So a team member at work mentioned today, I mistook it for a project I had been following previously called But i decided to check it out and was quite pleasantly surprised.

To get an invite to hack the box you have to do an entry level attack against their website, while not completely trivial it wasn’t a 10 second deal. After a few minutes working the the problem I got my invite code and joined the 4,000 other folks who were attempting to Hack the Box!

I must say, their web interface is AMAZING. The submission of proof files to validate that you got either user or root level access on the system is top notch, as well as the reset/point system. The social aspect is also quite well done. All in all I think their setup is excellent. Considering they work entirely on donations the systems run quite well. They have 20 active boxes currently and are looking to release another box in the near future. While the population of folks is not as controlled as the PWK environment was, it is not bad overall, very nice folks and not toxic at all.

I can see many ways that Offensive Security would benefit from a front-end similar to this for their Lab environments, however I must give praise to Offensive Security in the fact that many, many systems are linked and there is a requirement to pivot between systems to be able to attack systems in networks not directly accessible by the end user. Hack the Box feels very much like a hosted Vulnhub environment which is to say it is quite good and entertaining but not cohesive in its systems.

Overall I can see myself spending many hours on this system, in my short time since joining I feel quite good in having owned 4 systems and 6 users. While I will not dedicate as much time as I did in PWK this looks to be an excellent way to reinforce skills previously learned and provide many more hours of frustration and excitement.