All Modules in HTB Academy for Business have now been aligned to the NIST | NICE framework, empowering admins to effectively assign relevant content to their team's practice.

The NIST | NICE framework offers a thorough and standardized method for defining and organizing cybersecurity roles by tasks, skills, and knowledge. This helps in identifying skill gaps efficiently and developing successful workforce development plans.

By connecting our Modules with the NIST | NICE framework, we ensure that users gain relevant and job-specific competencies that are widely recognized in the industry.

Explore the comprehensive coverage within your lab by visiting HTB Academy for Business.

We’re excited to introduce Campfire-2, our second AD Sherlock available in Dedicated Labs.

This Sherlock is designed to improve your detection and mitigation skills for AS-REP roasting attacks in the face of a potential compromise in Forela’s network.

By completing this defensive scenario, you’ll learn to:

• Recognize when Kerberos protocol is exploited.
• Audit user accounts to detect unauthorized activities.
• Ensure pre-authentication is enabled to prevent AS-REP Roasting attacks.

Hit the button below to learn more about AS-REP Roasting attack detection in our recent blog post.

Dive into “API Attacks”, our latest Academy Module, which will guide you through API Attacks, focusing on the OWASP API Security Top 10 - 2023.

In this Module, you’ll learn:

• How APIs function and their significance in modern applications.
• How to identify common API flaws.
• Ways in which hackers exploit APIs.
• Robust security measures to safeguard APIs.
• Effective incident response and recovery from API attacks.

Ready to handle phishing emails and examine Windows events that resemble the Love Bug virus?

Uncover hidden threats and solve the mystery of a victim falling for a suspicious email with Heartbreaker Sherlock.

By completing this scenario, you will gain hands-on experience in:

• Phishing email identification.
• Windows event log analysis.
• Malware detection.
• Incident response.

Stay tuned for two (2) new Heartbreaker Sherlocks arriving in July to boost your defensive practices!

We're excited to announce our second Real Case Sherlock in Dedicated Labs: Pulse.

Developed from real incidents provided by leading MSSPs, Real Case Sherlocks provide hands-on practice to enhance threat mitigation skills and overall resilience, cultivating a workforce prepared to confidently tackle real-world incidents.

Created in partnership with Aspire Technology Solutions, Pulse recreates a closed-source incident to challenge SOC teams in investigating corporate compromises using HELK.

In the scenario, you’ll be tasked as part of a DFIR consultancy to assist with a possible compromise of the Forela organization. Your mission is to establish the root cause of the Forela compromise by utilizing the HELK instance provided.

By completing this scenario you’ll:

• Understand the risks associated with the compromise of edge devices.
• Understand TA tool sets utilized to carry out objectives.
• Windows & Web Access Log analysis utilizing SIEM technology.

We’re thrilled to introduce our new Active Directory Series in Dedicated Labs, designed to improve your detection and mitigation skills for critical AD vulnerabilities.

Dive into our first available scenario, Campfire-1, to examine artifacts and logs from the Domain Controller and endpoints to uncover any Kerberoast attack activity.

Mark your calendar for the upcoming Sherlock releases:

• ​​Campfire-2 | July 18, 2024
• Toxic | August 1, 2024
• Reaper | August 15, 2024
• CrownJewel-1 | August 29, 2024
• CrownJewel-2 | August 29, 2024

👇 Hit the button below to learn more about Kerberoasting attack detection in our recent blog post.

Three (3) exclusive Machines have been released this month that will challenge and expand your knowledge in CVE, Active Directory, and Web Applications.

Playground

Develop advanced Active Directory penetration skills by obtaining Domain Admin permissions through a series of AD exploits.

Art

Exploit CVE-2024-23692 and CVE-2024-4577 vulnerabilities to gain server access and obtain administrator privileges.

Bridging

Learn how to manipulate Machine Learning models through Data Poisoning techniques on a banking website, influencing automated cheque-clearing predictions while maintaining high accuracy.

XEN is our newly released Professional Lab scenario designed to test and develop your skills in enumeration, breakout, lateral movement, and privilege escalation within an Active Directory environment.

Your mission is to gain network access, escalate privileges, and compromise the domain while collecting flags.

XEN comes with all business-exclusive features such as official write-ups, Restore Point, and MITRE ATT&CK mapping.

The recent enhancements in Talent Search are designed to bridge the gap between organizations and ideal candidates, ensuring that no communication is lost and every reach-out request is seamlessly tracked and managed.

Administrators can now view the most recently updated requests in Candidate Search and receive an email notifying them of a positive candidate response.

To ensure that Talent Search notifications are enabled, visit "My Profile" > "Notifications" tab.

We've launched two (2) new features that enhance our event management capabilities, allowing you to assess and benchmark teams and individuals, identify areas for improvement and foster the growth and skill development of your team.

You can now customize your selection of Challenges utilizing:

• Resources for Challenges

Each Challenge now includes a "Resources" tab showcasing relevant Academy Modules. This makes your CTF events more effective and educational by directly supporting participants' learning goals.

• Flag Rotation Indicators

Look for the new icon in the sidebar that identifies Challenges with Flag Rotation. This visual cue ensures you can quickly spot these Challenges, promoting fair and competitive events.

👇 Here’s a snippet of those features.

P.S. This feature is only available to CTF Administrators and Hosts.