Pro Labs product update: new scenario & subscription plan

We’re excited to announce a brand new addition to our Pro Labs offering. We’ve just introduced Zephyr, an intermediate-level red team simulation environment designed to be attacked, as a means of honing your team’s engagement while improving Active Directory enumeration and exploitation skills.

Zephyr, created by Daniel Morris (dmw0ng) and Matthew Bach (TheCyberGeek), is designed for anyone with the foundational knowledge of Active Directory TTPs looking to expand their skill set in Active Directory enumeration and exploitation. 

This Red Team Operator I lab will expose players to corporate networks designed to imitate a real-life engagement with multiple areas of essential knowledge to be acquired throughout the engagement.

What is Zephyr about?

Zephyr Server Management has been hired by Painters organization to actively maintain their infrastructure as they continue to grow as a business. The organizations are mandated to have quarterly penetration tests and have employed you to actively seek any potential vulnerabilities that could lead to both the Painters and Zephyr Server Management networks being fully compromised. You have been assigned to test the internal network and have been given access to a VPN to communicate with the network. You are tasked to explore the corporate environment, pivot across trust boundaries, and ultimately attempt to compromise all Painters and Zephyr Server Management entities.

As mentioned, Zephyr is an intermediate-level scenario, but would be suitable for users who are able to solve HTB Medium Machines and Academy Modules. In fact, in order to take the best out of this new lab, players should possess a basic understanding and knowledge of:

• Penetration testing tools

• Windows and Linux operating systems

• Windows Active Directory

• Microsoft SQL servers

• Web application exploitation skills

• PowerShell

• Pivoting knowledge, Proxychains, and Metasploit usage

• BloodHound usage

The primary learning objective of this new Pro Lab scenario is to upskill users on Active Directory concepts and techniques, but every player advancing through Zephyr will be exposed to multiple key learning outcomes, including:

• Enumeration

• Exploitation of a wide range of real-world Active Directory flaws

• Lateral movement and crossing trust boundaries

• Password Cracking

• Privilege escalation

• Web application, SQL, and relay attacks

• Pivoting

Aside from the advanced practical skills gained useful for any cybersecurity career path, every user making it until the end of a Pro Lab will be also able to claim and obtain a certificate of completion, which also grants 40 (ISC)² CPE credits.

GET STARTED WITH ZEPHYR

New Pro Labs subscription plan

Can you image that we have something even more exciting to announce? Well, here we go!

We’ve implemented some relevant changes to our Pro Labs subscription offering, focusing on providing more training content to all our users while keeping the quality of the service high and accessible to everyone.

All community members will now have the chance to access all Pro Lab scenarios for a flat fee of $49/month ($490/year - saving two months in total) with the ability to switch between scenarios at any given moment. 

We also have officially waived the setup fee and expanded the access from only a single Pro Lab per subscription to all the available scenarios - and future ones that will be released. 

Note for all current subscribers: legacy Pro Lab subscriptions that are currently active will be honored and not canceled. This means that every HTB member having an active Pro Lab subscription in place will have the option to keep the current subscription until its expiration date. After the expiration date or cancelation, the only option will be to subscribe to the new Pro Lab plan.

More content, more scenarios, and more training… All in a single subscription! Pro Labs allow players to test their skills on realistic scenarios based on enterprise infrastructure. Are you ready to master Red Teaming?