Getting Started with Hack The Box

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·2y ago

Key Takeaways

The video provides an introduction to Hack The Box, a platform for cybersecurity training, and discusses the importance of privileged access management, with tools such as Keeper Security, VMware, and Virtual Box being highlighted. The video also covers the basics of getting started with Hack The Box, including setting up a stable hacking environment and using note-taking apps like Obsidian.

Full Transcript

welcome back to another video If I had the chance to write down a plan to break into hack the Box before my memory was suddenly erased then this is what I would come up with hack the box is of course a tough but rewarding platform but if you're willing to put in the work take the right approach then it's definitely worthwhile on top of a methodology I'll also be sharing which boxes I think you'll get the most out of when you're just starting out and some key resources that you'll need are along the way cyber attacks that leverage weak or stolen passwords credentials and secrets are the world's most pervasive cyber security issue and that's why I trust keeper keeper Security's Next Generation privileged access management solution delivers Enterprise grade password secrets and privileged connection management all in one unified platform unlike cpam Solutions keeper is fast and easy to deploy agentless and clientless and has no implementation fees plus keeper is fed ramp authorized you can start your 14-day free trial at keeper. TCM and of course there is a link in the description below as always if you enjoyed the video don't forget to like And subscribe and let's dive in first up we're going to start with what you need to know and of course when you start out with any kind of CTF challenge you're probably going to feel a little overwhelmed so let's make a pre CF or or preck the Box checklist and talk about the relevant resources that we can use to take these off of course we need a stable hacking environment so you can go ahead and download VMware or virtual box install KY Linux and make sure that you have a stable working environment to get started with I don't really recommend parrot as it's just not as stable and I've had some issues with it in the past but of course it's 100% your choice if you need a step-by-step guide on how to set up a VM then you can check out this video here and Heath will walk you through the entire process next we need a good way to take notes and personally I use obsidian and once again there's a video here on the best note keeping apps so feel free to check that out once again it's your choice use the application that clicks with you moving on to our next item we'll also need a methodology or at least a thought process to follow to stop getting lost and falling into every single rabbit hole and this will develop over time but if you use the study approach that I outline in the next section then this will be a good starting point for you we also need knowledge on how to use key tools like nmap and how to find and use exploits how to catch shells etc etc and finally we need some good resources to explore common vulnerabilities and attack paths like hack tricks and payloads or the thing access to writeups that are going to help us study effectively is also really important and for hack the Box you can't go wrong with IC and the Beyond root blogs by 0xdf so now we've got the foundations down how do we progress from here I think that there are three key components that we should aim for first we want to practice efficiently and that means setting achievable goals as well as using an approach that helps us continually move forwards ideally you'll have at least an hour a day to dedicate to your hack the Box practice so for your first five boxes I recommend following the IPC walkthroughs and solving it at the same time make sure that you run all of the tools read all of the output update your notes and each one should take about an hour so let's say if we do one box a day for 5 days and the boxes I suggest you start with are lame active Grandpa shocker and swag sharp they'll give you a nice introduction to to Common Services exploits and are generally just well-made fun boxes to solve now there is an optional path here before you start to do guided boxes hack the box has a starting point path so if you prefer you can follow that and once again try to tick off one section per day and keep notes along the way I've never done this path as it didn't exist when I started out doing hack the box and I'm also a bit of a fan of self-guided learning as it helps me solidify and recall information from the effort that I've put in but if you have done it then let us know down in the comments below and share your experience so now we've got our five boxes out of the way you're going to start seeing some similarities you'll know how to scan and you'll also have been introduced to useful tools and scripts so we're going to slow down just a little bit but actually start trying to solve things ourselves we'll attempt to dedicate about an hour to to each flag so go ahead and set yourself a timer for 30 to 40 minutes try the things that you've learned so far Google things that confuse you and if you don't manage to get the user or root flag spend the rest of the time once again following the right up and updating your notes this balance of trying things yourself learning new things and also learning where you went wrong is going to help you keep building on your Knowledge and Skills but also start developing practical skills that you'll also need to progress I've got 10 more boxes for you and if you dedicate an hour to each flag so Monday use a flag on box one Tuesday root on box one Wednesday use a flag on box two Thursday root on box two etc etc it'll take you about 20 hours or days to get through these and I think that's a manageable amount of work for most people and once you've done that you should be feeling a little bit more confident and can start working through the rest of the retired easy boxes and maybe even starting some medium boxes too I'd recommend getting through a bunch of these and then maybe start to take a look at the live machines now we have our goals and our schedule out of the way next what we want to do is find a group of like-minded people to help you stay motivated and of course push you to learn more you can find study groups and teams probably on every single security or hacking focused Discord server and of course the CM Discord there are people sitting in the voice chat every day studying or working on things like hack the box so of course drop in and get involved ask around and get to know people and finally just a reminder this is something that we always talk about and is key to your success that is consistency you're not going to get good overnight and generally speaking 10 1hour sessions is better than one 10hour session but a few months down the line what will happen is is you'll pop a shell with ease and then you'll suddenly realize how far you've progressed and it'll be a great feeling I promise you and finally before we wrap up we need to talk about having a game plan I've become increasingly supportive of this idea since most times when I get stuck or end up in a rabbit hole it usually ends with ah I forgot to check that or I didn't run any UDP scans or something along those lines the point is if you want to be successful you need to be thorough and as human beings we tend to forget things and make regular oversights your game plan will be based on your notes and help keep you on track it could be as simple as a checklist that you use going into every box or it could be a mind map or something a little bit more detailed more on the lines of hack tricks and over time you'll add new things to it like new commands or techniques or things to check for for hack the box I recommend you have a couple of different lists and at the very least one for initial enumeration a web checklist and a pesque checklist and these should be constantly evolved and adapted to suit your methodology and style and that's it for this video and I really hope this video serves as a good starting point for a long fun and sometimes frustrating journey of hacking and CTF if you have any questions then of course let us know down in the comments below and of course you can catch us on live stream every Tuesday and Wednesday catch you next time

