasionally we organize free online chat support for beginners, please contact the service desk for the next available date.

How can I contact the support desk?

Our technical and commercial support desk is available by using the contact form: https://www.virtualhackinglabs.com/contact/

We will answer your support queries within 1 business day but generally within a few hours. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.

Please note that we only offer technical and commercial sales support. The VHL Penetration Testing Course is a self paced course. We do not offer support for the courseware, lab machines or related course related subjects.

Should I contact support when I’m unable to connect to the VPN?

When you’re unable to connect to the VPN we ask you to check for the following before contacting support:

  • Does your virtual machine have internet access?
  • Is your virtual machine able to resolve hostnames?
  • Is a firewall preventing you from establishing connections on port 443?
  • Are you using the right credentials supplied when you purchased the access pass?
  • Are you using the VHL VM with the VPN client pre-installed?
  • Have you followed the instructions in the documentation:
    • https://www.virtualhackinglabs.com/?courses=2-3-vpn-access
    • https://www.youtube.com/watch?v=i-0fLERK7S0

Please note that we can only support/troubleshoot the pre-installed VHL virtual machines. If you are unable to install the VPN client or access the labs on an existing installation, please download the VHL pre-installed virtual machines. The reason we do not troubleshoot existing installations is that there are far too many causes that can cause connections problems and may require intensive troubleshooting to fix. We have ruled out these possible causes on the pre-installed VHL virtual machines.

If you are still unable to access the VPN on the VHL virtual machines, please contact the support desk and supply the following information:

  • VPN account name
  • Output of the following command: ifconfig -a
  • Output of the following command: route -n
  • Output of the following command: uname -a

We will answer your support queries within 1 business day but generally within a few hours. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.

When is the support desk available?

We will always try to reply to support requests as soon as possible. In general our support desk is available between 09:00 GMT and 18:00 GMT. We will answer your support queries within 1 business day but generally within a few hours.

If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.

Please note that we only offer technical and commercial sales support. The VHL Penetration Testing Course is a self paced course. We do not offer support for the courseware, lab machines or related course related subjects.Occasionally we organize free online chat support for absolute beginners, please contact the service desk for the next available date.

The labs

Are all VHL lab environments identical?

Yes, we have multiple lab environments and they are all identical. After signing up for a Virtual Hacking Labs membership you will be assigned to one of the labs depending on the current load and capacity.

Are your labs a copy of OSCP/Vulnhub?

No, our labs are not a copy of the famous OSCP labs or instances from Vulnhub machines.

All machines in the labs are custom made for the Virtual Hacking Labs and are not copied from elsewhere. The starting point for the development of the virtual machines was the course syllabus to ensure that most subjects from the courseware are addressed in the labs. Therefore all lab machines are designed in a way to contribute to a specific learning experience in combination with the courseware.

Can I pause my lab time?

When you sign up for an account to access the virtual hacking labs we reserve a slot for you in those labs with unlimited access for the period that you’ve signed up for. This slot contains reserved resources which are available for 24 hours a day and 7 days a week, even when you’re not logged in. For this reason we are unable to pause your access pass to the labs or refund unused access passes.

Do you think there is an exceptional reason for us to pause your virtual hacking lab access? Did you purchase an unused access pass for at least one month? Then contact us with this reason as soon as possible using the contact form and we will get back to you as soon as possible. Please note that lab access from the start date to the date of sending the e-mail will never be credited. We do not offer refunds.

Invalid reasons are: Busy with study or work, holidays and any other reasons due to bad time management.

Do the labs contain Windows machines?

Yes, the labs contain several Windows machines, including a Windows domain.

How can I reset a specific host?

Specific hosts can be reset using the reset panel. When connected to the virtual hacking labs the reset panel is available here:

Lab number Reset panel address
Lab 1 http://10.11.10.10
Lab 2 http://10.12.10.10
Lab 3 http://10.13.10.10
Lab 4 http://10.14.10.10

We request you to only reset a host when strictly necessary. Every host can be reset once every 15 minutes and every student can reset 1 host every 15 minutes.

How do I access the Virtual Hacking Labs?

The following video demonstrates how easy it is to access the Virtual Hacking Labs from Kali Linux 2017.1 and how to verify the connection:

Video: Accessing the Virtual Hacking Labs on Kali Linux 2017.1

How much time do I need to complete the labs?

