Would you like to have your Virtual Hacking Labs course review published on this page? Please contact us using the contact form.
External review by Kristóf Tóth: https://medium.com/infosec-adventures/virtual-hacking-labs-penetration-testing-course-review-9b7dac12fcab
As a Networking/Firewall Engineer, I wanted a hands-on introduction to pentesting without the pressure of a looming exam, so signed up for VHL.
This was primarily to figure out if I had the aptitude to take the PWK course and OSCP exam but also to help me gain an understanding of the process following pentest reports we had received at work for our own infrastructure.
I can honestly say it was money well spent and has been one of the most fun, yet frustrating experiences I’ve ever had from an IT training perspective.
The lab machines are well-built, there are many recent vulnerabilities, applications and operating systems along with interesting PrivEsc paths. It’s clear that VHL have put a lot of thought and effort into these machines and I applaud them for it. 🙂
Needless to say, applying the skills you gain from this course (legally, with permission) to a real-world environment is something of an eye-opener.
I shall be returning for a refresher in the near future! Thanks a million!
External review by Brian Yau who was preparing for OSCP: https://sec-brainyou.blogspot.com/2019/08/virtual-hacking-labs-penetration.html
Virtual Hacking labs is the best training lab I have found so far, definitely worth the money! It is similar to PWK and really good preparation for OSCP. About half of the exploits are new, there are even some hosts that required manual exploitation for CVE-s that came out couple of months before my lab time, there are no public exploits for the vulnerabilities at the moment, which was similar to some real world boxes on HTB. Also there are many carefully selected exploits which are a great introduction to exploit development, some of them are called extra mile excercises which are my favorite part of the course. Two such excercises are required for the shiny Advanced+ certificate.
My recommendation for anyone starting with pentesting is to take at least 3 months of lab time, or for anyone who is a full time employee. I managed to do every box in less than a month, but I had spent a big part of my holidays on it. There is also a great pdf book with all required topics to get you started, definitely go for it 🙂
I got Virtual Hacking Labs to prepare for OSCP, before getting into the labs I know it was all about “try harder” but if you have no experience it will hit you like a brick wall, the courseware will teach you everything you need to succeed in the labs until you reach advanced+ stage which requires additional research I successfully rooted 39/42 machines in the labs and I think it taught me how to “try harder”, the labs have no CTF elements like something on hackthebox, everything is designed to be realistic, overall VHL prepared me very well for OSCP and I would recommend it to anyone considering doing OSCP but does not have enough confidence and or experience.
Virtual Hacking Labs has been a really great experience. Going through all the machines can be quite challenging, and a lot of the machines contains recent applications.
It is surely a great starting lab for everyone wanting to start pentesting, and is a lot of fun for those who are eager to compromise more and more machines.
Furthermore, the book is very well written. I do recommend this training, which is affordable and contains a lot of different kind of systems to practice.
Suggested improvement: it would be awesome to have some machines requiring network pivoting, maybe a more advanced active directory, and some web applications using trending technologies
To conclude this review, I would like to say: thanks for the good training, it has been a lot of fun !
The course material is very well written and gives a good understanding of the topics. It’s very clear that so much time and effort has been put into it. I thoroughly enjoyed the labs, learned a lot and would definitely recommend it.
There is nothing better out there for the price. (Right now $99 for a month, $249 for 3 months) The course material will teach you almost everything that you need to know to enable you to succeed so it’s accessible by even the very entry-level.
The beginner machines are very basic. They will require a little bit of know-how or research to complete. The advanced machines will take a very healthy amount of enumeration, research, and in some cases, trial-and-error, to complete. The advanced+ machines…. well, try harder, as the saying goes.
I have worked in the security field for a few years and have a limited background in computers before that. I was able to obtain the certificate of completion after about 22 or 23 days of work. But, I worked every spare second I wasn’t at my day job.
The environment is 100% real vulnerabilities and weaknesses so there is no CTF gimmicks of untarring a file a dozen times to get the “real” key. It’s just enumerate, access, escalate, move on. The biggest thing missing from this being a real environment is each host is stand alone and there are no network concepts to work with. With that said, that is probably why the price point is so low. Full network labs seem to have an entry fee of $1,000US or more.
If you’re curious about hacking… do it.
