Ready to investigate server breaches and analyze compromised AWS infrastructure?

Dive into the mystery of how a threat actor gained access and determine if any data was exfiltrated in the Heartbreaker-Denouement Sherlock, available in Dedicated Labs.

By completing this scenario, you will gain hands-on experience in:

• Server breach investigation
• AWS infrastructure analysis
• Data exfiltration detection
• Cyber incident response

Our Pre-Qualification Paths are designed to gear you up for high-stakes Professional Lab environments such as Genesis, Dante, Orion, and more.

Develop invaluable skills that will prepare you to tackle each Professional Lab but also elevate your overall security expertise.

Are you ready to take your skills to the next level?

The new curated Path “Fundamentals of EDR Bypass Techniques” is designed to help you learn fundamental techniques for bypassing modern EDR products.

This collection of 5 (five) easy-to-hard Machines is your gateway to mastering EDR evasion, focusing on:

• NT API programming
• API Hooking Bypasses
• Memory modification
• Abusing services to bypass Detections
• Using Direct and Indirect syscalls
• Reverse Engineering
• Windows Internals

Another 3 months have passed and the HTB team has been busy, providing you with top-notch services and key updates that will revolutionize your learning and upskilling experience.

Check out our YouTube video and find out what's new on our platform that your cybersecurity team could catch up on.

We’ve recently launched a new feature that allows admins to hide the Organization Leaderboard from Guests.

When this feature is disabled, it ensures:

- Privacy by preventing Guests from viewing employees' and other Guests' usernames.

- Organization members can still view their rankings among their known peers.

This setting is turned off by default, but admins can enable it as shown below 👇

Test your skills on supply chain attacks, EDR Bypass, and CVE exploitation with our three (3) new exclusive Machines in Dedicated Labs.

Llama

Exploit a path traversal vulnerability in Sonatype Nexus Repository (CVE-2024-4956) to access sensitive files, while mastering remote code execution techniques on the Ollama service (CVE-2024-37032) to elevate privileges and achieve root access.

Polygonal

Exploit DNS hijacking to take control of a CDN domain, serve malicious JavaScript code, and steal PHP session cookies by simulating a supply chain attack similar to 2024 Polyfil, granting unauthorized access to web applications.

DetectorTwo

Reverse engineer and modify an EDR's source code to bypass security checks, mastering advanced EDR bypass techniques on a Windows platform.

To help keep your team engaged, we've introduced new reporting capabilities that allow admins to monitor user engagement within the HTB Enterprise Platform, giving insights into:

• Detailed time tracking: Admins can now view the time spent on different Labs using advanced filters on the Reporting page.
• Time distribution insights: Admins can see how users allocate their time across Learning, Practice, and Real Scenarios.
• Engagement leaderboard: Admins can view the top 3 most engaged users based on the time spent in Labs.

Introducing a powerful feature that streamlines user onboarding and empowers administrators to manage users directly in Academy and Dedicated Labs!

Effortless team management: Invite users on the HTB Enterprise Platform and assign them to a Lab in one step.

Save time: Administrators can efficiently manage users, reducing set-up time.

Instant access: Users get immediate access to the HTB Enterprise Platform and Labs, enabling quick task initiation.

👇 Here’s a snippet:

To access the feature, follow these steps:

1. Visit Academy or Dedicated Labs.
2. Click on the + icon in the top right corner.
3. Select the “Invite Users” tab.
4. Fill in the mandatory fields and click “Invite Users”.

Ready to investigate a malicious binary file displaying traits similar to the Love Bug virus?

Jump into Heartbreaker-Continuum, our newest defensive scenario, where you'll be tasked with analyzing the impact of this file on the system and uncovering its secrets.

By completing this scenario, you’ll gain skills in:

• Malicious file analysis.
• Identification of virus behavior.
• System impact assessment.

Our newly released Academy Module provides a comprehensive exploration of lateral movement techniques within Windows networks, catering to those seeking to enhance their offensive skills or strengthen their defensive measures.

Dive into the “Windows Lateral Movement” Module to learn about:

• Common tools and protocols.
• Exploiting Windows services.
• Techniques for executing lateral movement.
• Defensive strategies.