Sharpen your skills in Web Application exploits with the two (2) exclusive Machines released in April 2024.

Flipper

Explore and exploit two significant vulnerabilities with this Windows Machine: a remote command execution vulnerability in pgAdmin (CVE-2024-3116) and a double-free vulnerability in the nf_tables subsystem of the Linux kernel (CVE-2024-1086). Gain practical experience in exploiting recently disclosed vulnerabilities and understanding the steps involved in a cross-platform attack.

Better

This Linux Machine allows you to understand HTTP Parameter Pollution, identify and exploit SQL Injection vulnerability, recognize Password Reuse Risks, and leverage classic sudo permissions for Privilege Escalation.

Combine theory and hands-on practice to become proficient in attacking and mitigating Active Directory Trust Attacks.

This new Module gives you the essential knowledge and skills to:

• Understand Active Directory (AD): Learn about identity and access management, centralized domain administration, and authentication.
• Attack Domain Trusts: Identify vulnerabilities and execute offensive tactics in both intra-forest and cross-forest Trusts.
• Mitigate risks with hardening practices: Discover methods to reduce the risks of introducing Trusts into a working environment.
• Navigate Advanced AD Pentesting: Explore sophisticated pentesting techniques to identify potential threats within complex Active Directory environments.

Yesterday we launched our latest Professional Lab scenario Alchemy, an industry-realistic scenario for mastering ICS security and defending against ransomware attacks!

Alchemy will challenge your skills and familiarity with:

• ICS security fundamentals
• ICS network segmentation
• Active Directory enumeration in IT and OT networks
• Lateral movement, tunneling, pivoting, and privilege escalation
• Common attacking techniques against Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs)

Alchemy is available as part of the Professional Labs scenarios, click here to read more.

Talent Search has new updates designed to make job applications smoother and more targeted for both company admins and job seekers.

Here’s what you’ll see:

• Admins can specify the job's location to attract candidates from specific regions. It also helps job seekers to quickly determine if they can work at the given location, reducing uncertainty and increasing successful matches.
• Admins can choose between internal and external applications, allowing them to either accept applications directly on the platform or link to an external site.

👇 Check out the walkthrough on how to create a new job listing below.

We’ve harnessed feedback from our 2.7 million community of cybersecurity professionals, and we’re excited to share the new Hack The Box updates released during Q1 2024:

• HTB Enterprise Platform
• Academy for Business
• Dedicated Labs
• Professional Labs
• Capture The Flag

Are you looking for a way to organize and run successful Capture The Flag (CTF) events?

Look no further! Our new Enhanced Event Management features simplify the setup and coordination of CTF events, leading to a gamified experience that your team will love.

Follow our best practices to boost team collaboration, benchmark capabilities, or identify eventual knowledge gaps.

👇 Read more about this release or watch our video walkthrough of the new features.

A new HTB Season is almost here!
​

Join more than 10,000+ aspiring hackers and climb the leaderboard. You only need to complete 2 Machines to receive awesome rewards: discount on subscriptions, swag, and more...

Prepare to face dangerous, unique, and otherworldly anomalies as you compete for a spot at the top of the leaderboard. Find out more about Season 5 on our blog! 👇
​

Now, Capture The Flag players at HTB have the power to showcase their Challenge status, keeping the entire team in the loop throughout the event.
​
Whether you have not started a challenge, are in progress, or need assistance, simply indicate it on the platform!
​
This way, you and your team can coordinate seamlessly and stay laser-focused on the competition. Never took part to a CTF event with HTB? Now it's your time 👇

Ever wanted to try your hand at Sherlock's but didn't know where to start? Here are some good news for you!
​
We've just launched 3 very easy Sherlocks at HTB Labs that are perfectly suited for all cybersecurity beginners.
​
Give Brutus, BFT, and Uni42 a try and start improving your threat detection and testing your DFIR skills now.
​

Exciting news! You can now seamlessly sync your progress between HTB Academy and HTB Enterprise Platform using a unified HTB Account — connecting all your profiles under one umbrella.

Here's what this new enablement brings to the table:

• Holistic skill assessment: Members can access their progress on Modules, Sections, and Paths on either platform, and their activity will be reflected across both, having a comprehensive overview of their progress.
• Benchmarking team capabilities: Administrators can assess and evaluate the performance of team members across both platforms and better tailor lab assignments based on how well their skills align with the current requirements of the cybersecurity landscape.

For guidance on syncing your progress, please refer to our Help Center article by clicking the button below👇