External review by Benjamin Marr: https://bjmarr.uk/vhl-review/
The past 1.5 months has been a challenging yet rewarding experience. As a college student who has no prior background to cybersecurity, I’ve grown and matured so much by being a member of the VHL family. Here are a couple of reasons why I recommend it to everyone who wants to learn or sharpen their penetration testing skills:
- Structured and detailed courseware guide as a good reference to go to for commands, techniques, and approaches in lab time.
- Lab machines together form a great coverage of attacks: Web Servers, Firewalls, Domain and FTP Servers and etc. Privilege escalation techniques are reasonably diversified. Sometimes you have to enumerate a little bit harder instead of just running automated scripts.
- Most of the design is realistic. You don’t get to experience unrealistic CTF puzzles where you have to decrypt a hash for 13 times or etc. This lab is more about following an organized approach into enumerating or researching vulns.
- Incredibly easy-to-follow lab dashboard and reset procedures.
- The lab connectivity is quite stable, and we shouldn’t be afraid to mess things up a little because of the ability to reset machines.
Here is a list of things I think can make VHL more awesome:
- If possible maybe introduce XSS to some of the beginner and advanced machines.
- There is a very little section on network pivoting, a technique which seems also very useful and important.
My experience with “Virtual Hacking Labs” was absolutely positive.
My goals were: to improve myself in web penetration testing, privilege escalation and in the exploitation of linux systems.
Without any doubt, the VHL laboratories are ideal for that: I loved the fact of having so many linux machines and testing different privilege esc. techniques. I learned many new tricks and strategies of enumeration and attack.
The course is minimal but excellent, the commands and advices described in it are extremely useful, especially for the post-exploitation phase.
My only advice is to provide also a section and lab for Pivoting.
Ultimately, a great experience to increase my skills in penetration testing.
External review by Michael Thelen: https://isroot.nl/2018/08/13/virtual-hacking-labs-penetration-testing-course-review/
Thank you for putting together an excellent product. I’m thrilled with the value I got for the price.
The courseware was clear and detailed and was an excellent foundation for the labs.
I was very impressed by the variety of operating systems and vulnerabilities represented in the labs. I will certainly be a return customer and I can strongly recommend VHL to anyone on the fence about trying it.
I had some prior experience when it came it penetration testing and found Virtual Hacking Labs after doing some online research. However, it is not necessary to have any prior knowledge. They recommend a basic Linux terminal skill set. The courseware impressed me, as it covers many different techniques and shows practical examples with easy-to-understand guidance. I read through the entire courseware, and it was easy to maneuver back to certain chapters during the penetration test itself.
The lab interface/control panel was structured and easy to use. I could easily reset the targeted machines and find relevant information about the machines in the host introduction posted on their website. VHL’s website also put out parts of the courseware wherever it was relevant while browsing and reading about the targeted machine. Everything was very structured and clean. You could get a few hints about the machines if necessary, so that you would not get completely stuck if you spent hours without any progress. However, the Advanced+ machines do not hand out any hints due to the challenge, which is great!
Personally, I learned a lot about different penetration testing techniques, such as Local File Inclusion, Remote File Inclusion and web shells. The machines are very realistic, which simulates how an actual penetration test would be “in the real world”. I would definitely recommend VHL to anyone who is interested in learning about how to perform a penetration test. Sincere gratitude goes to the Virtual Hacking Labs team.
Erik David Martin
Virtual Hacking Lab is a lifetime experience, which a person within the Cybersecurity field must sign up. The platform is an excellent medium for all different types of users to grow their penetration testing (hacking) abilities to the next level. I joined the platform as a beginner and was pleased with how the labs have a methodical approach, which increases in complexity with each level.
The Virtual Hacking Labs also have very good support team whose response turnaround is on the same day. During my initial labs, I required some support to some of the questions or direction to proceed further on specific labs; during which Ferdi (from VHL support) was able to support my questions and at time provides necessary guidance to move forward.
I am highly pleased with the VHL Platform as it provides a very good foundation for learning penetration testing as well as taking on advanced level. They have excellent support team and I will highly encourage users to sign up and take advantage of this platform.
