Who’s Offensive Security?
Offensive Security are known as arguably the leading training provider in the Information Security industry today. Focusing on highly practical certifications the team are responsible for some of the most well known penetration testing courses (Pentesting with Kali / Pentesting with Backtrack along with Cracking the Perimeter) leading to the well regarded OSCP and OSCE certifications. The point is when I say these guys know how to set up a challenging lab environment I mean it. As you may have read about PWK has a virtual laboratory filled with vulnerable machines for students to hack their way through while sharpening their skills. It’s also perhaps their most valuable training asset giving budding penetration testers fantastic hands on learning in real world scenarios.

What’s “The Playground”
The unique status of the PWK labs has changed recently with a new product being released by Offensive Security called “The Playground”. It’s another virtual training environment created with the intention of being the “next step” after PWK, but still modeled after the labs many of us know and love. The playground is once again broken into different subnet’s with associated themes. One might be a public DMZ with lots of web applications, another section focuses on SCADA devices, another still focuses on being an internal network, etc. Each network holds a range of servers such as Citrix machines, DNS servers, email servers etc. From a testers perspective it’s fantastic given that on any one test usually you’ll be sticking to one particular theme (internal, external, etc.) and usually that hosts a fairly homogenous range of servers. The lab provides a huge cross section of boxes giving testers exposure to an array of exploitation techniques in a very short time.

I was privileged enough to be offered a position as a beta tester for the lab’s for a two week period – something I jumped at while simultaneously cancelling every piece of work and commitment I had so I could soak up every minute of it. Holding OSCP and OSCE I knew that it would be a great way to sharpen my skills – and having experience in OffSec labs I thought how hard can it be…. right?

The first lesson I learnt was labs are a lot more frustrating when you’re completing them as opposed to fondly remembering the time you spent in them. When they say it’s the next level up from PWK they mean it. Perhaps 1-2 boxes were simple point ‘n shoot affairs but the majority were fairly involved and counted on some real out of the box thinking to crack. I have to keep the technical side a bit light both due to a promise to Offensive Security but more importantly so I don’t spoil anything for anyone who get’s a shot inside the playground. The configurations in the environment forced me to use a few techniques I’ve never thought of before.

Back when I was obtaining my OSCP I managed to crack every box in the PWK network, only to be shattered that it was all over. With the playground it was awesome to feel excitement once again – the puzzle of what you need to do to get a shell – the frustration of not finding a foothold even though you know it’s vulnerable – the joy of seeing the root prompt pop up.

Who can access it
The playground targeted towards corporate hire where a company can rent exclusive access and have their own team of testers work through the challenges over a set period of time. Unique flags on machines and point scores on the dashboard help keep track of testers progress, and may even foster a competitive vibe if that’s what the company desires. Eventually OffSec are also planning on releasing options for individuals to gain access to the playground which I’m really excited for. Even with two weeks in there I would happily go back given the amount still left to go (I estimate it would take a solid penetration tester approximately 1 month to get the majority of boxes).

In the end I was happy to crack about 20 boxes in the two week period, but more importantly I improved my skills and most importantly of all – mindset – to take back to real world penetration tests. Being faced with the challenges while also knowing there is a solution teaches just how much enumeration and research it can take before you finally find the vulnerability a dedicated attacker would eventually uncover. Obviously as professional penetration testers that’s what we’re paid to do, so keeping these skills sharp is one of the best things we can do for our customers. I’d highly recommend the new labs not only to corporations who want to give great training to their pentest teams but also (once available) to individuals who want to develop their abilities to the next level.

A big thank you again to Offensive Security for the opportunity to ‘play’ in the playground, I can’t wait to get back in there.

Full Disclosure: The two week access for beta testing was at no charge however this blog post was not a condition of access nor were any good / favorable reviews. These words are 100% my own because they describe how much fun I actually had doing it!