In general this question is hard to answer as this totally depends on your professional and educational background, prior experience with penetration testing and the time available to spend on the labs. The virtual hacking labs contain over 30 vulnerable hosts in various degrees of difficulty. The easy hosts may take a small time to compromise and the hosts with a greater difficulty might take significantly more time to complete.

What do I need to access the virtual hacking labs?

We recommend a laptop or desktop computer with a stable internet connection that is capable of:
– Running a recent version of Windows, OSX or Linux.
– Running a virtual instance of Kali Linux in VMWare Player Free or Oracle VirtualBox.

We supply a VMware virtual machine pre-installed with a SSL VPN client that requires the following resources:
– A minimum of 15 GB disk space.
– A minimum of 1 GB RAM.

What if i’m stuck at a lab machine?

When you are stuck on a lab machine we recommend you to review the related parts of the courseware and try again. You can also have a look at the Lab Progress Panel that contain hints for the beginner and advanced machines. If you are still unable to compromise the specific host you can move on to another machine and come back to it later.

What if multiple students are working on one host?

It is possible that multiple students are working on 1 specific host. In some occasions this might interfere such as disconnecting another user when connecting through RDP for example. When you notice that your actions interfere with other students working on the box, we kindly ask you to move on to another host and come back to it later.

We are constantly monitoring the labs and balancing the number of vulnerable hosts and students. In some occasions we will multiply the more popular hosts in each labs.

When should I reset a host?

We recommend you to reset or revert a specific host to its original state before you attempt to compromise it. As the virtual hacking labs is shared with more students it is very possible that a compromised host is in a state where it cannot be compromised anymore. A root account might have had a password change or a vulnerable service might have crashed in the exploitation process.

These are all valid reasons to reset a specific host. Please keep in mind that the virtual hacking labs are shared hacking labs. For this reason we request you to only reset a host when strictly necessary. Every host can be reset once every 15 minutes and every student can reset 1 host every 15 minutes.

Why are the virtual hacking labs shared labs?

This is a good question! As you might know the virtual hacking labs contain a great number of virtual hosts. All these hosts together form one big hacking lab which requires a great deal of costly server resources such as processing power, memory and storage in RAID configurations to run smoothly. Not only server resources are required, also enterprise grade firewalls, switches and a lot of software licenses are needed. These servers and hardware need to be hosted in highly advanced datacentres charging for rack space, bandwidth, power and service contracts.

All together it is very costly to host these labs and making them available as shared labs for multiple students, it becomes affordable. We’re always trying to maintain the best user, host and cost ratio to make the labs available and affordable for a wide public.

Why should I purchase lab access at Virtual Hacking Labs? Some resources are free.

Another great question! There are a lot of great resources available for practicing penetration testing without any charge. Some of these resources are online and others come in the form of downloadable virtual machines to run on your local machine. We can and do recommend a lot of these great resources. The Virtual Hacking Labs can be seen as a valuable extension of these free resources. We would like to point out a few advantages over free resources offered at the Virtual Hacking Labs. At the Virtual Hacking Labs we want to provide you with directly accessible hacking labs at an affordable rate. Access to the Virtual Hacking Labs does not require any technical knowledge, setup time or expensive hardware that is capable of running multiple virtual machine instances. The labs are accessible through a preinstalled virtual machine and SSL VPN that only requires you to enter an IP address, username and password to connect. In theory you could be up and running within 15 minutes from purchasing an access pass and receiving your credentials.

As over 90% of the corporate networks is installed with the Windows operating system we do have a lot of vulnerable Windows hosts on the network. Including a fully configured Windows domain for you to compromise. As all Windows operation systems are proprietary software they cannot be offered without charge. We took care of installing and licensing the Windows machines so you can focus on learning new penetration testing skills.

Last but not least; we are working daily on keeping the courseware and labs up to date with machines that are vulnerable to recently discovered vulnerabilities. The vulnerable hosts are based on real life scenarios as you would encounter on a real penetration test and real (company) networks with servers, clients, firewalls, NAS, mobile devices and other hardware. With a mixture of different operation systems, devices and applications we try to provide a rich educational experience.

All together Virtual Hacking Lab offers:

  • Directly and easily accessible hacking labs at a very affordable rate.
  • A membership model with transparent rates without one-time fees.
  • A full courseware book to help you get started in the labs.
  • Lots of vulnerable hosts as you would encounter on real penetration tests.
  • Lots of vulnerable Windows hosts, including a fully configured Windows domain.
  • Constantly evolving and updated labs and courseware.