If you have seen my Hacking repository or follow me on Twitter you will know that I have dipped my toe into infosec.

There are two commonly known websites when it comes to showing off your skills as a developer. For newcomers to tech and developers in general these two names are Leetcode and Hackerrank. For infosec, these two names are HackTheBox and TryHackMe .

I have tried both of them and I will try to make a subjective comparison all the while giving some tips on how to get started.

The first website I have tried out was TryHackMe. No particular reason for it really, other than the fact that I had the name first in my list. My first experience with it was pretty pleasant. It starts you off with a learning path and even before you touch any of the machines it gives you a little interactive guide.

I cannot stress how important it is to have educational material for newcomers. If you want to do some Malware Analysis all you need is the skill to read other people's code, and yes this is a skill.

But if you want to get into Web Security then you need to know how the internet works or you will be running around like a headless chicken. Or if you wanna get into Binary Exploitation then you need to know about pointers and memory, same deal.

Thankfully TryHackMe provides a simple introductory five-minute guide, at the start. The important part is «at the start». I was surprised by the number and diversity of the guides. And by completing the learning paths you can get achievements. So learning is a rewarding action.

Another thing I liked was how they were representing the flow. On the top right of the website, two little arrows are making a circle around the words «Learning» and «Practice». We are always learning and then reinforcing the knowledge with practice. That's how we as humans learn, and it is no different in this field either. The best people in the field are learning constantly and that’s why they are on top of their field.

One thing that caught my eye was how every single curriculum had at least one lesson locked behind Premium. Now don't get me wrong it is okay to have some more advanced lessons only accessible by Premium members. But when you strafe away from the starting learning path and try to get into others... Some of them have 5-6 beginner-level guides and only the first one is freely available.

Also, remember that I said you can get achievements after you completed a learning path. But at least one of them is always locked behind a paywall. So to learn and to get rewarded for learning you need to pay? I am not okay with that. Education should never be locked behind a paywall.

This was the primary reason why I also explored HackTheBox actually. So let’s talk about some differences.

HackTheBox doesn’t have dedicated guides to teach you the basics but it does have walkthroughs and writeups. If you don’t know the difference, because I most certainly didn’t at first, walkthroughs are guides written by the creator of the machine and writeups are guides written by other hacker participants. They are both guides but you can call walkthrough a more official one I guess.

Going back to the subject, however, HackTheBox has a great FAQ section. They give step-by-step guides for you to set everything up.

The very first thing you will notice in both of these websites is that they use OpenVPN to accept connections to their machines. There is a good reason for it and they explain it in their FAQ section. If you are curious definitely go check it out.

So you need to get OpenVPN on your machine. It is a free piece of software and the website even gives you the configuration file you will use so you don't even have to do a thing. But this will be the first tool you will add to your arsenal. And it won't be the last. You will keep accumulating new and specific tools as you move forwards.

The walkthroughs are your friend. They are not cheat sheets, they are mentors. We are not at work, we are here to learn. And at the beginning, we don't know anything about anything. So don't push yourself to perform, just explore.

There are some widely known and used tools like Nmap. But as you read writeups you will start to see that not every action has an official program dedicated to it. Sometimes you will need to get user-created scripts, mostly from Github repositories. Treat user scripts as tools too, save them for later.

We are not masters of everything. We don’t know every single programming language out there. Sometimes there will be obstacles you can’t code through by yourself or you may not have time to code it. It is fine to get the code from others. This can be a writeup, Github repository, or a friendly person in the discussions section. But always read the code and try to understand it. You will learn a lot from it.

Walkthroughs and writeups are not definitive. There are always multiple ways of approaching a problem. I will give you an example from my experience.

I was pretty deep into a machine. I had a reverse shell running and to make it work there were three other command prompts open at the time. Sometimes some machines are a little more unstable. Well, my machine most certainly was. It dropped my reverse shell multiple times before I went out to search for the reason. The solution was to reset the machine. You can vote for it in the dashboard on the website. But the maximum number of resets for the day has been reached so that didn't help me.

The solution I found was SSH. I was exploiting another service but I knew the machine had SSH open from the initial Nmap scan. And even tho my reverse shell was dropped I have had explored enough to get credentials to a local user. So by using those credentials I connected to SSH and to the machine as that user. Then continued from there.

This was not in the walkthrough. I didn’t read any writeups to come up with this. It only worked out because I dared to explore it. If you see a piece of information that gives you an idea, explore it!

I have written takeaways like this. But in case you missed some of them here is a summary.

• Learning is a rewarding action.

• The best people in the field are learning constantly and that’s why they are on top of their field.

• Education should never be locked behind a paywall.

• You will keep accumulating new and specific tools as you move forwards.

• The walkthroughs are your friend. They are not cheat sheets, they are mentors.

• Treat user scripts as tools too, save them for later.

• Always read the code and try to understand it. You will learn a lot from it.

• Walkthroughs and writeups are not definitive. There are multiple ways of approaching a problem.

• If you see a piece of information that gives you an idea, explore it!