Welcome to rootsh3ll Forums

Welcome to rootsh3ll Labs Forum!

This forum aims to be a support, query and feedback system. It’ll help us in making rootsh3ll Labs a better security learning platform for you.

You can use it to ask questions around any topic related to InfoSec and we’ll try our best to answer that and we’ll possibly build a lab around it for the community to use and learn.

Since this is the Beta program, we’d like you to test the your favourite exercises in the Beta program and provide feedback here under the #beta:feedback category. Suggestions are also welcome under the same category.

To learn more about Beta Program, go here.

We’ll be opening rootsh3ll Labs for beta testing on 1st of October. Meanwhile we’d like to understand your goals better to create the labs keeping that in mind.


Start with a little introduction about yourself

Answering the following questions will help us have a clear mindset about what you need to grow in your InfoSec career.

  1. What’s your experience with hacking/security?
  2. What is your current job?
  3. What are your career goals?
  4. Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?
  5. What would you like us to do for you that benefits your career?

The questions above will help us understand the majority of people’s opinion and need that we can serve.

In case you happen to be in the minority, we might be unable to deliver a lab for your needs sooner but, we and the community will do our best to answer your questions and get you something to learn. :slight_smile:

Thanks to all the beta users who considered our offering. It really is overwhelming to see how many people we can serve for the better. Hope you have a good time at rootsh3ll Labs!

1 Like

I think I’m the first one to introduce myself – such an honor!
First and foremost I’m possibly the noobest to join the Lab - please forgive me and if you may, I would love to stick around and learn from all of you.

Running down the answers:

0 experience: having been messing around with BackTrack-Kali for years and never managed more than hacking a few
WEP networks.

Not in IT. I currently work as a business developer analyst.

Open an investigation company combining my people reading skills and a possibly hacking-security skill (to be developed)

Network security and OWASP Top 10.

Providing the Lab is a huge benefit for my career.
Maybe some courses in the future.

Thank you! (:

2 Likes

Gabriel,

Welcome to the community and thanks for being the first one to break the ice!

As much as I appreciate your honesty, I am curious about your people reading skills. Would love to receive some tips from you if you think that’s worth sharing :slight_smile:

You said you cracked a couple of WEP Networks, In the Labs I have a working WPA2 network that’d be a little challenge to crack, connect to and exploit connected WiFi devices. I hope you enjoy the lab. We’ll be start rolling first Beta on October 1st.

Hope you have a great time with us ! All the best for your career and company :slight_smile:

Hi,

My name is Dimitris and I am working as a SOC analyst/ Incident Responder. In the past I’ve worked as a pentester.
I believe that the courses already mentioned would be would be a good addition, additionally:

  • Digital Forensics and Incident Response
  • Reverse Engineering
  • Malware Analysis
  • IoT Security (Really trending)

I expect quality material that will help me advance my knowledge on the field of CyberSecurity

2 Likes

@dkaz, Thanks for hopping in.

From what you mentioned, the following can be done with fair amount of work

  • Digital Forensics and Incident Response
  • Reverse Engineering
  • Malware Analysis

What I mean is that, we can create labs on these topics. Simple labs to begin with. But I am not too sure about IoT at this point in time. Related to IoT I can surely do WiFi card simulation under a device that’s served as an IoT. But not much.

Have you seen people providing hardware-less labs for IoT? Please share if you have.

On the other hand, I would like to have some insight from you on IoT based labs. What are the requirements as a pentester and the perspective of an IR.

PM me if you think you can shed some light on it. I’ll create a new category on to IoT related discussions.

Hello! My name is Matt.

  1. I’ve played around with Kali a bit, but with very limited knowledge.
  2. I currently work as a System Administrator - jack of all trades as I do not have an IT team at work.
  3. I would really like to get into the security side of things and lock down any vulnerabilities I may have at home/work.
  4. network security
  5. tutorials are definitely the way I learn best! I would definitely benefit career wise being able to follow some tutorials to brush up on my net sec knowledge.

Thanks!!!

