A massive brute-force attack hit our application server in mid-2018, with around 500,000 login attempts at peak in just one day. That's massive, and we wouldn't have survived if we didn't have the necessary security implementations in the system beforehand.
Simply put, we hacked our systems before the hackers did. But, that doesn't mean we are 100-percent secure.
No system is secure; we can only lower the probability of a breach by hacking our systems before the hackers do. With a certain level of awareness and practice you can build the necessary skillset in yourself and prevent the organization from a potential criminal breach.
System administrators often use automations for easier server management but, sometimes unknowingly put the servers, and the organization's data, to risk. Hackers use these misconfigurations to gain access to an organisation's resources and exfiltrate sensitive information.
Penetration testers often shy away from looking into other fields than their expertise, believing that it takes a significant learning curve to become a competent pen-tester. Learning the fundamentals and putting the attacks into practice can help save the organisation from the potential breaches.
That is why we created this course. To help penetration testers like you learn and apply the pentesting skills into practice without violating law or compromising on your schedule.
Most cyber experts have a humble beginning of learning the fundamentals. Building an understanding of how systems work takes time. And a bit more time when you want to understand, exploit, and advise an appropriate patch to the team.
Getting into cybersecurity maybe hard, but, gaining experience with computer systems and breaking them comes with absolutely zero-requirement and 100% self interest.
Every expert was once new to the cybersecurity industry. You need to just get started.
Security is a demanding field. Having absolutely no time for self-learning for days and even weeks is just a regular occurrence, and we understand that.
If you take a giant task of completing one topic (ex: Network Security) with planned sub-topics and make slow, consistent progress regularly, it becomes attainable. And over time, every effort adds up to the skillset. Just investing a few after-work hours into self-paced learning gets rewarding when seen in the hindsight.
Most of the online labs, like ours, give you a one-click lab start with a pre-configured environment which saves a lot of hassle and time to jump into your regular security training regimen.
Cloud simulation has opened up a golden gate for security practitioners altogether. Having an environment so effortless that clicking a button and waiting for less than a few seconds is all you need to do to jump into the action—no configuration of virtual environments, no third-party tools or VMs.
Everything comes preconfigured which saves a lot of hassle that usually comes with setting up a VM-based lab. Perfectly suitable for any pentester who's on the run most of the time.
As tools are essential, the technique of using the tools and tactic to chain multiple attacks together to execute the exploitation is an art in itself. This is barely achieved by software of our age, and hence the human factor makes it a highly valuable skill that a pentester is paid for.
In this edition of PTP, you start by learning the most fundamental pentesting and security assessment tools, which proceeds to identify multiple vulnerabilities in an intentionally vulnerable environment and then applying the acquired knowledge to chain together and hack into the system.
With 4 kids, a wife and a full time job, it can be hard to find much time and if you just want to squeeze some practice/learning in, Web Browser is the way to go.
I find more practice time on Web based labs just because its quicker and more convenient.- Jason Carnell, Independent Security Researcher
Try the free labs to take a taste of the course. Hop-in and start your cyber security training routine today.
A corporate wired lan with multiple vulnerable nodes, sub-network, servers and databases to exploit into. Helps gain firsthand real-world experience of hacking into a corporation without harming real business.
Learn to use tools that helps identifying vulnerable servers and server version to craft an attack which leads to a compromised appplication server
Launch an exercise anytime, anywhere on any device.
Unlike CTFs, scan a network with real clients, traffic and even exploit into wireless networks!
It takes less than a minute to launch an exercise. Regardless of the environment complexities.
Have a 30 minutes break? More than enough to exercise your security training routine, right from your browser. No tools required
Is this a video course?
This is NOT a video course. This is a self-paced course that provides you a set of labs for certain tasks with a starting point. Just like in the real pentest, you get to learn about the tools and environment and use the knowledge to exploit the lab.
How long would my access remain?
You get 4 months of access to the labs, lifetime access to the Forums. You can extend the duration or renew your expired subscription without losing any progress.
For more details, contact firstname.lastname@example.org
Is my lab a dedicated environment or shared?
What is the difficulty-level compared to OSCP or HTB?
Apart from the bite-sized labs which are comparatively easier and focused on helping you learn a tool or technique, we offer rootsh3ll Original boxes.
A set of full blown network with real clients, servers, and traffic. Acc. to OSCP holders they are very OSCP-like boxes on difficulty level and require more dedication and skill to crack.
What tools are required to play on rootsh3ll Labs?
Just a web-browser. Unlike CTF, you do not need a 3rd party software or a VPN client to connect to your lab. Just login to the Dashboard and start your lab.
Simple as that
What is rootsh3ll "Hack the Bank"?
Hack the Bank is a set of network exploitation labs that gives you different scenario of exploiting a vulnerable bank's network.
It helps you learn variety of ways to exploit into the network, post exploit into sub-network which are inaccessible to public and exfiltrate information out of them