A new offensive Module has been released on Academy for Business, and this time it's all about modern web applications. Gain a comprehensive understanding of the complexities of CSRF and XSS vulnerability exploitation since robust security measures such as the Same-Origin policy and SameSite cookie have come into play.

In this course, you will:

• Understand the Same-Origin policy and Cross-Origin Resource Sharing (CORS) in the context CSRF Exploitation.

• Learn how to bypass weak CSRF defenses.

• Deep dive into crafting XSS exploits that enable advanced reconnaissance and exploitation actions.

Don't have access to these course materials? Contact your dedicated Account Manager or explore more by clicking the button below.

We have further enhanced the ability for Enterprise Platform admins to understand their team’s progress and review faster the engagement of lab members with the content assigned.

With the new User Progress Tab, administrators can access a clear breakdown of their team’s or individual members’ progress (whether Machines, Sherlocks, or Challenges) with the most engaged users displayed on top.

Meanwhile, through the Content Progress Tab, admins can gain complete visibility of their team’s engagement based on the content assigned, offering a detailed, all-rounded view of their team’s success and routine practice habits.

Don’t have access to Dedicated Labs yet? Contact your account manager or explore more by clicking the button below.

There is always a next step! You can now find recommended content based on your completed labs through a range of mapped Machines and Modules accessible on Academy for Business and Dedicated Labs.

This new functionality provides the opportunity for you to identify the ideal next step in your learning program and to hone the skills you have already acquired. Simply scroll to the end of your Module preview page and find the content relevant to your workforce development plan.

Want to combine theory and practice through the Dedicated Labs and Academy for Business?

Contact your account manager or explore more by clicking the button below.

Ready to dive into October’s new Dedicated Labs content? This month, we released exclusive content to the Enterprise Platform consisting of 3 new Machines and our second exclusive AI Challenge.

Looney

Looney showcases a buffer overflow vulnerability in processing the GLIBC_TUNABLES environment variable by the GNU C Library dynamic loader. The vulnerability, labeled CVE-2023-4911, is commonly known as Looney Tunables.

Influence

Influence showcases a Broken Access Control vulnerability in Atlassian Confluence (CVE-2023-22515), with an assigned CVSS base score 10.0. Want to turn your practice more purple? Jump into the Sherlock ‘"Conned’" in your Dedicated Labs environment and learn how to defend against this vulnerability.

Cued

Cued focuses on an out-of-bounds array access vulnerability which can lead to remote code execution on affected systems running the GNOME desktop environment.

Nooto (AI Challenge)

Nooto focuses on function calling in OpenAI and specifically on how function parameters could be changed to obtain a different result from the expected one.

We are now better supporting local and international organizations in their cybersecurity upskilling. For this reason, we have updated our Help Center with nine (9) new languages. Visit the Hack The Box help center and receive support on all subject matters related to your platform, content, and functionalities.

Here are the current languages supported:

• English
• Arabic
• Hindi
• Greek
• French
• Brazilian Portuguese
• Spanish
• Japanese

This week, we released three (3) new Sherlocks in HTB’s Dedicated Labs, focusing on various defensive domains your team will love.

• Put your DFIR skills to the test with Looney-D and gain an attacker's perspective on the Looney Tunables CVE by completing the Looney Machine.

• Get started with Lockpick 2.0 and continue your journey in Malware Analysis following the release of Lockpick 1.0.

• The first ICS/OT Sherlock "Fueled" is now available and added to the ICS & SCADA collection for you to begin your practice and break the barrier between digital and physical realms of security operations.

Get the best of both worlds and build a powerful purple-minded team through a combination of vulnerable Machines, Challenges, and Sherlocks.

Don't have access to these scenarios? Contact your dedicated Account Manager or explore more by clicking the button below.

We have just released a new Machine and Sherlock on the latest Confluence CVE–2023-22515 with a CVSS base score of 10.0, which allows unauthenticated attackers to gain unauthorized access with administrative privileges to Confluence instances.

This combination of labs is ideal to put your purple team knowledge into practice by attacking and defending vulnerabilities within Dedicated Labs. Dive in and begin exploiting this vulnerability through the Machine "Influence". Afterward, jump into the Sherlock "Conned" and pinpoint the root cause of the compromise and the detection methods employed.

Don't have access to these CVE-based labs? Contact your dedicated Account Manager or explore more by clicking the button below.

We have further enhanced your admin toolkit within the HTB Enterprise Platform. The new activity tracker enables you to better understand your team's success by monitoring their engagement on a weekly and monthly basis.

• Managers who want to monitor their workforce's development progress.
• Professors who want to check students' engagement with labs.

This new and improved functionality is available across all HTB business plans and offerings.

Are you too indecisive in selecting a pack from our CTF Marketplace, or do you require a more unique approach to your next CTF event?

The HTB team is ready to assist you in organizing an exceptional and more diversified CTF experience and ensure it aligns perfectly with your business goals and upskilling needs.

Select "Tailor your CTF" and have our team of experts create the right combination for you. This bundle suits teams looking to take a more personalized approach outside the existing challenge portfolio available within the CTF Marketplace.

We are excited to expand our Dedicated Labs content portfolio and break the practice barrier between the digital and physical realms of security operations.

This new set of scenarios in HTB’s Dedicated Labs will equip your team with a strong hands-on foundation of the intricate interplay of software, hardware, and network layers, including components such as SCADA systems.

Through a series of Machines and Challenges, team members will gain experience on:

• Engaging with Modbus server systems.
• Evaluating the security of Human-Machine Interfaces (HMIs).
• Assessing potential vulnerabilities in firmware update processes.
• Examination of Programmable Logic Controller control logic

Gain the expertise needed to secure and exploit your infrastructure by jumping on the Dedicated Labs and ensuring your administrator has added this track into your workspace.