Red Teaming

9 min read

A Beginner's Guide to HTB Academy

Throughout this guide I am going to share some beginner friendly tips I've learned to assist you in learning how to become an infosec professional through the use of HTB Academy.

ltnbob avatar

ltnbob,
Apr 13
2022


A Wise Saying to Remember 

There's a wise saying that goes:

“One of the hardest parts about going out for a run is getting out the front door”. 

Much wisdom is packed into that saying and I recommend allowing it to sink in before reading further in this guide. 

Throughout this guide I am going to share some beginner friendly tips I've learned as a lifelong student, IT/infosec professional, college professor and content creator to assist you in learning how to become an infosec professional through the use of HTB Academy

Create Measurable Goals

When I was teaching college student’s full time we spent the first day of class creating goals. I did this because I noticed that it's hard to accomplish goals without having any in the first place. An important part of learning anything new is creating goals and establishing the “what”, “why” and “how”. 

  • What do you want to accomplish? 

  • Why do you want to accomplish that? 

  • How will you accomplish that?

There's no such thing as a bad goal. The more specific your goal is the easier it is to know if you are making progress towards it or have actually accomplished it, this can be considered measurability. 

Which of the following example goals is easier to measure?:

  • Become the best penetration tester in the world.

  • Get a job as a junior penetration tester by May 2023

  • Get HTB CBBH Certified by August 2022

  • Start a company in the infosec industry

  • Win a bug bounty 

  • Create a series of videos on various social media sites that teach others about infosec

  • Win ____ CTF competition 

None of these goals are bad but some are harder to measure than others. How would you know if you became the best penetration tester in the world? That one would be hard to determine because it's very subjective and there's really no standardised global measurement that all pentesters adhere to. The goal below it “Get HTB CBBH Certified by August 2022” is more measurable. You can definitely know if you accomplished it or not and it gives you a date to work towards.

This approach to developing goals can help you accomplish many things including but not limited to passing certification exams and getting jobs. If passing an IT or infosec certification is a goal of yours, you may benefit from scheduling your exam even before starting your studying process. I personally wasn’t able to find success on certification exams until I started scheduling my exams early in my study process. It made me take studying more seriously and gave me an approaching date to prepare for, not to mention setting a goal of “getting a job using the skills & knowledge gained during preparation for the exam.” Dream big with your goals but try to make them measurable. 

Take some time to create a list of goals for yourself. If you are looking into using HTB Academy maybe you could list a group of modules or paths you would like to complete by a certain date or date range. 

But Why? 

Your “why” can be deeply personal to you and may be in line with your personal values. I recommend really considering going back to your “why” to keep pushing forward. Here are just some examples of “why”: 

  • To teach and empower others to find fulfilling work with organisations doing interesting & innovative work (one of my personal why’s) 

  • To secure individuals & organisations from the latest threats 

  • To have fun

  • To make a lot of money

  • No one in my family has done it before 

  • No one in history has done it before

  • To provide a better quality of life for my loved ones

These of course are only a small number of examples. You could ask anyone in infosec why they do what they do and they’ll have a personal answer to give.

What's your why? 

HTB Academy as a How

Since this piece is a beginner’s guide focusing on HTB Academy we can consider HTB Academy a how. The modules in HTB Academy are developed to create opportunities to break into the IT & infosec industry as well as give current working professionals the opportunity to upskill, so you can expect to be challenged along the way. We develop guided hands-on learning experiences (called modules) that contain accompanying challenges to ensure you can apply the concepts and skills you learn on live targets. 

We align our paths with Skills and Job Roles. One approach to using HTB Academy as a beginner would be to pick a path and try to complete all the modules in the path. If you have a goal of becoming a Penetration Tester then picking our Penetration Tester path will give you the technical skills needed to become one. If you want to get into Bug Bounty Hunting then completing that path, taking the exam and achieving the Certified Bug Bounty Hunter certification will give you the technical skills needed to start with one or more of the many Bug Bounty Hunting Programs out there as well as grow familiar with many in-demand skills for Web Application Penetration Tester focused positions. 

