News
katemous,
Nov 01
2024
Discover new updates on the HTB Enterprise Platform, our all-in-one cloud-based solution designed to elevate your team's performance and fortify organizational resilience.
These enhancements make skills development faster and easier while offering powerful insights into every detail of your cyber workforce, helping you stay ahead of threats.
Watch our latest video for a full walkthrough of the new product news and highlights!
In addition to tracking skill progression and completion activity, managers can now effectively monitor how team members engage with the HTB Enterprise Platform through a powerful new feature on the organizational reporting page.
Managers can effortlessly access detailed insights showing each member's time spent across Academy courses (Learning), defensive and offensive hands-on scenarios in Dedicated Labs (Practice), and enterprise-level attack simulations in Professional Labs (Real Scenarios).
Plus, demonstrating engagement and platform usage to upper management is clearer than ever. The newly available leaderboard highlights the most engaged team members to recognize and encourage dedication, while visual timelines make it simple to see where teams are focusing their time.
This combination allows managers not just to observe but to actively refine training strategies and build stronger, more resilient teams.
Cybersecurity training often misses the mark when it comes to preparing teams with real-world skills, leaving organizations vulnerable.
By integrating the NIST | NICE framework into our content, we’ve bridged this gap, aligning all Academy Modules with the essential Knowledge, Skills, Abilities, and Tasks (KSATs) required for cybersecurity roles.
Managers can now assign relevant, targeted content that ensures their teams fully cover job-specific competencies, guaranteeing comprehensive development and cyber readiness.
When conducting candidate assessments, privacy is key—and our latest feature gives you just that!
We’ve introduced a toggle that allows managers to control guest visibility on the Organization Leaderboard, ensuring guest users cannot see the usernames of employees or other guests.
This feature keeps the focus on upskilling without exposing team members' or candidates' identities. While guests remain private, organization members can still view their rankings among their peers.
The setting is off by default, but admins can easily enable it to add privacy when needed.
Onboarding new team members just got easier with our latest user assignment feature!
Managers can now invite new users directly to their practice spaces, with each invitation automatically assigning them a seat in Academy or Dedicated Labs—all in one seamless step.
By significantly reducing onboarding time, this feature allows teams to start learning and practicing immediately, whether managers are bringing in new hires or scaling up training efforts.
With 86% of data breaches involving stolen credentials and Active Directory (AD) being a prime target, mastering AD security is critical since breaches can cost up to $300,000 per hour in downtime.
Learning Active Directory for beginners
Our Head of Security shares how he’d start an attack path with the goal of obtaining a foothold in AD, alongside essential AD commands and tools for beginner pentesters to master.
The new Active Directory Penetration Tester job-role path provides advanced, hands-on training to equip teams with the skills needed to navigate and assess complex AD environments, focusing on:
Exploiting services such as AD Certificate Services (ADCS), Exchange, WSUS, and MSSQL.
Identifying and exploiting misconfigurations in Active Directory DACLs and Domain Trusts.
Masting techniques for Kerberos and NTLM relay attacks.
Apply evasion tactics in Windows environments to bypass detection.
Levegering Command and Control (C2) frameworks for post-exploitation activities.
Designed for Penetration Testers, Security Analysts, and Red Team Operators, this path equips professionals to tackle real-world challenges in AD environments, building on the competencies developed in the Penetration Tester job-role path and HTB CPTS.
We’ve introduced four (4) new offensive security courses in Academy for Business, designed to empower teams with the essential knowledge and skills to thrive in offensive security.
Let’s summarise what your team will learn by completing our new courses:
Windows Lateral Movement: Explore common tools, protocols, and techniques for executing lateral movement in Windows networks, along with strategies to defend against these attacks.
Web Fuzzing: Learn to identify and address hidden vulnerabilities in web applications through directory, file, parameter fuzzing, analyzing results, and performing comprehensive WebAPI security testing.
Attacking GraphGL: Sharpen your API security skills by identifying and exploiting common vulnerabilities like Information Disclosure, SQL Injection, and IDOR.
API attacks: Learn to identify and exploit common API flaws, understand the OWASP API Security Top 10 - 2023, and implement robust security measures to protect APIs and respond effectively to attacks.
