Step into the world of Web Applications and Kiosk security within a small Active Directory (AD) environment with our new intermediate-level Professional Lab.

Your mission is to fortify the inner network of the secretive OASIS organization by executing a full penetration test.

Whether you're already experienced with AD and web exploits or just getting started, Eldritch offers a hands-on opportunity to tackle real-world scenarios focusing on:

• Enumeration
• Kiosk breakout attacks
• Lateral movement
• Network Pivoting
• Web Application attacks

Eldritch comes with all business-exclusive features such as official write-ups, Restore Point, and MITRE ATT&CK mapping.

Investigate an attack in which illegal RDP sessions were discovered, without Privileged Access Management (PAM), and piece together the threat actor's lateral movement.

Jump into Latus and gain hands-on experience with:

• Evidence collection and analysis.
• Lateral movement detection.
• Attack flow reconstruction.
• RDP session investigation.

Three (3) new exclusive Machines landed in Dedicated Labs, focusing on CVE exploitation, Linux Privilege Escalation, Password Cracking, and more!

Sekure

Learn how to extract an SSH key from a Git repository and reuse it for initial access. Gain experience in privilege escalation by exploiting a misconfigured sudo entry to run commands as root without a password.

Crushed

Exploit a CrushFTP instance using an unauthenticated file read vulnerability (CVE-2024-4040) to obtain credentials, then escalate to root by exploiting an unauthenticated remote code execution vulnerability (CVE-2023-43177).

Chaffinch

Exploit a Remote Code Execution vulnerability in GeoServer's handling of XPath expressions (CVE-2024-36401), followed by a Windows CSC Service privilege escalation vulnerability (CVE-2024-26229).

Ready to uncover how malicious software sneaks past an organization’s defenses?

As your team rushed to meet a project deadline, engineer Alex found a tool to speed up deployment. But soon after, the CPU spiked, and the server started malfunctioning, indicating that something had gone wrong.

Solve the mystery by completing this new Sherlock and gain essential skills to:

• Analyze a Triage image to trace the malware’s entry point.
• Identify security gaps that let it slip past defenses.
• Sharpen your skills in real-world malware detection and response.

Sharpen your API security expertise with Attacking GraphGL Module on Academy for Business.

In this offensive Module, you'll learn to:

• Identify common vulnerabilities in GraphQL implementations, including Information Disclosure, SQL Injection, and IDOR.
• Exploit weaknesses in GraphQL queries and endpoints.
• Strengthen your understanding of securing APIs against real-world threats.

Identify and exploit MSSQL, Exchange, and SCCM vulnerabilities within Active Directory (AD) environments with the new Module available in the Active Directory Penetration Tester job-role path.

This Academy Module sharpens your ability to:

• Identify advanced attack vectors across integrated technologies.
• Execute targeted exploitation within complex AD infrastructures.
• Enhance your defense strategies against real-world AD threats.

Did you know that 86% of data breaches involve stolen credentials?

Active Directory (AD) is at the heart of modern IT infrastructure, making it a prime target for attackers. A breach can cost up to $300,000 per hour in downtime, that’s why mastering AD security is essential.

The new Active Directory Penetration Tester job-role path offers advanced hands-on training in:

• Navigating complex AD environments.
• Identifying vulnerabilities.
• Exploiting misconfigurations.
• Mastering techniques for Kerberos attacks, NTLM relay, and much more!

Whether you’re a Penetration Tester, Security Analyst, or Red Team Operator, this path prepares you for real-world challenges in AD environments and builds upon competencies already acquired in the Penetration Tester job-role path.

Never miss a beat on the HTB Enterprise Platform with our new notification system!

It's designed to keep you informed and optimize your experience by focusing on:

• Seamless Lab assignments

When you're assigned to a new Lab or Space, a notification will pop up so you'll know exactly where to go next, without having to chase down your admin.

• Instant content updates

Stay informed as soon as new content is added to your Labs or Spaces. Notifications ensure you're always up-to-date with the latest materials without manually checking for updates.

• Progress milestones

Notifications will alert you when you reach significant milestones, such as completing a Lab or earning a certificate, so you can track your progress and take action without any delay.

• Streamlined navigation

Quickly access relevant pages with direct links provided in notifications. This feature simplifies task management and enhances team communication by integrating smoothly with other platform features.

Keep an eye out for these updates and make the most of your HTB Enterprise Platform experience!

We've reached the finale of our six-part series on detecting Active Directory attacks, and the final two (2) Sherlocks are now live!

Here’s how these new scenarios will prepare you to handle real-world Active Directory threats:

CrownJewel-1: This Sherlock focuses on detecting NTDS.dit dumping. You’re tasked to analyze event logs and the Master File Table (MFT) to respond to an attack using the vssadmin utility, sharpening your incident response skills.

CrownJewel-2: In this scenario, the focus remains on detecting NTDS.dit dumping, but with a twist - here, the attacker employs the ntdsutil utility. By analyzing event logs, you’ll practice the necessary steps to respond effectively to this specific attack vector.

To streamline team training, we’ve launched a new Path in Dedicated Labs that bundles all six Sherlocks, making it easy for managers to upskill their teams in one go.

And for those looking to dive even deeper into NTDS.dit dumping attacks, check out our latest blog post for additional insights and tips.

Three (3) new exclusive Machines landed in Dedicated Labs in August, focusing on CVE exploitation, Azure Key Vault, Path Traversal, and more!

Identifier

Exploit an SSRF vulnerability in a Python app to retrieve an Azure Key Vault token, decrypt SSH credentials, and ultimately gain root access via command injection in an Azure Function App.

Archive

Exploit an Arbitrary File Read vulnerability to extract credentials from an SQLite database, then escalate privileges by uncovering an administrator password stored in a user-uploaded file.

Shaman

Exploit CVE-2024-40628 and CVE-2024-40629 to gain access to a JumpServer by extracting FTP credentials. You’ll achieve remote code execution (RCE), reset the JumpServer admin credentials, and gain root access via SSH by leveraging MFA.