The complete list of Q1 2025 releases and updates on HTB Enterprise Platform

The first quarter of 2025 has flown by, and we’re already bringing our product roadmap to life! From launching powerful new features on the HTB Enterprise Platform to releasing fresh hands-on content, we’ve hit key milestones early, all with one goal in mind: helping teams boost cyber performance and build more resilient organizations.

Thanks to your continued support and glowing reviews, Hack The Box remains the #1 leader in Cybersecurity Professional Development on G2, earning 15 new badges this Spring. We’re also proud to be recognized as one of:

• Top 50 Education Software Products

• Top 50 Best Software Companies in the UK

• Top 100 Fastest Growing Products of 2025

These achievements reflect our mission to build and sustain world-class cyber teams equipped to tackle emerging threats.

Watch our latest video for all the Q1 highlights—or keep reading to dive into the details!

 Start free trial

General improvements across the platform

Content recommendations based on MITRE ATT&CK techniques and vector similarity

We’ve introduced a new “Recommendations” tab on every content page across the HTB Enterprise Platform, designed to help teams build skills smarter and faster.

Leveraging MITRE ATT&CK mapping and attack vector similarities, our recommendation engine suggests curated training scenarios (including Machines, Modules, Sherlocks, and Professional Labs) aligned with real-world threats and your team’s development objectives.

Content recommendations ensure every team member’s journey is efficient and focused on building practical, job-ready cyber skills. Here’s how it enhances the team training experience:

• Guided learning tailored to team members’ progress and interests.

• Efficient training with less time searching and more time building market-ready skills.

• Instant access to recommended content with a single click on “Start” or “Play”.

• Customized training by requesting recommended content to be added to training workspaces. 

Efficient learning with lifetime timer for VM targets

HTB Enterprise Platform now features a Lifetime Timer for spawned VM targets, allowing users to track remaining time and manage tasks more effectively.

Need more time? Simply extend the VM’s lifetime without losing progress. This feature ensures a smoother, uninterrupted learning experience, enhancing focus and productivity.

Upgraded notifications for requests on related content

We've enhanced notifications to improve visibility for managers and team members regarding content requests.

Managers now receive instant alerts when a content request is made or when the “Auto-add” option is enabled in a Space, streamlining management without the need for external communication.

Team members are kept informed when their content request is accepted, ensuring everyone stays updated without the need for follow-ups.

Academy for Business 

AI Red Teamer job-role path

Artificial Intelligence (AI) is reshaping the cybersecurity landscape, introducing powerful new capabilities and equally complex risks. As AI continues to evolve, so does the urgency to secure it.

To address this growing demand, Hack The Box and Google have joined forces to lead the AI race and strengthen the future of national security through the launch of the AI Red Teamer job-role path—an innovative curriculum aligned with Google’s Secure AI Framework (SAIF).

This path equips cybersecurity professionals to assess, exploit, and secure AI systems, with topics including:

• Introduction to Machine Learning & AI

• Introduction to Red Teaming AI

• Prompt Injection Attacks & Jailbreaking

• Exploiting AI Outputs

• Model Privacy & Abuse Attacks

• Model Attacks

• AI Deployment Attacks

• AI Supply Chain Attacks

• Guardrails and Securing Model

This initiative aims to make AI security education more accessible, innovative, and actionable, helping teams and organizations build the expertise needed to defend against emerging AI threats.

Stay up to date with the latest course drops through HTB’s release notes.

12 new courses added to Academy for Business

We kicked off 2025 by expanding our library with 12 new security courses, including our first-ever AI-focused Modules, tackling one of the most transformative technologies in cybersecurity.

Each course is designed to equip teams with the essential skills to secure modern infrastructures, helping organizations stay resilient in a rapidly evolving threat landscape. 

Let’s summarise what teams will learn by completing our new courses: 

1. Android Fundamentals: Master the core concepts of Android security, from platform architecture to penetration testing techniques.

2. Pentest in a Nutshell: Develop end-to-end penetration testing skills by simulating real-world assessments from reconnaissance to exploitation.

3. Prompt Injection Attacks: Learn to identify and execute prompt injection attacks on LLMs using real-world cases and cutting-edge research.

4. Process Injection Attacks and Detection: Detect and respond to advanced process injection techniques attackers use to evade security defenses.

