Browser-based Labs vs VPN

We have seen a lot of people come here with a background in VPN-based CTFs and HTB/OSCP-like lab environments. As a matter of operational differences compared to VPN-based labs how much do you prefer one over the other. Why and why not?

Please share your views @earlybirds

I think a lot of it depends on the purpose. If I’m doing an 4 hour long session, then VPN is no problem. With 4 kids, a wife and a full time job, it can be hard to find that much time and just want to squeeze some practice/learning in Web Browser is the way to go. They both have their advantages, but I find I get more practice time on Web based labs just because its quicker and more convenient.

During the last lab, I was a bit hampered because I missed having my Kali environment setup the way I liked it with certain programs and files/wordlists. However, if the goal is to emulate a real world environment where you are have gained an initial foothold on an unknown machine and only have tools available on that machine, then the browser based one is more realistic.

Furthermore, I like being able to do the lab on any of my machines, without working about the specifics of what I have with me at the time. In addition, I could concentrate on the exercise without wondering if something was not working because of the VPN configuration vs what I was doing.

For me personally, especially if I don’t have a lot of time but want to give it a shot, I like being able to fire up a web browser and go.

With the VPN connection, I usually spend a couple of minutes firing up a VM, making the connection, restarting the guest OS because network got all screwed up by moving from home to work while the VM was suspended. reconnecting to the VPN, getting a bad connection so that my map scans take forever, etc, etc. Then If I need to take a break and do something else, I have to go through that routine all over when I come back.

Sometimes I only have 20-30 minutes and getting all that setup just takes too long.

2 Likes