2 Likes

Hey,
I am Florian, I am a computer science student and I am what you would call a noob. Through lectures and personal interest, I know some names and concepts, but my hands-on experience is more than limited.
As a university project I have done a pentest on a smart home solution and I have done some stuff in reverse engineering.
I want to start my career in the topics reverse engineering and forensics, so it would be nice to get these topics covered.
For me the topic information retrieval is somewhat magic and material about that is very useful for me.

2 Likes

Away we go:

0. What's What’s your experience with hacking/security?
Probably about a year. Graduated B.S. Cybersec last May, worked as a sys admin during uni. Over the past month I have been spending a lot of free time taking online penetration testing courses and reading exploitation write-ups. At work I perform a lot of stage 1 (recon) in my teams pen-testing engagements
1. What is your current job?
Junior Penetration Tester
2. What are your career goals?
Work as my own contractor performing pentesting and other network related activities
3. Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?
OWASP Top 10 and Network Security
4. What would you like us to do for you that benefits your career?
Having detailed explanations on the vulnerabilities in exploited in the labs and if there are alternate ways to identify them.
2 Likes

Welcome to the community, Matt !

We’ll be starting off with a few WiFi related exercise in the first 2 weeks. Exercises like hacking WPA2, Attacking WPA3, Cracking WEP, wrapped around a story where you’ll be at the front foot, the pentester.

I hope that’d be helpful to your use case under NetSec.

What kind of tutorials you prefer?

There’s a section in the lab description called “Mission Statement” that explains the goals you need to achieve. I’ll be linking a solution/lab manual within that section. You can see it as a walkthrough to the lab if you are a beginner. But that would be all text + images. CSS formatted, of course.

I would like to know what you, or other users, prefer as a lab manual/walkthrough

Hi Florian, Welcome to the community!

It is okay to have a limited experience. We all were/are a noob at some point in time :slight_smile:

Good thing I see is that you have personal interest in the field and want to learn more about it.

That’s something I discussed with @mattmichaels3 above. What kind of material works best for you. Text+images or video?

Although we’ll be starting off with text+images only. But community interest will ensure that we need to consider videos at all or not.

Hey, Welcome to the community, Paul !

Thanks for the detailed introduction. Glad you took your time formatting that too!

This one’s a bit tricky to make it effective. Maybe a separate Theory lab would do good.

What I have seen working with me and students is that jumping right into practical with fundamental information, then switching to theory and understanding what how the attack worked creates a lasting impression and deeper understanding.

That’s why I think it’s better to have a separate theory lab (as a follow-up lab) would do good.

Do you agree?

Hi, all! Glad to be here. My name is Matt.

What’s your experience with hacking/security?

I’ve got a little to moderate experience. Primarily scanning for, analyzing, and patching vulnerabilities, and a bit of ethical hacking.

What is your current job?

I’m an application security analyst for a financial technologies company.

What are your career goals?

I’d love to be a professional penetration tester, ultimately.

Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?

Personally, network security is what I’d like to see. I’m pretty familiar already with web app security, but the lower-level network attacks are something I’d love to add to my wheelhouse.

What would you like us to do for you that benefits your career?

I love to learn; any and all knowledge and labs that help with that I find valuable.

2 Likes

Hi my name is Shane.

  1. What’s your experience with hacking/security?

I’m a beginner. I have been doing a couple courses from Udemy on ethical hacking using Kali. II know the basics on Wifi cracking and MITM attacks, but everything is limited to my own network or VM’s. I am also doing another course on python programming for ethical hacking to learn more about the tools used and how to make my own.

I have also been going through the Overthewire website and running through their war games to reinforce what I learn and to get a better understanding on the Linux system.

  1. What is your current job?

Currently I’m a mobile safety camera operator (non-IT Job) but it allows me plenty of time to learn new skills.

  1. What are your career goals?

My career goals would be to eventually get a job in pentesting. I am loving the courses that i am doing and enjoying hacking the vm’s, but I would only ever want to do it legally, and hopefully help stop people falling victim to other hackers.

  1. Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?

I’m not sure what’s on offer in the beta program already, but I wouldn’t mind looking at web app security or ecommerce site vulnerabilities and how to secure them. Considering how many e-commerce stores are out there and the type of data people give to these stores, it would be great to see just how secure they are and how to fix the security flaws to protect the users data.