5. Wi-Fi Evil Twin Attacks: Understand and execute Evil Twin attacks to reveal Wi-Fi vulnerabilities and apply defensive countermeasures.

6. Network Foundations: Gain a comprehensive understanding of networking principles, protocols, and components essential for securing digital systems.

7. Introduction to Red Teaming AI: Apply red teaming techniques to assess and strengthen the security of AI and ML systems.

8. Detecting Access Token Manipulation Attacks: Identify and investigate Windows privilege escalation through access token manipulation using advanced forensic tools.

9. Introduction to Penetration tTesting: Build a solid foundation in penetration testing methodology, tools, and its role in cybersecurity.

10. Attacking WPA/WPA2 Wi-Fi Networks: Discover how attackers exploit WPA/WPA2 weaknesses and learn strategies to strengthen Wi-Fi security.

11. Applications of AI in InfoSec: Develop and deploy AI models to solve real-world security challenges like malware detection and anomaly analysis.

12. Introduction to Information Security: Understand the fundamentals of information security and the strategies used to protect organizational assets.

Flexible learning with text-to-speech feature (beta)

We’re making learning more flexible and accessible with our new text-to-speech feature, now in beta across Academy Modules on the HTB Enterprise Platform.

Team members can now listen to Module content, making it easier to learn on the go, support different learning preferences, and improve accessibility across diverse teams. 

Dedicated Labs

88 offensive and defensive scenarios added on Dedicated Labs

We’ve released a record-breaking eighty-eight (88) new offensive and defensive scenarios, offering continuous, real-world practice and purple team training across a wide range of techniques, vulnerabilities, and technologies.

Highlighting our expansion, we introduced eight (8) exclusive Machines offering hands-on experience in some of the most vital aspects of cybersecurity, such as:

• CVE exploitation 

• Phishing

• Cloud

• Finance 

• 2FA bypass

• LXD privilege escalation

• Web Applications

Each scenario is designed to mirror real-world environments and threat vectors, helping teams build practical skills for detecting, exploiting, and defending against modern attacks.

Cover industry-focused threats for finance teams with new paths 

With the March 31, 2025 PCI DSS 4.0.1 compliance deadline now in effect, financial organizations face mounting pressure to meet complex security requirements. 

But ticking compliance boxes doesn’t equal true readiness, especially when cyber threats evolve faster than regulations. A poorly prepared team can lead to rushed implementations, persistent security gaps, and costly fines of up to $100,000 per month.

HTB’s newly curated paths target the real skills needed to secure financial systems, reduce risk, and build long-term resilience. These hands-on training paths go beyond compliance checklists, helping security teams close skill gaps in high-risk areas like application vulnerabilities, social engineering, and critical financial software flaws: 

• Practice Phishing and Social Engineering Attacks: Understand attacker behavior to better defend against human-targeted exploits.

• Intro to Finance Applications Security: Secure critical financial software by identifying and exploiting real-world vulnerabilities in open-source tools.

Professional Labs

From enumeration to privilege escalation with a new scenario

Odyssey is more than just a red team exercise—it’s a fully engaging experience built for collaborative, enterprise-level security training.

Teams are tasked with infiltrating an internal network, escalating privileges, and compromising a gaming infrastructure in a simulated, high-stakes operation. Along the way, they’ll collect flags and build hands-on expertise in:

• Enumeration & situational awareness

• Reverse engineering & VoIP exploitation

• Phishing techniques & Web App attacks

• Kubernetes & Solaris OS exploitation

• Source code review & Game server exploitation

Odyssey enables a true purple team approach with a realistic training ground for joint operations, enhanced by business-exclusive features like MITRE ATT&CK mapping, Restore Point, and official write-ups.

Capture The Flag

Simplified CTF event creation with an intuitive all-in-one interface

The entire process has been simplified, allowing event managers to seamlessly set up events from start to finish. With a streamlined setup, key tasks like selecting content, setting event dates, and even making post-purchase adjustments can be done quickly, saving valuable time and ensuring smooth event execution. 

The new Content Library enhances planning by letting event managers explore and select content before purchasing, helping align events with specific goals and objectives. Plus, the flexibility to choose individual scenarios or use pre-made CTF packs, along with advanced filtering options, ensures a more tailored, personalized event creation experience.

Check out our full guide on how to easily set up CTF events or watch the video below to leverage these features to strengthen your team’s capabilities.

