Red Teaming
0xdf,
Sep 20
2024
We often see reviews on Easy-rated content at Hack The Box (HTB) that reads: “This wasn’t easy for me,” or “I’m a beginner and this was really hard.”
At HTB, we want people to be successful on our platform. We want you to build the skills needed to effectively hack and defend. However, there’s a blunt truth behind building real skills in cybersecurity.
The fact is, this is not an easy profession/hobby/skillset to develop. It takes technical knowledge, creativity, and hard work.
We release new Machines, Challenges, and Sherlocks every week. This content provides a competitive event for many of the best hackers in the world to practice, develop, and test their skills.
Content is rated as Easy, Medium, Hard, or Insane. But what do these labels mean? The term “Easy” is only meaningful relative to some baseline.
What’s “Easy” for an experienced pentester may be very difficult for a university student just starting in cybersecurity; what’s easy for that student will be challenging for a child learning to read and type.
Marathons are 26.2-mile (42.2 KM) running races. People who compete in them may label different courses as easy or hard based on factors like typical climate and the terrain to be traveled —steep hills on a course, for example, would drastically increase the difficulty of a race event.
When people compete in marathons, the elite race to win. But most are happy to finish the race or compare their result against their own previous best to look for improvement.
That’s because even an easy marathon is something that the majority of people couldn’t do. And no one shows up at a marathon without any experience and just runs it expecting it to be easy.
Similarly, hacking into machines is a hard skill that takes time to develop. Solving challenges in categories such as cryptography, AI, and forensics is technically complex. Performing triage and incident response on realistic data is challenging. Much like the marathon, to finish even the easy scenarios takes a lot of work, training, and expertise.
One of the hardest skills to build is the ability to face a technology you know little to nothing about and figure out how it works, and how to exploit it. That’s a skill that all the best hackers build, and it can be a very frustrating one to develop.
Still, at Hack The Box, we aim to deliver interesting competitive hacking experiences to both push and bring joy to amazing hackers all over the world.
So what if you’re just starting? Does this mean HTB isn’t for you?
Absolutely not. There are lots of resources available for you to level up at a faster, more enjoyable pace.
If you are just getting started, HTB Academy has tons of free introductory modules that provide the foundational knowledge necessary to start hacking and get your foot in the information security profession.
Starting Point offers 28 Very Easy-rated machines with walkthroughs and questions to help guide you through. Once you’ve mastered those, almost all Easy and Medium retired machines come with Guided Mode, a series of questions designed to help you find the intended path to hack the machine.
Retired content comes with write-ups as well, and there’s nothing wrong with using them to build your skillset.
We understand that it can be discouraging to find something labelled Easy and struggle with it. But keep the marathon analogy in mind. Hacking is difficult. Much like running a marathon, most people couldn’t even dream of doing it.
Stick with it, and it will be all the more satisfying when you do submit the flag!
Made for beginners, Guided Mode offers a smooth transition from beginner-friendly Starting Point labs to more advanced scenarios, where you combine techniques, tools, and attacks.
It accelerates the learning curve, providing not only guidance but also revealing the thinking process required to become a real cybersecurity expert and professional.