A new offensive HTB Academy module will guide you through the Whitebox Pentesting process to identify even the most hard-to-find vulnerabilities. Enable a more thorough way of testing by understanding core processes of Whitebox Pentesting such as:

• Code Review
• Local Testing
• Proof of Concept
• Patching & Remediation

Instantly put these core skills to practice by engaging in an exercise of advanced code injection exploitation and taking advantage of the additional reading resources available.

Don't have access to these course materials? Contact your dedicated Account Manager or explore more by clicking the button below.

It's time to delve into the newly released content for November within Dedicated Labs. This month we feature 2 new Machines and 1 exclusive Machine Learning Challenge.

OpenAD

OpenAD is a Windows Machine that has a Hyper-V Linux machine running. The Linux part of Active Directory installed on the Host and has an Apache ActiveMQ instance running that is vulnerable to CVE-2023-46604.

Caving

Caving is a Linux Machine that showcases an account takeover vulnerability in Splunk, specifically CVE-2023-32707. A vulnerable Splunk server can be exploited by a low-privileged user, escalate your privileges, and accordingly execute commands on the server.

MIA

MIA is a Machine Learning Challenge showcasing a Membership Inference Attack on an image classifier trained on a small subset of the CIFAR-100 public dataset. With this being an active research topic, the problem can be approached in several ways. Which approach will you take?

Using write-ups is integral to learning or receiving guidance in your practice. This is why we have taken it further and mapped them to the MITRE ATT&CK and NICE framework within Dedicated Labs.

This addition to your write-up documentation will bridge the industry-relevant techniques, threats, and tactics to your hands-on practice. It will also provide insight into precise skills that you and your team can develop.

Admins can enable write-ups directly from the main settings with a simple toggle.

Don't have access to Dedicated Labs? Contact your dedicated Account Manager or explore more by clicking the button below.

One of the most common expressions from HTB is “it is always okay to use write-ups”. This time, we have updated your library of guided material with a new set of write-ups for all Forensics Challenges within HTB Dedicated Labs.

Jump into any forensic Challenge and utilize write-ups to help you get unstuck or to guide you in understanding all the necessary steps to complete your labs successfully. Admins can enable write-ups as well as “Guided Mode” for a more assisted learning approach or let their team’s practice be completely exploratory.

Dive into your next forensics challenge and begin using write-ups to better support and grow your hands-on capabilities.

Don’t have access to Dedicated Labs yet? Contact your account manager or explore more by clicking the button below.

With an ever-expanding library of modules within HTB Academy for Business, we understand the need for administrators to assign content relevant to their team's objectives. To enable admins to better assign content relevant to their team's technique practice, we have mapped all Modules to the MITRE ATT&CK framework.

With the MITRE ATT&CK framework being the most universal, applicable knowledge base for adversary tactics and techniques and the easiest way to identify coverage regarding detection capabilities, we have tagged both offensive and defensive modules to their corresponding MITRE techniques.

Jump on HTB Academy for Business and explore the coverage within your lab.

Don't have access to these course materials? Contact your dedicated Account Manager or explore more by clicking the button below.

Get ready to make collaboration effortless by easily adding and engaging with team members within your private instance. Simply use sshx during your routine upskilling and transform your terminal into a shared hub.

Using sshx within your Pwnbox instance will allow admins to quickly offer live guidance, walkthroughs, and collaborate on an exercise with their team members as well as provide an opportunity for team members to jointly practice with the latest industry threats and vulnerabilities.

There is no need for a complicated setup. All it takes is for you to:

1. Spawn your Pwnbox instance
2. Execute 2 necessary commands
3. Share with your team
4. Start collaborating! 🥳

A new Sherlock is here to put your DFIR skills to the test with a new real-world incident. This new defensive lab within HTB Dedicated Labs dives into network traffic analysis, putting your team’s purple approach and collaboration first!

Meeow is a new scenario focused on a leaked database, and it is up to you to analyze network traffic capture of a potentially compromised host and practice using DNSCat.

Put your purple-minded skills to practice through a combination of vulnerable Machines, Challenges, and Sherlocks.

Don't have access to these scenarios? Contact your dedicated Account Manager or explore more by clicking the button below.

Constructing and formatting a report can be a complex and time-consuming process. To help you save time and unlock your true reporting potential, we have partnered with Syslifters to assist you in creating your official HTB certification reports.

You can now access and render in-browser, tailored HTB reporting templates through the SysReptor tool. This way, you can more efficiently compose and customize clear and stylized reports for all CTPS, CDSA, and CBBH certifications.

Access all reports for free by:

1. Starting your certification journey with Academy for Business.
2. Install SysReptor.
3. Download an HTB report.
4. Begin reporting your findings.

Don't have access to Academy for Business? Contact your dedicated Account Manager or explore more by clicking the button below.

Sherlocks are defensive security practical labs simulating real-world incidents. You’ll be asked to conduct an investigation based on a provided cyber attack scenario and clues to unravel the dynamics behind them. By practicing with Sherlocks, individuals and organizations can grow their skills and knowledge on:

• Digital Forensics and Incident Response (DFIR)
• Security Operations Center (SOC)
• Threat Hunting and Threat Intelligence
• Malware Analysis

Sherlocks follow a semi-guided learning approach: a set of questions will appear to lead the investigator in the correct direction, with a very similar interface as the newly introduced Guided Mode feature on Machines. While in Guided Mode, questions are meant to lead you through the scenario and get the flags, in Sherlocks, questions are the actual flags!

15 Sherlocks will be initially available entirely for free to all users: this will allow all platform members to experience a simulated incident investigation and familiarize themselves with a new type of practical labs. Read more about Sherlocks →

How prepared are you to face the challenges of real-world APT attacks?

Utilize the Threat Intelligence path in Dedicated Labs and continuously stay updated with the latest industry threats by practicing vulnerabilities, exploits, and attacking techniques.

Stay hands-on with real-world simulated APT attacks and enhance your practical knowledge and understanding of:

• Popular industry CVEs,
• Remediation
• Defensive techniques
• Advanced Persistence Threats
• Security Awareness

Jump into this path and begin your purple-minded practice through a collection of Machines, Challenges, and Sherlocks.

Don't have access to the Dedicated Labs? Contact your dedicated Account Manager or explore more by clicking the button below.