Seek a Detailed Understanding 

Starting a module is straight forward. You unlock it with some cubes and click start. From there you’ll want to read each section thoroughly, perhaps even 2 or more times. When I read modules I will read each section at least 2 times. On the first read through I'm focused on getting an overview of what the section is teaching conceptually. Then I'll read a second time to get a deep enough understanding to complete the challenge and understand how that particular concept, technique or tool works, maybe even try to complete the challenge as I'm referencing the section. I mention this because I know it can be tempting to read with the goal to complete. Doing this can lead to skipping important lessons. 

Try seeking a deeper understanding while reading rather than reading just for the sake of completion. This is where goals and your “why” can help. A powerful “why” can encourage you to take your time to truly understand a topic no matter how long it takes. When I was in college I had an amazing professor who gave practical advice. I once approached him and said: “What should I do if I read a chapter but don’t understand the concepts deep enough to apply them?” He replied with comical yet simply practical advice: “You should read it again… and try to apply it.” Something about that advice made me a straight A student, even in subjects that were not tech related.

Find a Setup that Works for You 

It can be very beneficial for your success on HTB Academy and in your career to consider your home setup. Not just your tech lab but your overall learning environment. Technically you only need a computer with an Internet connection and a web browser to use HTB Academy but there are some benefits to expanding upon your setup where possible.  Here are some considerations to build around: 

  • Is it comfortable?

  • Is it noisy or quiet?

  • Can you focus and stay focused in it? 

  • Does it allow you to deeply concentrate? 

  • Does it inspire ideas & creativity?

When I first started making videos and creating content I just had my laptop. I used the built-in microphone and it sounded like I was talking into a tin can. This was the same setup I used to learn, do research, study, work and eventually be discovered by HackTheBox (a story for another time). It was really all I needed at the time to get started but I wanted to do more. My first secondary monitor I got for free from a friend who upgraded to a better monitor. So I essentially got what he considered trash; however, one person’s trash can be another person’s treasure. That second monitor somehow added magic to my work & learning flow. I could now have one monitor for reference and the other for implementation of concepts. I could follow along performing the same tasks I was watching or reading about and my learning became more active.

Over time I added on to my setup to bring it to what it is today (it will be ever changing as the industry changes). I recommend doing this with our HTB Academy content. You may not even need another monitor, but try to at least get a second screen. One to have the content for reading and reference & one for Pwnbox (or your personal Attack host). This could be done on a smartphone or tablet as well. A nice lightweight tablet can allow you to enjoy content on the couch, in bed or in places where a desktop or laptop may not be as practical.

Also with Pwnbox or your personal attack host try comparing a mouse and trackpad to see which one you like better. I personally prefer a mouse as I believe it provides quicker response time and precision when navigating graphical user interfaces when necessary (it's good to get familiar with graphical user interfaces and command line interfaces). Maybe even get an inexpensive microphone in case you want to live stream some of our Tier 0 modules or make video walkthroughs. 

Check out our Setting Up module to get even deeper insight on how you can have an ideal technical environment for learning and practising your Hacking Skills. 

Get Started (Get out the Front Door) 

We have a module called Getting Started. It’s highly rated and loved by our community. It's at the Fundamental difficulty level so you can expect a detailed walkthrough on the challenges. It is a great resource to get started learning Hacking Skills and even IT Fundamentals with a security perspective. Try out some of the tips shared in this guide to learn your way through that module. 

Connecting to HTB Academy’s Network 

HTB hosts virtual networks in data centres all around the world. With HTB Academy you can expect to connect to our virtualized network in 1 of 2 ways. 

  1. Using Pwnbox in the browser

  2. Using your own personal Attack host and downloading a VPN key

Please know that we are driven by witnessing you succeed. If you ever get stuck or run into issues don’t hesitate to reach out to us through the Discord channel or our support platform. Also feel free to try other Fundamental level modules based on your goals, interests, and curiosity. 

Hack The Blog

The latest news and updates, direct from Hack The Box