Thank you for this challenging course. For me every machine at the lab was a teacher that taught me a new lesson and helped me to improve my skills. Taking the challenge to complete 20 of the machines also taught me what I think is the most important lesson preparing for the OSCP, the true meaning of the words “Try harder”.
Thank you Virtual Hacking Labs
“First off, I’d like to say that I couldn’t recommend Virtual Hacking Labs enough. It was a great experience! It had everything. The machines were mixed OS’s, but most were very modern. They were also mixed in difficulty. So people of all skill levels will enjoy. The course material was a great starting point for anyone wanting to learn. And the labs were a great place to practice those skills.
I started the course barely being able to get into a machine, and having a lot of difficulty with privilege escalation. By the end of my fourth week, I could get into almost any machine at will, and was fully confident in my privilege escalation skills. If I got on a machine, I knew I could get System/Root. I admit I spent a good bit of time in the labs during my time in VHL. And when I wasn’t going after machines, I was studying techniques that I hoped I’d get to practice once I found a machine in the labs that was vulnerable to that technique. There were only one or two attacks I couldn’t find in the labs that I wanted to practice. Not
saying those attacks weren’t there, just that I either used a different method to get in, or couldn’t identify the vulnerability. But over all, the labs had all the most prevalent and modern attacks, making the labs very realistic. If you dedicate time and practice to the labs you will not be disappointed. Especially in your newly acquired skills. And I’d highly recommend trying to go through all the machines in the labs without looking at any hints at first. If you can’t get a machine, just move on and come back to it later. When you come back go back through your notes and look again for something that sticks out. That is how I got many of the machines. A break and a fresh start often will get you past the hurdle without additional tips needed.
Also I’d like to say the documenting every step of the entire process is very important. I failed to do this initially and went back to get more detailed screen shots, and on a couple of machines couldn’t figure out how I got in to begin with, lol. Don’t let that be you. 😉 Also if you plan on achieving the Certificate of completion, be sure to be aware of everything you need in your documentation before you start documenting, as to get everything the first time, as I did not and that is why I had to circle back. The saddest day for me was when my labs expired. And even though I finished 97% of them, they are adding new machines all the time. They added 2 new additional machines while I was still currently in the labs. Point being it is a great place to practice your current skills, and learn new ones. I plan on extending my lab time again in the near future because there are many things that I need to practice on still. There is no happier day than when you get Domain Admin and dump the hashes from a Domain Controller!
Over all VHL lived up to the hype and was better than I ever could of expected. A traditional CTF can’t compare to a realistic network of multiple machines in a mixed environment.
Thank-You Virtual Hacking Labs!!
“These labs are very exciting and addictive. VHL comes with a great learning curve. With some basic IT knowledge and the VHL course you can start hacking the beginner machines. The more experienced ones can challenge themselves with the advence and advanced+ hosts. I worked on the labs day and night, and I am really proud of my hard earned certificate.”
“VHL was instrumental in helping me pass the OSCP exam. While studying for the OSCP I was looking for something to supplement the PWK course I had already taken. The PWK lab is a great preparation for the OSCP, but can be expensive, especially if you want to extend your lab time. There are a handful of alternatives out there like HackTheBox or Vulnhub, but nothing else that compares to the PWK lab like VHL does. For starters, the courseware is very clear and comprehensive. There are several tools and techniques that I learned in the VHL course and labs, from enumeration to privilege escalation, on both Linux and Windows platforms, that really helped me fill in some of the gaps in my knowledge.
The way the lab machines are categorized into ‘Beginner’, ‘Advanced’, and ‘Advanced+’ (and provides small hints for the first two groups) is also very helpful for evaluating your enumeration, thought process, and overall progress. The environment is also very stable and well structured, giving the student a lot of variety and real world scenarios to practice with. For the price, you absolutely cannot go wrong with the VHL course. I recommend it to anyone looking to build up their skill set, test their knowledge, or just refine their practices. It is a great way to determine if you are ready for the PWK course, or to do additional study once you’ve already taken it. If you want to see if Pentesting is something you’d like to get into, or just want to have some fun and test out your knowledge as an established cyber security professional, this is a great course and a great lab.”
“If you’re just like me and looking to sharpen up your skills in compromising machines or just want to have fun, Virtual Hacking Labs (VHL) provides just that.
VHL is affordable, challenging for all levels and introduces new machines every couple weeks.”
