Starting Point container transparent

Starting Point Writeups

I've always considered writeups to be the bread and butter of the information security education community. This is, of course, not only because reports and explanations are what we will all be doing in the future, when we get hired in an actual security position, but also because I'm a strong believe in the "show, but do tell" mentality. I believe that having practical experience is not always self-explanatory, and that theory, as much as practice, develop a healthy mindset.
I’ve picked up the project of revamping the old Starting Point writeups together with a friend from the Content Engineering department. His team was in charge of creating the vulnerable boxes, while I ventured into rebuilding all of the written content, bringing it up to par with the modules on Academy.
What made Academy so amazing for the uninitiated was the friendly aspect of its written content. It guided you slowly towards results, instead of throwing you in the dark. Starting Point was meant to be the same warm, inviting room for people trying to get a foothold on the main platform, Hack The Box Labs. Like that one safe room before a boss fight in any videogame. A recap or a tutorial for what you'll need to depend on in the future.
The idea was to focus on the basics as much as possible. Okay, we're going to write about how the box is solved end-to-end, that's standard. "What's more important", I said, "was that people understand why the box is the way it is. What made the hypothetical administrators of the box configure it that way? What came in the way of proper security implementations? 
So I decided to explain all of the technologies behind the software installed on the box. Every custom change made to the box was squared away with diagrams and explanations in an attempt to make it clear to those that visited for the first time, the most important questions one should ask themselves - "what", "how" and "why". Answering these three questions will make it clear why some of the most simple vulnerabilities to date can still be found in the wild, even in the most complex of networks.

If you want to try the Starting Point boxes and their writeups for yourself, click here.

  • Hack the Box's Starting Point, I think, is a good stab at laying some ground work for someone to get started with CTF or Offensive Security in general.

    Abstract Entropy