Accelerate your cybersecurity learning with a new Guided Mode feature, now available also on 43 Machines within HTB Dedicated Labs.

The Guided Mode feature now offers additional support, presenting a series of questions that strategically guide you to unravel the correct path to the root flag for Very Easy, Easy, and now Medium Machines.

Don’t have access to Dedicated Labs yet? Contact your Account Manager or hit the button below to unlock more.

We are thrilled to introduce our first certification covering specialized security job roles: HTB Certified Web Exploitation Expert (HTB CWEE).

This new specialized course material focuses on building a mindset around risk mitigation and vulnerability identification, using various advanced and modern vulnerabilities as demos.

This approach not only helps in identifying all of the covered vulnerabilities in the path but also others that are based on the same concepts or attack principles.

How to get your certification ↓

1. Complete the Senior Web Penetration Tester job-role path. The path consists of 15 threat-connected courses based on the current industry trends.
2. Enter the exam & start the pentest.
3. Submit your report.

Read the full announcement — don't have access to these course materials? Contact your Account Manager or hit the button below to unlock more.

Explore the new content released in February within Dedicated Labs. This month, we are featuring three (3) new exclusive Machines.

Atrium

Get your hands on the CVE-2023-52076 vulnerability in Atril Document Viewer, which affects the parsing and extraction of EPUB files, allows to write arbitrary data to any path the user who opens the file has write access to, with the only limitation of being unable to overwrite existing files.

DootDoot

Have a look at this medium-level Linux Machine that showcases an Indirect Poisoned Pipeline Execution (I-PPE), wherein Jenkins builds are conducted through a Docker image hosted in a private Docker registry. A Public Gitea repository exposes credentials through commits, allowing unauthorized access to the Docker registry. The goal is to use Reconnaissance and Docker Abuse techniques to tackle vulnerabilities of Clear Text Credentials and Insecure Design.

Sententia

Practice with a hard-level Windows Machine focusing on EDR bypass techniques and Insecure Design vulnerability. The goal of this machine is to showcase how API hooking can be bypassed by unhooking and cleaning the NTDLL to its normal state.

Don’t have access to Dedicated Labs yet? Contact your Account Manager or hit the button below to unlock more.

Make sure you don't miss out on your daily activity on the HTB Academy for Business!

Just click on the "Activity" tab to easily check all your recent activity on the "My profile" page.

Stay up-to-date and keep track of your cybersecurity learning journey that is going on with your account.

Don't have access to these course materials? Contact your Account Manager or hit the button below to unlock more.

Individuals and organizations are still learning how to detect and respond to AI threats. Get a hands-on experience with this latest release!

FullHouse is a time-efficient extension of our Professional Lab scenarios that addresses realistic exploits and techniques simulated to test the AI readiness of any team or organization.

This new scenario offers a potent mix of challenge and innovation in a condensed format: 4 Machines, 7 flags, and multiple interesting attack vectors.

Here’s a glimpse into what you’ll be learning and what you should be prepared for:

• Source Code Review
• Web Application Attacks
• Reversing
• Windows Exploitation
• Active Directory Exploitation
• Blockchain Exploitation
• AI Bypass and Exploitation

FullHouse is available to all organizations within the Professional Labs offering (with official write-ups and MITRE ATT&CK mapping). Teams with an existing Professional Labs environment can easily assign FullHouse as part of the skills development plan with a couple of clicks.

Don’t have access to Professional Labs yet? Contact your Account Manager or hit the button below to unlock more.

Are you ready to be tested in a cutting-edge lab environment?

Step into FullHouse where AI and blockchain are here to give you a run for your money. This new scenario offers a potent mix of challenge and innovation in a condensed format: 4 Machines, 7 flags, and multiple interesting attack vectors.

Step into the HTBCasino, entrusted with ensuring the privacy and security of its players. Your mission is to uncover vulnerabilities in new and legacy components, gain a foothold on the internal network, escalate privileges, and compromise the entire infrastructure—all while collecting flags along the way.

Here’s a glimpse into what you’ll be learning and what you should be prepared for:

• Source Code Review
• Web Application Attacks
• Reversing
• Windows Exploitation
• Active Directory Exploitation
• Blockchain Exploitation
• AI Bypass and Exploitation

Individuals and organizations are still learning how to detect and respond to AI threats. Get a hands-on experience with this latest release!

A new virtual assistant powered by AI technology is now available for HTB Enterprise Platform administrators in Dedicated Labs, Professional Labs, and Cloud Labs.

This new AI-powered support is consuming data from lab write-ups, help center articles, product updates, and additional sources to better support the development of a cyber workforce development plan.

How to access and use the AI support?

1. Open Support & Updates
2. Click on Messages
3. Click on Ask a question
4. Choose General Inquiry

What can you ask the AI Hivemind?

• To provide a list of labs and scenarios to practice on specific domains.
• To summarize write-ups or lab synopsis.
• To provide suggestions on labs to add to your team's workspace.
• To give more context on a CVE-based scenario and the difference between labs.

Ready to dive into the new weekly Sherlock release to put your DFIR skills into practice?

Your mission is to perform research and testing on an old and insecure Windows operating system that could have been compromised.

The ultimate goal is to take a defensive approach to what actions were carried out by the attacker and to assess the potential impact on other assets.

Don’t have access to Dedicated Labs yet? Contact your Account Manager or hit the button below to unlock more.

Here is your weekly refresher on Digital Forensics and Incident Response! Dive into this week's Sherlock: Conned-Again.

Investigate the exploited CVEs (CVE-2023-22515 and CVE-2023-22527) on a compromised Confluence server. Ready to tackle this new addition to your lab?

It offers great defensive practices that can be easily replicated on your organization's infrastructure to prevent attacks or vulnerabilities.

Don’t have access to Dedicated Labs yet? Contact your Account Manager or hit the button below to unlock more.

Jenkread is a Linux Machine demonstrating an arbitrary file read vulnerability (CVE-2024-23897) in the CLI component of Jenkins versions 2.441 and earlier, as well as LTS 2.426.2 and earlier.

PoCs for CVE-2024-23897 have been made public and could be leveraged by attackers to compromise unpatched Jenkins servers!

There have also been reports of the vulnerability being exploited in the wild. Get to know this vulnerability first and keep your organization secure!

Don’t have access to Dedicated Labs yet? Contact your Account Manager or hit the button below to unlock more.