OSCP, OSWP, OSCE
“VHL has been awesome and a great investment for me. The training guide is straightforward and gives you the information you need to begin training for the OSCP. The guide starts at the beginning and helps you master the techniques. With some many hosts in the lab, you do not need to spend hours configuring your own machines to practice and improve your skills. The hints on the basic and advanced are just enough to get your over the hump when you are stuck. I recommend this to anyone looking to learn or improve his or her penetration/hacking skills.”
“To be honest I have learnt and enjoyed a lot, very good documentation and laboratory, challenging your knowledge in every machine. After completing my 20th machine I’m focused on the Advanced+ servers in order to see if I’m able to complete most of them.
Totally recommended, if you want to learn doing something more than read.”
“First, thank you very much for this. I have been working in your lab for nearly three months now, and I started from nearly nothing. I mean, I never worked in IT and I’m a generalist engineer. Few months later, I rooted 20 machines, advanced machines for some of them. You’ve created a way to train in a realistic environment which can take people from a real beginner level to a quite advanced level. You can be very proud of this!”
“After passing my CEH, I decided to gain some hacking experience with Virtual Hacking Labs and I have to say it was the best choice I could make. Congratulation to the VHL’s team who did a great job to set up a challenging environment. The good thing is you won’t find spoilers on the internet and I really appreciated that because that’s the only way you can learn something.
Each machine is offering different aspects of penetration testing, various OS and different levels of difficulties. If needed, you can access short hints or review the part of the course related to the machine you are working on. The connexion through VPN is fast and reliable, you can reset the environment anytime and in case you need extra support, the team is reactive. The course is updated and enriched regularly. It is a really good value for money. I recommend without hesitation.”
“After completing several VulnHub boxes I felt that in this way I won’t be prepared enough to start PWK/OSCP course so I look around and luckily found Virtual Hacking Labs, and it was very spot on. Why?
You’ve got access much like in PWK course to computer network with more 30+ machines ready to be rooted. Their difficulty scale from Beginner, Advanced and Advanced+. In the network you will find variety of systems like Linux, Windows, even Android. You can train many techniques LFI/RFI, RCE exploits, finding miss configurations, crack weak credentials and pwn vulnerable services.
Moreover you gets very nicely prepared coursware in PDF format (265 pages long) where hacking tools and techniques are described in details. Regarding support team is very friendly helpful, their response time is very fast in case of troubles.
To get to the conclusion I highly recommend Virtual Hacking Labs, beside above pluses everything is in very affordable price. I definitely feel more confident to move forward with my goals.”
Tomasz Wybraniec (hal9k2)
“After completing my 20th machine with Virtual Hacking Labs, I have enjoyed it so much that I thought I must pass on great words on what an outstanding learning resource it is. I am a windows guy and did not know a lot about Linux world, and I must admit, at first I was really scare when I chose VHL as an education resource for my journey to become a pentester. However, not a day went by that I did not enjoy the challenges, questions and the joy that I have when I get my first box. If I had to summarize it in one sentence, I would say extremely well written educational site about windows, Linux and web application pentesting that caters to all skill levels and make learning easy and enjoyable. With an incredibly affordable price to learn, just US99 per month, I can play and learn from exploiting windows, Linux, android and web application. If you are uncertain whether or not, this is what you need, you can check out the free course sample.
What you can expect to learn from Virtual Hacking Labs:
- Step by step penetration testing with discover and probing, enumeration, exploit. (modifying the exploit to fit your need, yeah 🙂 I learnt quite a lot from it)
- Tools that are necessary for your pentesting lab.
- Fun challenges that make you think of real world scenario, and of course, capture the flag experience for yourself.
- Advanced penetration testing that often leads to webshell and remote code execution.
I have OSCP course material in my hands, and honestly, in some parts, VHL provide much clearer explanation and really good examples so you can practice with 33 lab machines that you have. In conclusion, I really really like the material, the lab and highly recommend it.”
