After pwning my 100th machine on Hack the Box, I’ve picked up a few critical insights that every aspiring pentester should consider. In this blog post, I'll walk through five valuable lessons I learned along the way. Whether you're just starting or looking to sharpen your skills, these insights are for you.
Related Video:
Lesson 1: Rank is Overrated; Consistency Matters
Your Hack The Box rank might look impressive in the short term, but it doesn't carry much weight with employers. Ranking is just a snapshot that can fluctuate as active machines retire and points decrease. Employers and industry peers focus more on the number of machines you’ve consistently pwned over time. The key takeaway? Show up regularly. My consistent performance on Hack the Box, especially through my weekly streams, has earned positive feedback from professionals in the field. It’s this steady pace, not ranking, that counts.
Active and retired machines work differently on Hack the Box. Active machines impact your rank, while retired machines don’t. If your goal is growth, retired machines have the advantage of write-ups and walkthroughs, making them valuable for consistent learning and progress.
Lesson 2: No Shame in Using Guided Mode or Walkthroughs
Hack the Box offers Guided Mode on easy and medium machines, which provides hints when you’re stuck. Unlike a walkthrough, Guided Mode gives you nudges rather than solutions. If you’ve spent a couple of hours making no progress, don’t hesitate to use Guided Mode. And if you're still stalled after another hour, a walkthrough can help bridge gaps in understanding without wasting time.
On my live streams, I often avoid Guided Mode for at least two hours, but when necessary, I’ll turn to walkthroughs—especially when I’m on a time crunch. There’s no shame in using these resources. The goal is to build skills, and sometimes that requires a push in the right direction. With experience, you’ll lean on these tools less frequently.
Lesson 3: Teamwork Accelerates Learning
Working on active machines without walkthroughs is a challenge, but Hack the Box allows private teams. Collaborating with a team on active machines is not only allowed but encouraged, as long as it’s a private group. The top-ranked users often collaborate to solve boxes together, leveraging shared insights and skills.
When I started, I was part of a team, and I learned a lot by working with others. Team dynamics work well for both active and retired machines, but if your main goal is growth, a team can be especially beneficial on active machines where resources are limited.
Lesson 4: Hack the Box Isn’t Real-World Pen Testing—But It’s Great Practice
While Hack the Box and CTFs differ significantly from real-world penetration testing, the practice they offer is invaluable. The continuous hands-on keyboard experience—scanning, probing, and exploiting machines—helps build muscle memory that translates to professional pentesting.
In my job, real-world pentesting involves more than just hacking; it requires client interactions, report writing, and other responsibilities. Hack the Box allows me to keep my technical skills sharp outside of work. If you want to be effective in a pentesting role, these regular hands-on sessions will give you a strong foundation.
Lesson 5: Every Machine Brings New Insights
No matter how experienced you are, every machine teaches you something new. With each box I tackle, there’s always something unexpected, a new angle, or a specific technique that challenges me. Even the easiest boxes reveal unique insights that build upon my existing skill set. The learning never stops, and that’s what makes Hack the Box such a valuable platform.
If you’re interested in seeing these lessons in action, join my live streams for hands-on Hack the Box sessions and Ask Me Anything. And if you’re curious about Hack the Box compared to TryHackMe, check out my detailed analysis for an in-depth comparison between the two platforms.