Offensive Security Proving Grounds (Practice) Review

Introduction

I decided to subscribe to the Proving Grounds platform after failing my first OSCP exam attempt and after completing the virtual hacking labs platform, I was very intrigued by the fact that the machines in this platform were developed by Offensive Security and therefore I was sure the quality of the machines would live up to expectations.

Proving Grounds is a platform that allows you to practice your penetration testing skills in a HTB-like environment, you connect to the lab via OpenVPN and you have a control panel that allows you revert/stop/start machines and submit flags to achieve points and climb the leaderboard.

The Platform

The platform is divided in two sections:

• Play – This section contains boxes from Vulnhub, the only real benefit of this is that you can complete these through the online platform rather than having to setup the various Virtual Machines locally; other than that it’s the same as using Vulnhub. This is free to use for up to three hours a day and only contains Linux machines. I personally didn’t use this as I only had one month left to prepare for my OSCP exam and therefore I thought Practice was just a better option.
• Practice – This is what I opted for in order to prepare for the OSCP exam. This section contains Windows and Linux machines designed by Offensive Security experts. It requires a monthly subscription which is $19/month which gives you full access to both Practice and Play.

The machines in the platform are categorised by Offensive Security as:

• Warm up
• Get to work
• Try Harder

The community can also rate their difficulty with the following criteria:

• Easy
• Medium
• Hard
• Very Hard

The different difficulty ratings will often be inconsistent and I found the community rating to be more accurate.

Pros

• At 19 dollars a month this platform is very affordable, especially if you are preparing for the OSCP exam and have already gone through OSCP-like boxes in HTB and Vulnhub
• There are plenty of Windows machine, which are not often found in this sort of platform.
• The lab uses dedicated machines, meaning they are not shared with other students.
• There are a lot of noteworthy exploitation and privilege escalation vectors required which may be useful to prepare you for the exam.
• Each machine has three hints that can be unlocked, normally they refer to different phases of the process. They can only be unlocked after you have worked on the machine for at least one and a half hours, and this will decrease the number of points you will be awarded at the end. I really liked this concept as it teaches you not to resort to hints too quickly and to rely on your own knowledge and research, just like in the exam.
• There is an official “Community” section available where you can discuss the machines with other students and exchange tips. This was extremely useful to me and I met a lot of great people through it who helped me throughout my journey.
• I preferred this to Hack The Box as the machines were more real-life oriented rather than Capture The Flag which is what you want for OSCP.

Cons

• You can only boot one machine at a time in the labs, which makes it harder to simulate the exam environment.
• I had the impression that some of the machines were beyond the scope of OSCP, which mixed with the inconsistent difficulty rating often made me feel insecure about my skills; although this is entirely due to me.
• I really liked that some of the machines had available walkthroughs to review and I think more should have had this (if not all).
• It would have been useful if some machine included links to articles or blog posts in case you weren’t able to find a certain exploit.

Conclusion

Overall I really enjoyed this platform, it does a great job at preparing for the exam, especially when it comes to getting you into the right mindset. It is definitely worth its cost and I would recommend it to anyone, especially if preparing for the OSCP exam.