“Virtual hacking labs is an absolute gem. I’m a professional penetration tester and have tried nearly all available hacking labs to date. I’ve done the PWK/OSCP by Offensive Security, CoreLabs by Core Impact, EC-Council CEH iLabs, HackTheBox, and a very large chunk from VulnHub. Plus, other available paid or free resources. I can say with absolute confidence that VirtualHackingLabs is by far the single best resource to either prepare for your OSCP or to otherwise propel your offensive cybersecurity career. These boxes aren’t stale like their competitors. From the necessary educational foundation that is required to the real-world attack driven scenarios, VHL provides it all and has certainly raised the bar. VHL is truly the only available solution providing well-maintained, modern, and highly educational hacking labs that don’t break the bank. As much as I love hackthebox and other free alternatives, they won’t prepare for for real-world scenarios. Most pen-testers will tell you they learn the most from an actual engagement and not necessarily from books and write-ups. This is what Virtual Hacking Labs and Offensive-Security successfully replicate. The only labs that can hold a preverbal touch to VHL is the PWK. However Virtual Hacking Labs is a fraction of the cost and in my option much more user friendly.
I like Virtual Hackings Labs system of ranking machines from Beginner, Advanced, and Advanced + and relevant hints. The hints are great for the beginners and are less specific as the difficultly increases. In my opinion this is very important. Whether it be a virtual hacking environment (PWK or VHL) or a real-world engagement, most of the “learning” is done either directly before or directly after gaining a limited-shell or escalating privileges. And with VHL’s ranking and hint features the newer student can progress faster and more efficiently without sacrificing their learning experience.”
“I would like to extend a sincere thank you to Virtual Hacking Labs for creating a fun and challenging lab environment. I have used other pen test labs and I can say with confidence that this is the best value for your money. The team at VHL was quick to respond to any questions that I had. In the two months that I have used the labs I have seen many features being added which shows that the student experience will only get better with time. I have added many things to my bag of tricks while pounding on the machines in the lab. Each one is well thought out and there are hosts ranked from beginner to advanced so that when your skills increase the challenge stays the same.”
“This lab was the most exciting training exercise I’ve ever done. Your team has done an excellent job, during the short 2 months I’ve been working in the lab I noticed several changes and even an additional machine. Thanks again for adding the “Lab Progress” bar. When I made that request I didn’t think it would happen, especially not within a week of the request.”
“Looking for a new challenge to train my pentesting skills, I discovered Virtual Hacking Labs. To start of with, I was positively surprised with the course material. It is very accessible and even though I have some prior experience, I definitely gained the necessary extra knowledge.
Of course, the labs were the place to go. And here I spent the necessary hours of learning, trying, frustration and joy. In the beginning I was able to quickly root some of the boxes familiar to me. After that it got more difficult. There’s still even a handful of boxes left where I have absolutely NO clue on what to do. So I can also recommend the labs for someone more experienced looking for a new challenge.
During the course I got to know a lot of vulnerable software. That was really nice, practical, and a change from more CTF-oriented challenges out there.
The VHL staff has done a terrific job on this course and seem to be constantly updating the materials. I’d like to thank them for providing this opportunity to further sharpen one’s pentesting skills!”
“Thanks to you for an excellent course and lab!! I enjoyed it very much and it was very entertaining to do it. Everyone should try it !!”
CISSP, C|EH, ITILF
“Thanks VHL team for providing a lab environment that is fun, conducive to learning and developing new skills and methods … and also challenging. I am a total noob when it comes to offensive security and found the instruction manual friendly enough for me to digest and work through. The support team are also very helpful and I have noticed the course material is updated regularly. I recommend this to anyone starting out or interested in offsec.”
“I enjoyed hacking the VMs you had available. I am a complete noob to Pentesting so I definitely found it very useful! I only wish I had more time. I popped all but one of the beginner boxes. That James server kicked my butt. I will most likely install that version in a VM and try to figure out what I was doing wrong.
Enumeration was definitely important as well as digging around in the applications once you got a foothold. I wish there were a way I could read the material before I had the lab access. Instead I read about 90 pages and just went for it. One thing that would be awesome is to figure out a way to let the student know how noisy they are in the server/application. In the real world I’m pretty sure I would have been noticed most of the time due to my excessive scanning with all the different tools.
Overall I loved it. Will most likely do it again as I really want to try OSCP but want to get some basics under my belt first. Thanks for your help and pointers.”
Would you like to have your Virtual Hacking Labs course review published on this page? Please contact us using the contact form.