Book Review: "Ultimate Hacking Challenge"

"Ultimate Hacking Challenge: Train on dedicated machines to master the art of hacking" by Sparc Flow was a super cool and unique hacking experience. The book itself is just a walkthrough for a live hacking environment that Spac set up and grants readers access to. The book is mega short at ~40 pages for ~$10, and is literally just a walk-through for the environment, so it's the environment that is really important and what we will generally focus on in this review. I was able to read the book in a single sitting, and read it a few times before actually taking the lab challenge, which was still exciting but no where near as fun as the lab. Overall, I give the entire experience 8 out of 10 stars, because it comes with an awesome, hands-on training lab, that is well worth the cost of the guide. I recommend it to those looking to get some hands on experience with hacking Windows machines and domains. If your looking for a real challenge, try registering for the challenge and passing it without buying the guide, as the book / walkthrough may spoil the challenge for you. I was able to complete the actual lab environment in about ~4 of the allotted 24 hours, and spent a good deal of the time goofing around, trying new techniques, and exploring the machines set up for us. The following are the chapters of the guide in my typical fashion:

Foreword
Important Disclaimer
Chapter 1. Prep and pep talk
1.1. Aim of the training
1.2. Initial Access
Chapter 2. Field testing
2.1. Breaking out
2.2. Pick your shell
2.3. Looking around
Chapter 3. Scenario 1 - Shares
3.1. Looking around
3.2. Data to Exe
3.3. Memory inspection
Chapter 4. Scenario 2 - Reuse
4.1. Local dump
4.2. Propagation
Chapter 5. Coupon

Overall, I really suggest this as being a cheap, fast, and non-basic hacking challenge. It should only really take contestants a quarter of the allotted time. This lab provides a pre-hardened environment for more experienced penetration testers, so it won't be your typical look up an exploit and run a script type of engagement. The environment comes with 5 different Windows machines and multiple pathways to achieving the flag. I also really enjoyed all of the creative AppLocker bypass techniques I could experiment with. The training requires hackers to understand machine roles and trust relationships in a Windows domain, something critical for internal pentesting that is not often found in the average training course. Even scheduling my training day was super easy and convenient. Sparc's customer support was also top-notch, he was available to troubleshoot any issues I had and also was able to fix a mistake I made (that locked me out of my jump box) without reverting my progress (very nice). The text itself covers two different paths for achieving the goals, but the environment lets you play around and really practice any number of internal Windows domain pentest methodologies. All that said, very fun and highly recommended experience!