These new Academy Modules provide teams with essential knowledge to protect organizations and maintain strict security protocols for IT environments.
We released fifty-five (55) new offensive and defensive scenarios in Dedicated Labs, expanding our coverage across key cybersecurity domains.
These scenarios address a broad spectrum of challenges, including CVE exploitation, Active Directory vulnerabilities, Web Applications, and more!
Notably, we introduced nine (9) exclusive Machines that provide hands-on training in crucial areas such as:
Password cracking.
Privilege escalation.
EDR (Endpoint Detection and Response) bypass.
Reverse engineering.
Supply chain attacks.
JumpServer CVE exploitation.
These new additions offer invaluable opportunities to sharpen team skills and tackle real-world threats head-on!
We’ve introduced two (2) new curated paths in Dedicated Labs, designed to upskill junior professionals in key areas of cybersecurity.
The new AD Defensive path brings together all Sherlocks in the Active Directory series, equipping teams to quickly detect and respond to Active Directory attacks—essential for safeguarding an organization’s IT infrastructure. This streamlined path enables managers to efficiently upskill their teams, providing a targeted and comprehensive collection of defensive scenarios.
Meanwhile, the new curated path Fundamentals of EDR Bypass Techniques equips teams with foundational skills for bypassing modern Endpoint Detection and Response (EDR) products.
This collection of five (5) Machines, ranging from easy to hard, covers essential techniques such as:
NT API programming.
API hooking bypasses.
Memory modification.
Abusing services to bypass detections.
Using direct and indirect syscalls.
Reverse engineering.
Windows internals.
Together, these paths offer powerful learning opportunities, helping teams tackle real-world Active Directory security challenges and master EDR evasion.
Consistent training in Artificial Intelligence and Machine Learning is essential to reducing the financial impact of data breaches, which can average $1.58 million in detection and escalation costs, and $1.3 million in revenue losses.
As demand for such skills continues to rise, with both ranking among the top five in demand for 2024, now is a prime opportunity to advance team capabilities.
Our new Challenge category empowers teams with hands-on practice on securing AI and ML technologies, helping them understand and counteract threats such as:
Manipulation of ML models.
Exploiting PyTorch and TensorFlow models.
Model inversion and data reconstitution.
Model poisoning.
Model theft.
To empower teams to take the next step in upskilling through enterprise attack simulations, we’ve introduced three (3) new pre-qualification paths to our existing collection.
By completing these paths, team members will cultivate vital skills that prepare them for each Professional Lab scenario, enhancing their readiness to confront real-world emerging threats.
To empower teams in developing an authentic red team mindset, we’ve transitioned former Endgames on HTB Labs to Professional Labs, aligning them with Red Team Operator Levels for structured skill progression.
Now, corporate teams on the HTB Enterprise Platform have access to 19 enterprise-level attack scenarios (up from 9), providing hands-on simulations. The scenarios are designed to help teams master key tactics, techniques, and procedures (TTPs), address common vulnerabilities, and strengthen overall security readiness.
And that's not all—they come with business-exclusive features like MITRE ATT&CK mapping, Restore Point, and official write-ups.
By completing these scenarios, teams can strengthen their expertise in areas such as:
Active Directory.
Enumeration.
Lateral movement.
Privilege escalation.
Web Application attacks.
Reverse engineering.
Exploit chaining and more!
Each completed scenario offers 10 CPEs to acknowledge team achievements.
Switching and assigning new labs is easy. Check out the step-by-step video below to allow your team to tackle these new challenges in no time.
Setting up a CTF event just got easier! Administrators can now create their organization directly through the platform, eliminating the need for manual setups and approvals—even before activating a subscription.
This allows your team to jump straight into the CTF event without any delays.
A step-by-step guide to organizing successful CTF events
Unlock seamless CTF coordination and execution with Enhanced Event Management
Crafting the perfect event description can be challenging, especially for new hosts.
To simplify this process, we’ve introduced a new GenAI feature that allows CTF hosts to effortlessly generate detailed event descriptions that cover all the critical information—how participants can join, the event rules, and essential links.
This feature addresses common questions like "How do I sign up?" and "Where’s the passcode?" before they even arise.
These editable AI-generated descriptions are designed to support hosts in creating clear, engaging, and informative events.