  1. What would you like us to do for you that benefits your career?

For me personally, just having another avenue to learn from is already going to be a benefit for me.

2 Likes

Hi my Name is Allex

  1. What’s your experience with hacking/security?

Doing My CeH10 , Been using Kali/backtrack For fun couple of years doing CTFs ( beginner mostly ) , and always wanted to go deeper in the Hacking scene

  1. What is your current job?
    Sysadmin in the process of moving to a security role in near futur

  2. What are your career goals?
    Pentester / Red Teaming

  3. Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?

Not Sure what’s already planned but here are some nice topics

Network security
RE
Malware Analysis
Wireless security ( Wifi , LTE / GSM )
SdR ( if possible since your are able to do Wifi )

  1. What would you like us to do for you that benefits your career?

Quality materials that represent real life situation not like some labs that are made vulnerable in a way that it will never be setup this way in a real life network .
( always wanted an ‘‘active’’ fake network with traffic that you could snif / replay / analyse

2 Likes

I think I prefer tutorials in a video format when first getting to know a subject.
It’s helpful at least for my style of learning to be able to watch a procedure and visually see the output as opposed to being described what you are supposed to see happen.

On that note, I am totally okay with a text-based tutorial - provided that screenshots are embedded. This would be nearly as effective as a video, as I would be following along and hoping to see a similar result from the guide/tutorial being followed.

I am definitely going to check out the walkthrough to the lab as I would classify myself as a beginner.

Looking forward to learning!

Thank you

2 Likes
  • What’s your experience with hacking/security?
    Satellite and microwave communications is where I started my career and then pivoted into networking and security. The majority of my security experience is on the job training and university/certifications.

  • What is your current job?
    Cybersecurity Analyst

  • What are your career goals?
    Become a wireless pentester

  • Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?
    Network security and network forensics

  • What would you like us to do for you that benefits your career?
    Keep the labs coming!

2 Likes
  1. What’s your experience with hacking/security?

Somewhat intermediate - I’ve been to several conferences, started clubs when I was in school and played around with various tools and OSes for the past several years. I had a few security internships and now work as a security engineer.

  1. What is your current job?

Security Engineer; I do offensive/defensive assessments for clients. My job ranges from basic pentests to purple and blue team engagements.

  1. What are your career goals?

I’m not sure yet, I just want to learn as much as possible

  1. Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc). Suggestions on specific topics?

Corporate security as a whole. What is the way standard enterprises secure themselves, and what steps do they take to remediate these issues.

  1. What would you like us to do for you that benefits your career?

Provide hands on tutorials covering more advanced vulnerabilities, and how to chain them together

2 Likes

Welcome to the community, Matt!
Glad you liked the place :slight_smile:

We aspire to help you reach you goal faster :blush:

A few days to go and we’ll find out. I’d like to have your feedback on our first few lab. They will be geared towards network security.

Thanks for giving your time :slight_smile:

Hello all, my name is John,

  1. What’s your experience with hacking/security?
    Not a lot, I’ve just recently started learning python and minimal experience with picoCTF 2018, and over the wires bandit

  2. What is your current job?
    Been doing helpdesk for a little over a year. Trying to transition into a SOC analyst role.

  3. What are your career goals?
    Either security architect eventually a pentester but I’ve got a long way to go.

  4. Which security domain you would like us to cover (network security, web-app security, OWASP Top 10 etc).
    Suggestions on specific topics?
    Reverse Engineering, and digital forensics sounds really interesting right now.

  5. What would you like us to do for you that benefits your career?
    Really just looking for more hands on experience and a like minded group of people to practice and learn with.

1 Like

Shane, first welcome to the community and thanks for taking your time out and introducing yourself and your goals with such clarity. Thanks a lot !

You have a special background with other

Based on the majority of responses plus our initial offering i.e WiFi hacking, we are more inclined towards a fusion of both network security and web app security.

Over the course of next month (October) we’ll be rolling out progressive labs. starting from WiFi, then into network security labs. By the end of the month you’ll receive network security labs with web apps integrated. Imagine a bank network breached and you discover an internal server with vulnerable SQL

What would you do? :wink:

1 Like