A short post, this time: I just published a short guide about converting VMware VMs for use with VirtualBox. Check it out! Many of the VMs I intend to use with hal9k will come from VulnHub, and many of those will be created for use in VMware. Since hal9k uses VirtualBox, it’s important to be able to convert VMware files into a format that VirtualBox can understand. As I continue to build and expand my hacking lab, I will continue to publish additional guides on how to create, modify, import and export VMs with VirtualBox, as well as on a variety of other subjects.
For years I’ve wanted to build a hacker lab akin to the OSCP or HackTheBox labs. I did tons of research, read blogs and wikis and how-to guides, learned all I could about the subject, and even built some prototypes with VirtualBox on my laptop. Yet I never allowed myself to spend the money. In 2018, I was living on the road as a truck driver, so it was an impractical goal.
Greetings, readers! During the last month, I learned about Nebula, a tool created by the developers of Slack, which enables systems across the globe to come together in a software-defined virtual private network. Excited by the new tech, I decided to use Nebula as a Command and Control (C&C) system for creating “Red-Team” drop boxes. A “Red-Team” drop box is, essentially, a discreet, inexpensive computer capable of running a full suite of pentesting tools.
My second attempt at the OSCP begins tomorrow. Yesterday I finished revising my PWK lab report, and today I’ve decided to have some fun in the HackTheBox labs. In part, as always, I hope to learn something new. But mostly, I just want to hack for the joy of it. During my PWK lab time, I felt like I had to focus the beam of my attention on my PWK studies.
Goodness, how time flies! As of this post, I’ve got two days left in the PWK labs, and I’ve rooted 37 systems in the network. I feel significantly more prepared than I was two months ago, when I first took the OSCP exam. I’ve learned so much cool stuff, and I look forward to opportunities to use my skills in the wild (legally, of course). One of the key elements of the OSCP exam (as well as the PWK lab) is the pentest report.