Robuta

Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by developers an...

Become a job-market-ready blue teamer with DFIR & incident response practice labs that simulate real-world cybersecurity incidents

The "Student Sub" for HTB Academy has landed! Content | HTB Academy News

HTB Academy launches exercise tutoring through Discord! Content | HTB Academy News

The Thermosphere 12V Vertical Single Heated Towel Bar is made using stainless steel and features a polished finish. MFC Code: HTB-VR-900.

Active Directory (AD) presents a vast attack surface and can be challenging to secure and control. Small changes can have a cascading effect, introducing fur...

HTB Certified Active Directory Pentesting Expert Certificate

This module covers the fundamentals required to work comfortably with the Linux operating system and shell.

Introduction to C# aims to provide a solid foundation to understand and work with C# code. Covering the crucial foundations and more intricate concepts, prov...

HTB Certified Defensive Security Analyst Certificate

Download actionable guides and templates to streamline security operations, compliance, and skill-building.

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp...

Whitebox penetration testing enables thorough testing to identify various hard-to-find vulnerabilities. This module covers the process of whitebox pentesting...

This is a skill path to prepare you for CREST's CPSA and CRT exams. The following CPSA/CRT syllabus areas (IDs) are covered: A1, A2, A3, A4, A5, B1, B4,...

Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service internal...

This module serves as an introduction to fundamental Game Hacking concepts. You will learn how to find and change memory values in a running game as well as...

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. O...

The Junior Cybersecurity Analyst Job Role Path is the first step to enter and gain practical, hands-on experience in the cybersecurity field. This path cover...

Learn more about how USF students and professors are using Hack The Box to build cyber skills and long-lasting connections.

After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can further our a...

This module is focussed on understanding different document formats, and techniques for identifying and analyzing the threats posed by malicious documents. B...

This module is a practical introduction to building AI models that can be applied to various infosec domains. It covers setting up a controlled AI environmen...

HTB Certified Penetration Testing Specialist Certificate

Dive into Windows digital forensics with Hack The Box Academy's "Introduction to Digital Forensics" module. Gain mastery over core forensic...

Cutting-edge cybersecurity training and cyber workforce development for financial institutions. Start a free trial today!

New SOC Analyst job-role path Content | HTB Academy News

The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, performin...

A backend that handles user-supplied input insecurely can lead to devastating security vulnerabilities such as sensitive information disclosure and remote co...

Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute a...

Tailored to provide a holistic understanding, this Hack The Box Academy module ensures participants are adept at identifying, categorizing, and documenting s...

Master cybersecurity fundamentals for blue & red teaming. Level up your career.

In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive listing of...

In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.

This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.

This module focuses on Windows privilege escalation techniques through access token manipulation. It covers various topics, including Windows processes, acce...

This module introduces user-mode threat detection on Windows, focusing on low-level techniques and dynamic analysis. It covers the Win32 API, Windows Interna...

HTB Certified Web Exploitation Specialist Certificate

Binary exploitation is a core tenet of penetration testing, but learning it can be daunting. This is mainly due to the complexity of binary files and their u...

This module provides a comprehensive introduction to the static analysis of Android applications—an essential skill for mobile security professionals,...

This theoretical module provides a comprehensive introduction to the foundational components of information security, focusing on the structure and operation...

This Hack The Box Academy module covers how to create YARA rules both manually and automatically and apply them to hunt threats on disk, live processes, memo...

The learning process is one of the essential and most important components that is often overlooked. This module does not teach you techniques to learn but d...

The SOC Analyst Job Role Path is for newcomers to information security who aspire to become professional SOC analysts. This path covers core security monitor...

The Senior Web Penetration Tester Job Role Path is designed for individuals who aim to develop skills in identifying advanced and hard-to-find web vulnerabil...

Active Directory (AD) is the leading solution for organizations to provide identity and access management, centralized domain administration, authentication,...

Your first stop in Hack The Box Academy to become acquainted with the platform, its features, and its learning process.

Hack The Box Seasons levels the playing field for both HTB veterans and beginners. Dominate the leaderboard, win great prizes, and level up your skills!

The NTLM authentication protocol is commonly used within Windows-based networks to facilitate authentication between clients and servers. However, NTLM's...

As a penetration tester or red teamer, it is imperative that we understand the tools that we use inside and out and also have the ability to write out own, e...

This module covers attacks targeting tightly incorporated technologies in Active Directory environments such as MSSQL, Exchange, and SCCM, and how to identif...

We often encounter large and complex networks during our assessments. We must be comfortable approaching an internal or external network, regardless of the s...

Security Incident handling has become a vital part of every organization's defensive strategy, as attacks constantly evolve and successful compromises are...

In this module, we will explore security vulnerabilities in the application and system components of AI deployments. We will also discuss the Model Context P...