Original Description

https://www.tcm.rocks/KeeperDemo Keeper Security’s next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). https://www.tcm.rocks/KeeperDemo 00:00 How to start Hack The Box (HTB) 00:30 Keeper Sponsored Ad 01:18 Knowledge to begin HackTheBox 03:13 Improving at HackTheBox quickly 07:07 HackTheBox Game Plan Sponsor a Video: https://www.tcm.rocks/Sponsors Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com 📱Social Media📱 ___________________________________________ Twitter: https://twitter.com/thecybermentor Twitch: https://www.twitch.tv/thecybermentor Instagram: https://instagram.com/thecybermentor LinkedIn: https://www.linkedin.com/in/heathadams TikTok: https://tiktok.com/@thecybermentor Discord: https://discord.gg/tcm 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60

← Previous Next →
1 Buffer Overflows Made Easy - Part 1: Introduction
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
2 Buffer Overflows Made Easy - Part 2: Spiking
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
3 Buffer Overflows Made Easy - Part 3: Fuzzing
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
4 Buffer Overflows Made Easy - Part 4: Finding the Offset
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
5 Buffer Overflows Made Easy - Part 5: Overwriting the EIP
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
6 Buffer Overflows Made Easy - Part 6: Finding Bad Characters
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
7 Buffer Overflows Made Easy - Part 7: Finding the Right Module
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
8 Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
9 HackTheBox - Sunday Walkthrough (Re-Up)
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
10 Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
11 Networking for Ethical Hackers - Network Subnetting (Re-Up)
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
12 Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
13 Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
14 HackTheBox - Fighter Walkthrough (Re-Up)
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
15 Beginner Linux for Ethical Hackers - Navigating the File System
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
16 Beginner Linux for Ethical Hackers - Users and Privileges
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
17 Beginner Linux for Ethical Hackers - Common Network Commands
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
18 Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
19 Beginner Linux for Ethical Hackers - Controlling Kali Services
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
20 Beginner Linux for Ethical Hackers - Scripting with Bash
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
21 Beginner Linux for Ethical Hackers - Installing and Updating Tools
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
22 Cracking Linux Password Hashes with Hashcat
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
23 Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
24 Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
25 Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
26 Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
27 New Zero to Hero Pentest Course, New Website, and 2K Subs?!
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
28 Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
29 Zero to Hero Pentesting: Episode 2 - Python 101
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
30 Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
31 Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
32 Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
33 Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
34 Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
35 Installing Windows Server 2016 on VMWare in 5 Minutes
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
36 Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
37 A Day in the Life of an Ethical Hacker / Penetration Tester
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
38 Active Directory Exploitation - LLMNR/NBT-NS Poisoning
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
39 Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
40 Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
41 Writing a Pentest Report
Writing a Pentest Report
The Cyber Mentor
42 Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
43 The Complete Linux for Ethical Hackers Course for 2019
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
44 Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
45 Popping a Shell with SMB Relay and Empire
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
46 Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
47 Pentesting for n00bs: Episode 2 - Lame
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
48 Pentesting for n00bs: Episode 3 - Blue
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
49 Web App Testing: Episode 1 - Enumeration
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
50 Pentesting for n00bs: Episode 4 - Devel
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
51 Pentesting for n00bs: Episode 5 - Jerry
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
52 Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
53 Pentesting for n00bs: Episode 6 - Nibbles
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
54 Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
55 How NOT to Approach a Cybersecurity Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
56 Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
57 Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
58 Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
59 Pentesting for n00bs: Episode 9 - Grandpa
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
60 Top 5 Internal Pentesting Methods
Top 5 Internal Pentesting Methods
The Cyber Mentor

This video introduces viewers to Hack The Box, a platform for cybersecurity training, and provides guidance on setting up a stable hacking environment, using note-taking apps, and getting started with CTF challenges. The video also highlights the importance of privileged access management and discusses various tools and techniques for cybersecurity training.

Key Takeaways
  1. Download and install VMware or Virtual Box
  2. Set up a stable hacking environment with Kali Linux
  3. Create a pre-CTF checklist
  4. Use a note-taking app like Obsidian to organize techniques and tools
  5. Join online communities like Discord for support and resources
💡 Consistency and a game plan are key to success in cybersecurity training and CTF challenges.

Related Reads

📰
Bagaimana Malware dan DDoS Berevolusi di Era Digital
Learn how malware and DDoS attacks have evolved in the digital era and why it matters for cybersecurity
Medium · Cybersecurity
📰
Why Philippine SMEs Are the #1 Target for Ransomware Attacks in 2026
Philippine SMEs are the primary target for ransomware attacks, with 73% of cyberattacks in 2025 targeting them, and only 12% fully recovering without paying a ransom
Dev.to AI
📰
Your MCP database server needs a tool allowlist
Learn why an allowlist is crucial for your MCP database server and how to implement it for improved security
Dev.to · Mads Hansen
📰
The Hidden Wiki
Learn about the Hidden Wiki, a directory of hidden spaces on the internet, and its significance in the context of cybersecurity and online privacy
Medium · Cybersecurity

Chapters (5)

How to start Hack The Box (HTB)
0:30 Keeper Sponsored Ad
1:18 Knowledge to begin HackTheBox
3:13 Improving at HackTheBox quickly
7:07 HackTheBox Game Plan
Up next
Driving Security Culture Evolution for Business Growth
Eye on Tech
Watch →