It's early on a Friday afternoon, the beautiful weather we've had all week long has now been replaced by gray skies and drizzle. Temperatures have dropped from the mid 80's down into the 50's so I figured this must be the world way of telling me that it's ok to spend the day inside playing with my computer. I figured this was as good a time as any to write about a new website with which I have been spending a good amount of time.
Those of you that I talk to on a regular basis are probably already aware of this but for those I don't get a chance to talk to I'll take a second and fill you in. I have been spending a day or two each week for the last few months playing around on a website called hack the box which has a selection of twenty active machines that run a variety of operating systems (mostly Linux and Windows) which are running on a private network that users of the website can try to hack. This site is fairly unique in the fact that it runs real systems with real vulnerable software, you see for those that aren't aware many of the other sites like this have challenges that are designed to look and respond like real vulnerable applications but ultimately are contrived and as such have a single correct way to "hack" them. The uniqueness for this site comes from the fact that while the author each of the systems may have created an intentional way into them that is often not the only way to gain access to the systems, in fact on many of them I have found multiple ways in (as well as went down rabbit holes that ultimately lead nowhere). Every system has a different level of difficulty and requires knowledge of different areas of computer security, some systems are easy and some all but impossible.
Each week I spend some time on the weekends testing my skills against the various systems, at this point I have completed 10 of the 20 active systems and have been recording video tutorial on each one as I go. To keep people like me from spoiling it for others that may be tempted to go online and look for hints we are asked to not post anything about the systems until they are retired. Each week they release a new system and retire one of the older systems. This week they will be retiring the first system I ever did, which also happened to be the only one I hadn't made a video for afterward so I rushed back through it today so that I could have the tutorial ready to go for Saturday when the system is retired. I figure hopefully this will help me to keep active on my website as well as get started with some YouTube content. So anyway, enough talk, here is the video and for anyone that is interested in computer security I highly encourage you to give this site a try and feel free to reach out to me if you have questions or need pointers/suggestions on how to get started.