This module explores the security challenges of WPA and WPA2 Wi-Fi networks, focusing on WPA/WPA2-Personal and WPA/WPA2-Enterprise. Although these protocols...

This module explores gradient-based adversarial attacks that manipulate neural network inputs at inference time, showing how to craft perturbations that caus...

This module incorporates a simulated Wi-Fi penetration test from start to finish, emphasizing hands-on techniques that reflect real-world engagements. It inv...

This module covers the fundamentals of password cracking using the Hashcat tool.

This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's...

In this module, we will explore deserialization attacks with specific examples in Python and PHP.

This module explores sparsity-constrained adversarial attacks that minimize the number of modified input features rather than perturbation magnitude, showing...

Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-of-Serv...

Get insider insights from security experts in live AMA sessions. Ask questions, learn from pros, and enhance your cyber skills.

This module provides a detailed overview of Supply Chain Attacks, covering hardware and software aspects. It explores the impact of supply chains, the lifecy...

As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation in net...

Bug bounty programs encourage security researchers to identify bugs and submit vulnerability reports. Getting into the world of bug bounty hunting without an...

NVISO provides a broad spectrum of upskilling opportunities to employees - creating skills pathways in minutes (instead of days) with HTB's enterprise...

This module covers the fundamentals required to work comfortably within the macOS operating system and shell.

This module covers three common HTTP vulnerabilities: Web Cache Poisoning, Host Header Vulnerabilities, and Session Puzzling or Session Variable Overloading....

Privilege escalation is a vital phase of the penetration testing process, one we may revisit multiple times during an engagement. During our assessments, we...

This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.

Kerberos is an authentication protocol that allows users to authenticate and access services on a potentially insecure network. Due to its prevalence through...

This 'secure coding' module teaches how to identify logic bugs through code review and analysis, and covers three types of logic bugs caused by user...

Access a new job-role path with a Gold Annual plan Content | HTB Academy News

This module covers three injection attacks: XPath injection, LDAP injection, and HTML injection in PDF generation libraries. While XPath and LDAP injection v...

Discretionary Access Control Lists (DACLs), found within security descriptors, are a fundamental component of the security model of Windows and Active Direct...

HTB SMEs have expert insights featured on blogs, newsletters, webinars, and more–reaching an audience of over 2.7 million!

Active Directory is present in over 90% of corporate environments and it is the prime target for attacks. This module covers the attack chain from getting th...

This mini-module concisely introduces hardware attacks, covering Bluetooth risks and attacks, Cryptanalysis Side-Channel Attacks, and vulnerabilities like Sp...

This module covers three HTTP vulnerabilities: CRLF Injection, HTTP Request Smuggling, and HTTP/2 Downgrading. These vulnerabilities can arise on the HTTP le...

Learn how to improve your JavaScript code's security through Code Review, Static/Dynamic Analysis, Vulnerability Identification, and Patching.

This module covers details on Transport Layer Security (TLS) and how it helps to make HTTP secure with the widely used HTTPS. That includes how TLS works, ho...

This module introduces the monitoring and hooking techniques for Windows APIs. These techniques are used in debugging, reverse engineering, malware analysis,...

Active Directory (AD) is the leading enterprise domain management suite, providing identity and access management, centralized domain administration, authent...

Modern web browsers and applications utilize a variety of security measures to protect against CSRF and XSS vulnerabilities, rendering their exploitation mor...

Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resource...

Become a Bug Bounty Hunter! Content | HTB Academy News

HTB certifications are now on Credly! Content | HTB Academy News

This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities on Win...

The Wi-Fi Penetration Tester Job Role Path is designed for professionals and aspiring security practitioners who want to build expertise in assessing and sec...

This module offers a hands-on introduction to the world of Android malware analysis. It covers common malware types, the ways they abuse system permissions,...

Password cracking is a cornerstone of wireless penetration testing, as many real-world assessments hinge on the strength of the Wi-Fi password and our abilit...

See the related HTB Machines for any HTB Academy module and vice versa

Windows lateral movement involves techniques to navigate and control remote systems within a network, primarily after gaining initial access. It is crucial i...

Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilizes...

Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presented to a...

In this module, we delve into the intricacies of WPS, uncovering the common vulnerabilities that plague this technology. From brute-force attacks to more sop...

This module covers the critical aspects of user behavior analysis by exploring Windows artifacts. It is specifically designed for digital forensic analysts,...

Active Directory (AD) is widely used by companies across all verticals/sectors, non-profits, government agencies, and educational institutions of all sizes....

Jan 9, 2026 - После успешной сдачи OSCP и CRTP, я начал поиск вакансий в сфере пентестинга и заметил, что...

In this module, we delve into Wired Equivalent Privacy (WEP) and the various attacks that can compromise it. We'll explore how to identify access points...