Shortly after finishing my OSCE exam (like, 2 hours after) I decided to sign up for Rasta Labs. The OSCE course was great but I really wanted to spend more time working on Pentesting in a Windows Environment and Rasta Labs fit the bill. I’m sure many of us have a lab set up in our homes but it’s always nice to go into a test environment in a more-or-less “black box” scenario. Despite many pentesters I admire stating that the labs were hard, I was excited to get my hands dirty and pick up some new techniques to add to my bag of tricks. A few of us set up a Discord chat to discuss tactics and techniques to try to acquire flags, which was certainly helpful as we plowed through the network.
As Rasta Labs is hosted through HackTheBox you’ll be expected to pass a challenge before you can gain access to the labs. This is the same challenge as HTB so if you’ve already completed it then you need not worry. Once you pay for the labs you’ll receive your VPN connection kit, then it’s off to the races.
In a word, these labs are amazing. RastaMouse has done a great job creating a lab that sets itself apart from any of it’s cohorts. Getting Domain Admin will not be as simple as Privesc’ing, Locating DA, Passing-the-Hash and then Mimikatz the password from memory. This is a well thought out lab, using the most up-to-date technologies which simulate a quasi-security conscious organization. To get through the lab you’ll need to hone your bread and butter techniques (such as recon, lateral movement, Active Directory querying) and if you’re like me, learn a whole whack of new techniques. I would imagine that most people that use these labs will learn new tips and tricks that will prove valuable in an assessment. The labs employ a CTF-style “flag system”, which are not required, however can provide some hints as where to look for your next move. You don’t need to obtain all of the flags to achieve Domain Admin, but I’ll be going back to retrieve the ones I missed.
RastaLabs vs OSCP labs
This is the question I see thrown around a lot – how do they compare to the OSCP labs. Both labs are top-notch in my opinion, however they are quite different in a few notable ways. The OSCP labs are a mixture of of vulnerable machines that make up a mock corporate network, however I would argue they don’t really accurately mimic a corporate network. The labs are a mixture of vulnerable machines which somewhat resemble a corporate network in respect to network segregation, but the purpose of the OSCP labs is to allow students to practice a variety of techniques to break into vulnerable machines. There is a litany of vulnerabilities presented and these labs do an amazing job allowing students to practice a variety of offensive techniques.
In RastaLabs you’ll really treat this as a red team engagement. The machines can only be reverted by Admins (unlike in OSCP where students can revert machines) so you’ll really put emphasis on pivoting, persistence and lateral movement. RastaLabs offers a phenomenal opportunity to practice more advanced Active Directory / Kerberos attacks on a network designed with mitigating factors in place to protect against well known offensive techniques. You will be challenged in both sets of labs, however I feel that RastaLabs offers participants a more realistic experience as to what red teaming is like.
RastaLabs is somewhat new and one challenge that became apparent while participating is the topic of machine reverting. As it is only an admin can revert the machines, however there were several times where an action wasn’t taking place that was expected to happen for exploitation and there was nobody immediately available to assist. This is a difficult challenge – On one hand you don’t want just anybody reverting boxes because reverting boxes ruins persistence measures put in place, but as with all computers things will break and need to be fixed. If you have a friend in the lab they might be able to throw you a shell or invoke a script for you but if nobody is around then you’re kind of out of luck. Perhaps getting some volunteers in exchange for free lab time to revert boxes or help administer the servers would be a good idea, however RastaLabs is young and to his credit @RastaMouse has been great in listening to feedback and very responsive in helping out whenever he can.
Word of Advice
- Take your time and enjoy the labs – there’s no need to rush!
- Don’t be overly concerned about collecting the flags. They can certainly help but aren’t necessary
- Treat the labs as a learning environment, but do your best to treat it as an engagement too. Try to create as little noise as possible and clean up after yourselves!
It’s hard for me to state how much I’ve enjoyed these labs. Since completing OSCP in 2016 I’ve been searching for reasonably priced labs where I can learn new things and test new techniques. RastaLabs has fit that bill in a big way. I would recommend anybody that has an interest in offensive security / red teaming in to do themselves a favour and spring for some time in the labs. I’ve already recommended it to some good online friends of mine and the general consensus among everyone is that the labs are amazing. Thanks for all the hard work RastaMouse and HackTheBox. I look forward to seeing what you come up with next.