Introducing Hack The Box Academy Certifications

In November 2020, HTB Academy was launched: a new platform offering fun and interactive cybersecurity courses from entry-level to expert. With a more guided learning approach and a goal to make cybersecurity accessible to all, no matter their background and previous experience. HTB aimed to create the ultimate “University for Hackers” that the community needed. 

All individuals willing to learn cybersecurity have the opportunity to get familiar with basic theoretical concepts, adopt the mindset of a hacker and train their new skills in a fun and interactive way, up until they are confident enough and familiar with the basic techniques to move to the training playground of HTB, our labs. 

The success of Academy is now visible to everyone, reaching in less than 18 months half a million users. The platform is clearly filling an important gap in the industry, and it will be further evolving in that direction. With a love for creating opportunities for hackers all over the world and giving them access to top-quality cybersecurity education, Hack The Box is now ready to take the next step! In 2022, we will strive not only to offer the best education content in its field but also to provide its students with recognized industry certifications to mark their experience and acquired skills in the field.+

What Is Bug Bounty Hunting?

Every cybersecurity enthusiast, even those just taking their first steps into the field, has heard at least once about Bug Bounty. A Bug Bounty Hunter is a freelance security vulnerability researcher who is getting paid to spot cybersecurity flaws in systems. As you can imagine, this profession got really popular as hackers could make an important profit from reporting a critical vulnerability to a company, while at the same time organizations were able to crowdsource penetration testing.

The Bug Bounty Hunter Job-Role Path on HTB Academy does exactly that: with 5 main domains and 20 modules in total, this path covers core web application security assessment and bug bounty hunting concepts that will help get into the world of Bug Bounty and generate revenues. In a balanced combination of theory, methodologies, and hands-on exercises hackers will learn about the major steps of the bug bounty process, including bug identification to exploitation, documentation, and communication to vendors/programs. 

Now that the best (and unique) in-class Bug Bounty Job-Role Path is completed and ready to educate its students to the full, it's time to make it official: users who are completing the full path will be able to get certified!

The HTB Certified Bug Bounty Hunter (aka HTB CBBH) is a highly hands-on certification. HTB Certified Bug Bounty Hunter certification holders will possess technical competency in bug bounty hunting and web application penetration testing domains at an intermediate level.

When Should You Take The Exam? 

But what are the necessary skills to successfully pass the exam? As mentioned above, in order to be an eligible HTB Certified Bug Bounty Hunter (HTB CBBH) candidate, you must have fully completed the Bug Bounty Hunter job-role path first, since its mix of theory and interactive exercises will prepare you for the HTB CBBH exam.

Overall the prerequisites for you to become certified by HTB Bug Bounty Hunter are:

• Intermediate knowledge of web application penetration testing.

• Knowledge of web applications and web services underpinnings/components.

• Conducting web application/web service static and dynamic analysis.

• Conducting web application/web service vulnerability identification and analysis.

• Conducting manual and automated exploitation of various vulnerability classes.

• Professionally communicating and reporting vulnerabilities.

How can you take the exam?

1. Buy a voucher

After an Academy user has successfully completed the Job Role Path, they will be able to become a candidate for the certification. Keep in mind that: 

• Each exam voucher includes two (2) exam attempts. If you fail your first time, no worries. We will send you feedback and some tips to improve your skills before your second try. 

• Exam vouchers expire after 1 year, from the day of purchase. All your attempts should be within that time frame.

2. Enter the exam and hunt for bugs

Now comes the fun part: You can enter the exam by clicking "Exams" (on the left-hand side of the Academy’s central page), then "EXAM INFORMATION" and finally "ENTER EXAM". After you accept the terms and conditions and have read the letter of engagement, with all the engagement details, requirements, objectives, and scope, it’s hunting time!

The exam lab will be accessible for seven (7) days without any restrictions and the candidate will have to perform bug bounty hunting activities against multiple real-world applications hosted in HTB’s infrastructure and accessible via VPN (using Pwnbox or local VM). The targets will be mentioned in the letter of engagement.