New CTF event packs 

We've added five (5) new CTF event packs tackling various roles of red and blue teams and even developers, as well as topics such as AI and secure coding.

Penetration Testing - Essentials

• Build core penetration testing skills through hands-on offensive scenarios.

• Includes ten (10) Machines, simulating the most common and recent system vulnerabilities and misconfigurations across network services, web apps, CVEs, Active Directory, and privilege escalation.

• Aligns with early-career security roles, helping professionals prepare for certification exams and enterprise security assessments.

Secure Coding - Essentials 

• Identify, exploit, and patch real-world web vulnerabilities in source code.

• Includes ten (10) scenarios covering everything from injection attacks and authentication bypasses to broken access control.

• Aligns with early-career security roles, guiding software engineers and penetration testers through both attack and defense scenarios to reinforce a secure software development lifecycle (SDLC) mindset.

AI Prompt Injection – Essentials

• Exploit vulnerabilities in AI systems through prompt injection techniques.

• Includes ten (10) scenarios covering AI manipulation, sensitive data extraction, and real-world attack scenarios.

• Aligns with early-career security roles, supporting security professionals and AI engineers in building hands-on skills to secure AI-powered applications.

Malware Reversing – Essentials

• Build a solid foundation in reverse engineering malware.

• Includes ten (10) scenarios covering static and dynamic analysis, cryptographic decryption, and behavioral forensics.

• Aligns with early-career security roles, helping incident responders and malware analysts to strengthen their threat detection and response skills.

Coding Playground – Essentials

• Bridge the gap between software engineering and cybersecurity through coding challenges.

• Includes eight (8) scenarios that introduce key concepts in logic, debugging, and algorithmic thinking.

• Aligns with early-career security roles, supporting engineers and technical professionals transitioning into security or building strong foundational cybersecurity skills.

 Host CTF event

Tracking team performance in real-time during events

In fast-paced CTF competitions, timing is everything. Especially when it comes to identifying skill gaps, offering support, or recognizing top performers mid-event.

That’s why we’ve introduced real-time analytics to the HTB CTF Platform, giving event managers full visibility into how their teams are performing as the action unfolds. It’s now easier to identify top performers, support those who need help, and make faster, more informed decisions.

Real-time performance tracking is crucial for benchmarking your team's cybersecurity capabilities. Understanding where your team stands is the first step toward building a resilient security workforce. That’s why leading organizations use CTFs not just for engagement, but as a way to track and enhance workforce development.

Join a global CTF competition designed for corporate teams

This year we challenge teams to stop a covert cyberattack aimed at destabilizing global infrastructure, testing their skills against advanced persistent threats and critical system disruptions. Ready to outsmart your competitors and bring home your prizes?

SIGN UP YOUR TEAM FOR FREE

Guide teams effectively with CTF hints

Running a CTF event and noticing players hitting roadblocks? With our new hints feature, admins and event managers can offer timely support without compromising the event’s integrity.

Easily enable or disable hints with a click, or activate them for specific scenarios based on progress. Players will receive instant notifications when hints are available, ensuring they get the guidance they need to keep moving forward.

Streamlined communication between players and event managers 

Managing communication during a high-stakes CTF event now feels like a breeze. With our new reachout feature, admins can send direct emails to participants right from the HTB CTF Platform—no external tools needed. 

The new "Reachout" tab allows for instant message crafting and sending, whether it’s a reminder, update, or announcement.

Talent Search

Efficiently manage job listings

As the demand for skilled cybersecurity professionals grows, organizations need an efficient way to connect with top talent. Talent Search addresses this by offering a global pool of experts while streamlining the recruitment process.

The newly redesigned job management dashboard makes this even easier with:

• Streamlined workflow (draft → published → archived)

• Real-time job visibility and applicant tracking

• Simplified applicant management

• Time-saving features like listing duplication and removal of outdated posts

Discover how Talent Search simplifies your hiring process and helps you find the right cybersecurity talent faster.

Strengthen your team’s cyber performance with HTB

Join leading organizations like Google, Toyota, NVISO, and RS2, who are using the HTB Enterprise Platform to stay ahead of evolving cyber threats and build hands-on expertise.

Log in to HTB Enterprise Platform and get started.

If your organization doesn't have access to the HTB Enterprise Platform, book a call with our team.