Learn Penetration Testing
by practice...

A massive brute-force attack hit our application server in mid-2018, with around 500,000 login attempts at peak in just one day. That's massive, and we wouldn't have survived if we didn't have the necessary security implementations in the system beforehand.

Simply put, we hacked our systems before the hackers did. But, that doesn't mean we are 100-percent secure.

No system is secure; we can only lower the probability of a breach by hacking our systems before the hackers do. With a certain level of awareness and practice you can build the necessary skillset in yourself and prevent the organization from a potential criminal breach.

jump straight into packages

Introducing
Penetration Testing Professional Course

System administrators often use automations for easier server management but, sometimes unknowingly put the servers, and the organization's data, to risk. Hackers use these misconfigurations to gain access to an organisation's resources and exfiltrate sensitive information.


Penetration testers often shy away from looking into other fields than their expertise, believing that it takes a significant learning curve to become a competent pen-tester. Learning the fundamentals and putting the attacks into practice can help save the organisation from the potential breaches.


That is why we created this course. To help penetration testers like you learn and apply the pentesting skills into practice without violating law or compromising on your schedule.

But, I'm new to cybersecurity

Most cyber experts have a humble beginning of learning the fundamentals. Building an understanding of how systems work takes time. And a bit more time when you want to understand, exploit, and advise an appropriate patch to the team.


Getting into cybersecurity maybe hard, but, gaining experience with computer systems and breaking them comes with absolutely zero-requirement and 100% self interest.


Every expert was once new to the cybersecurity industry. You need to just get started.

I don't have time for training

Security is a demanding field. Having absolutely no time for self-learning for days and even weeks is just a regular occurrence, and we understand that.


If you take a giant task of completing one topic (ex: Network Security) with planned sub-topics and make slow, consistent progress regularly, it becomes attainable. And over time, every effort adds up to the skillset. Just investing a few after-work hours into self-paced learning gets rewarding when seen in the hindsight.


Most of the online labs, like ours, give you a one-click lab start with a pre-configured environment which saves a lot of hassle and time to jump into your regular security training regimen.

0-hassle training environment

Cloud simulation has opened up a golden gate for security practitioners altogether. Having an environment so effortless that clicking a button and waiting for less than a few seconds is all you need to do to jump into the action—no configuration of virtual environments, no third-party tools or VMs.


Everything comes preconfigured which saves a lot of hassle that usually comes with setting up a VM-based lab. Perfectly suitable for any pentester who's on the run most of the time. 

Tools, Tactics, and Technique

As tools are essential, the technique of using the tools and tactic to chain multiple attacks together to execute the exploitation is an art in itself. This is barely achieved by software of our age, and hence the human factor makes it a highly valuable skill that a pentester is paid for.


In this edition of PTP, you start by learning the most fundamental pentesting and security assessment tools, which proceeds to identify multiple vulnerabilities in an intentionally vulnerable environment and then applying the acquired knowledge to chain together and hack into the system.

With 4 kids, a wife and a full time job, it can be hard to find much time and if you just want to squeeze some practice/learning in, Web Browser is the way to go.

I find more practice time on Web based labs just because its quicker and more convenient.

- Jason Carnell, Independent Security Researcher
Start your first lab, free

Try the free labs to take a taste of the course. Hop-in and start your cyber security training routine today.

Start your first lab. It's free!
Learn by doing
"Hack the Bank" Network

A corporate wired lan with multiple vulnerable nodes, sub-network, servers and databases to exploit into. Helps gain firsthand real-world experience of hacking into a corporation without harming real business.

Identify and compromise vulnerable servers

Learn to use tools that helps identifying vulnerable servers and server version to craft an attack which leads to a compromised appplication server

Exploit private application servers
Ever heard of a NAT? It's best for hiding the applications behind the firewall so it becomes totally inaccessible for the public. You learn how to hack the unreachable applications and database servers while bypassing firewall rules.
Extract sensitive files from a packet capture
Wireshark packet captures don't only contain the network traffic's information but also the data that transferred through the network. A successful packet capture have it and you learn how to extract the files from a wired/wireless packet capture data. Active or passive.
Compromise corporate wireless LANs
From outdated WEP to WPA2 Enterprise to cracking WPA3, you get to hack into all kinds of the vulnerable wireless infrastructures. No hardware is needed as everything is hosted on cloud.
Accessible

Launch an exercise anytime, anywhere on any device.

Real world

Unlike CTFs, scan a network with real clients, traffic and even exploit into wireless networks!

1-min launch

It takes less than a minute to launch an exercise. Regardless of the environment complexities.

Browser based

Have a 30 minutes break? More than enough to exercise your security training routine, right from your browser. No tools required

Ready to join?
Choose a plan
Free
$0
  • First 4 labs free
  • 120 hours of play time
  • 40+ vulnerable environments
  • Solutions
  • 24x7 Forum Support
  • Bulk discount
Try first module free
Individual
Most popular
$199
one time fee
  • 4 Months access
  • 120 hours of play time
  • 40+ vulnerable environments
  • Solutions
  • 24x7 Forum Support
  • Bulk discount
Buy now
For Teams
Best Value
< $179
per member
  • 4 Months access
  • 120 hours of play time
  • 40+ vulnerable environments
  • Solutions
  • 24x7 Forum Support
  • Bulk discount
Contact Sales
3+ users required to opt-in
FAQs
Send all queries tosupport@rootsh3ll.com

Is this a video course?

This is NOT a video course. This is a self-paced course that provides you a set of labs for certain tasks with a starting point. Just like in the real pentest, you get to learn about the tools and environment and use the knowledge to exploit the lab.

How long would my access remain?

You get 4 months of access to the labs, lifetime access to the Forums. You can extend the duration or renew your expired subscription without losing any progress.

For more details, contact support@rootsh3ll.com

Is my lab a dedicated environment or shared?

Every lab exercise you play is a dedicated environment booted up only for you. We never share your data or environment with anybody!

What is the difficulty-level compared to OSCP or HTB?

Apart from the bite-sized labs which are comparatively easier and focused on helping you learn a tool or technique, we offer rootsh3ll Original boxes.

A set of full blown network with real clients, servers, and traffic. Acc. to OSCP holders they are very OSCP-like boxes on difficulty level and require more dedication and skill to crack.

What tools are required to play on rootsh3ll Labs?

Just a web-browser. Unlike CTF, you do not need a 3rd party software or a VPN client to connect to your lab. Just login to the Dashboard and start your lab.

Simple as that

What is rootsh3ll "Hack the Bank"?

Hack the Bank is a set of network exploitation labs that gives you different scenario of exploiting a vulnerable bank's network.

It helps you learn variety of ways to exploit into the network, post exploit into sub-network which are inaccessible to public and exfiltrate information out of them