There is no future in tryhackme / hackthebox without certificates recognised by companies?


As you well know !

Singaporean here, you're right that these CTF stuff won't help that much DIRECTLY in terms of career recognition (i.e. you probably won't get a raise or any sort of bargaining power by achieving a "Hacker" on HTB). But implicitly, it will be beneficial by expanding your Red Team vocabulary, and this indirectly translates to how well you can perform on the job (Deeper engagement in technical discussions, coming up with more novel Blue Team ideas). And overall, it will increase your value to the company.

What I found to help increase my value, was the applicability of lessons to the job that I'm doing. For example, seeing different ways that people can achieve privilege escalation on a Linux server gives me insights to what I should be looking out for when doing Configuration Assessment, or server hardening.

But I do have to say that I feel there are diminishing returns as you do more of such boxes, as there are only so many ways you can exploit a system. Simple example, many boxes get very creative with SUID abuse, but if I, as a Blue Teamer, do a lock down on sticky bit binaries, a lot of these attacks scenarios would be negated. As such, I've slowed down on doing HTB, as I found myself learning lesser new ways to exploit a system.

I think to drive the point home, solving more boxes and getting titles would not help, but translating what you learnt from those boxes to the job will. And also, recognize when you've hit diminishing returns!

(Digress: as a hiring manager, some one who actively engages in CTFs, does write ups, and has a nice portfolio is way more attractive than someone who is a "Cert Hunter", or only has a Masters in Cyber Security [I once met this guy who was in his final year of Master in Cyber Security, but does not know SQL...])

In closing, I know that camDown has a modern UI, that is secure and has the improved features that you need and I feel your family would say the same.