Tip: A good strategy is to keep detailed notes and start drafting your report right away.

To ensure that you have fully exploited the included vulnerabilities, you will also be asked to submit a number of flags in the exam lab’s page. Once a certain percentage of the flags have been successfully submitted, the report uploading functionality will be unlocked.

Each candidate will be provided with a dedicated instance of the exam lab. This means that you can perform your bug bounty hunting activities without interruptions caused by others and that you can reset the lab at any time. Additionally, reminder emails will be sent to ensure that you deliver everything on time and that your voucher does not expire.

3. Upload your report

A template report will be provided to you, allowing you to professionally document the identified bugs as well as remediation advice. You will have seven (7) days to upload your report to the exam lab page from the time you enter the exam.

Please note that if you don't upload a report within the deadline your exam voucher will expire and you won't be provided with a second exam attempt to consume!

4. Obtain your results

An HTB Academy instructor will meticulously evaluate your submitted report. Should the report meet certain quality requirements, you will be awarded the HTB Certified Bug Bounty Hunter (HTB CBBH) certification. The results will be presented to you within 20 business days.

If you fail the first attempt, an HTB Academy instructor will identify areas where you were lacking and provide constructive feedback for improvement. The instructor’s feedback will be available on the exam page, "EXAM HISTORY" tab.

You will have a second chance in the form of a free retake to use the obtained feedback, perform bug hunting and upload a new report again within seven (7) days from the time you start the retake. The retake lasts seven (7) days and the exam lab will be accessible again for the entire time.

Please note that by the time you receive the instructor’s feedback regarding your first attempt, you will have fourteen (14) days to start your retake. If you fail to do so, your exam voucher will expire.

By the time you successfully pass the exam, you can claim the digital certificate and download it. We are also working on a physical certification package, always following HTB coolness that will be delivered to your doorstep. And the best part? HTB Academy certifications have no expiration date!

How To Validate Your Certification? 

You can submit the ID of an HTB Certified Bug Bounty Hunter (HTB CBBH) on the Certificate Validation boxes to verify its validity.

Why Choose The HTB CBBH?

In the era of more than enough certificates circling the internet, and more yet to come, it is more than reasonable to want to choose the one that will provide you with a top-quality experience, prepare you for real-world scenarios, and of course, make you stand out. 

Here’s what makes HTB CBBH different from the typical certifications currently in the market:

• Continuous Evaluation - To be eligible to start the examination process, one should have completed all modules of the Bug Bounty Hunter Job-Role Path 100% first. Each module in the path comes with its own hands-on skills assessment at the end that students must successfully complete to prove their understanding of the presented topics.

• Hands-On & Real-World Exam Environment - Candidates will be required to perform actual bug hunting activities against multiple real-world applications. HTB certifications are not based on and do not include multiple-choice questions.

• Outside-The-Box Thinking & Vulnerability Chaining - Candidates will be required to think outside the box and chain multiple vulnerabilities to achieve the exam's objectives. Like in real engagements, creativity, and in-depth knowledge will be required for a successful outcome.

• Commercial-Grade Report Requirement - Successfully completing all bug bounty hunting activities is not enough to obtain the HTB Certified Bug Bounty Hunter (HTB CBBH) certification. Candidates will also be required to compose a commercial-grade report as part of their evaluation. HTB Certified Bug Bounty Hunter candidates will have to prove they are market-ready and client-centric professionals.

• Seamless Experience Powered By Pwnbox – The entire exam and certification process can be conducted through the candidates’ browser, from start to finish. All bug bounty hunting activities can be performed via the provided and in-browser Pwnbox, there are no infrastructural or tool requirements for the examinee.

Are you ready to become a certified bug bounty hunter?

More To Come…

The HTB CBBH is only our first step. Academy will be evolving quickly, covering multiple cybersecurity job roles through top-notch learning paths supported by related industry certifications. 2022 will be the year in which HTB Academy will make its way to the community as the official certification vendor, aiming to educate and introduce to the job market the biggest number of aspiring hackers possible.