News

9 min read

The complete list of Q3 2024 releases and updates on HTB Enterprise Platform

Building on the valuable feedback from our 3+ million community of cybersecurity professionals and addressing current industry challenges, we’re excited to share the latest HTB updates.

katemous avatar

katemous,
Nov 01
2024

Discover new updates on the HTB Enterprise Platform, our all-in-one cloud-based solution designed to elevate your team's performance and fortify organizational resilience.

These enhancements make skills development faster and easier while offering powerful insights into every detail of your cyber workforce, helping you stay ahead of threats.

Watch our latest video for a full walkthrough of the new product news and highlights!

 Start free trial

General improvements across the platform

Time-related reporting to monitor user engagement

In addition to tracking skill progression and completion activity, managers can now effectively monitor how team members engage with the HTB Enterprise Platform through a powerful new feature on the organizational reporting page.

Managers can effortlessly access detailed insights showing each member's time spent across Academy courses (Learning), defensive and offensive hands-on scenarios in Dedicated Labs (Practice), and enterprise-level attack simulations in Professional Labs (Real Scenarios).

Plus, demonstrating engagement and platform usage to upper management is clearer than ever. The newly available leaderboard highlights the most engaged team members to recognize and encourage dedication, while visual timelines make it simple to see where teams are focusing their time. 

This combination allows managers not just to observe but to actively refine training strategies and build stronger, more resilient teams.


NIST | NICE content categorization to assign labs to Red or Blue teams 

Cybersecurity training often misses the mark when it comes to preparing teams with real-world skills, leaving organizations vulnerable. 

By integrating the NIST | NICE framework into our content, we’ve bridged this gap, aligning all Academy Modules with the essential Knowledge, Skills, Abilities, and Tasks (KSATs) required for cybersecurity roles.

Managers can now assign relevant, targeted content that ensures their teams fully cover job-specific competencies, guaranteeing comprehensive development and cyber readiness.


Control Guest visibility and access in the Organization Leaderboard

When conducting candidate assessments, privacy is key—and our latest feature gives you just that! 

We’ve introduced a toggle that allows managers to control guest visibility on the Organization Leaderboard, ensuring guest users cannot see the usernames of employees or other guests.

This feature keeps the focus on upskilling without exposing team members' or candidates' identities. While guests remain private, organization members can still view their rankings among their peers. 

The setting is off by default, but admins can easily enable it to add privacy when needed.

 

Instant invitation and seat allocation to main Spaces

Onboarding new team members just got easier with our latest user assignment feature! 

Managers can now invite new users directly to their practice spaces, with each invitation automatically assigning them a seat in Academy or Dedicated Labs—all in one seamless step. 

By significantly reducing onboarding time, this feature allows teams to start learning and practicing immediately, whether managers are bringing in new hires or scaling up training efforts.

 

Academy for Business 

Active Directory Penetration Tester job-role path

q3 2024

With 86% of data breaches involving stolen credentials and Active Directory (AD) being a prime target, mastering AD security is critical since breaches can cost up to $300,000 per hour in downtime.

Learning Active Directory for beginners

q2 2024 updates

Our Head of Security shares how he’d start an attack path with the goal of obtaining a foothold in AD, alongside essential AD commands and tools for beginner pentesters to master.

The new Active Directory Penetration Tester job-role path provides advanced, hands-on training to equip teams with the skills needed to navigate and assess complex AD environments, focusing on: 

  • Exploiting services such as AD Certificate Services (ADCS), Exchange, WSUS, and MSSQL.

  • Identifying and exploiting misconfigurations in Active Directory DACLs and Domain Trusts.

  • Masting techniques for Kerberos and NTLM relay attacks.

  • Apply evasion tactics in Windows environments to bypass detection.

  • Levegering Command and Control (C2) frameworks for post-exploitation activities.

Designed for Penetration Testers, Security Analysts, and Red Team Operators, this path equips professionals to tackle real-world challenges in AD environments, building on the competencies developed in the Penetration Tester job-role path and HTB CPTS.


4 new courses added to Academy for Business

q3 2024

We’ve introduced four (4) new offensive security courses in Academy for Business, designed to empower teams with the essential knowledge and skills to thrive in offensive security. 

Let’s summarise what your team will learn by completing our new courses: 

  1. Windows Lateral Movement: Explore common tools, protocols, and techniques for executing lateral movement in Windows networks, along with strategies to defend against these attacks.

  2. Web Fuzzing: Learn to identify and address hidden vulnerabilities in web applications through directory, file, parameter fuzzing, analyzing results, and performing comprehensive WebAPI security testing.

  3. Attacking GraphGL: Sharpen your API security skills by identifying and exploiting common vulnerabilities like Information Disclosure, SQL Injection, and IDOR.

  4. API attacks: Learn to identify and exploit common API flaws, understand the OWASP API Security Top 10 - 2023, and implement robust security measures to protect APIs and respond effectively to attacks. 

These new Academy Modules provide teams with essential knowledge to protect organizations and maintain strict security protocols for IT environments.


Dedicated Labs


55 offensive and defensive scenarios added on Dedicated Labs

q3 2024

We released fifty-five (55) new offensive and defensive scenarios in Dedicated Labs, expanding our coverage across key cybersecurity domains.

These scenarios address a broad spectrum of challenges, including CVE exploitation, Active Directory vulnerabilities, Web Applications, and more!

Notably, we introduced nine (9) exclusive Machines that provide hands-on training in crucial areas such as:

  • Password cracking.

  • Privilege escalation.

  • EDR (Endpoint Detection and Response) bypass.

  • Reverse engineering.

  • Supply chain attacks.

  • JumpServer CVE exploitation.

These new additions offer invaluable opportunities to sharpen team skills and tackle real-world threats head-on!


New curated paths on Active Directory and EDR evasion for junior professionals 

We’ve introduced two (2) new curated paths in Dedicated Labs, designed to upskill junior professionals in key areas of cybersecurity.

The new AD Defensive path brings together all Sherlocks in the Active Directory series, equipping teams to quickly detect and respond to Active Directory attacks—essential for safeguarding an organization’s IT infrastructure. This streamlined path enables managers to efficiently upskill their teams, providing a targeted and comprehensive collection of defensive scenarios.

Meanwhile, the new curated path Fundamentals of EDR Bypass Techniques equips teams with foundational skills for bypassing modern Endpoint Detection and Response (EDR) products. 

This collection of five (5) Machines, ranging from easy to hard, covers essential techniques such as:

  • NT API programming.

  • API hooking bypasses.

  • Memory modification.

  • Abusing services to bypass detections.

  • Using direct and indirect syscalls.

  • Reverse engineering.

  • Windows internals.

Together, these paths offer powerful learning opportunities, helping teams tackle real-world Active Directory security challenges and master EDR evasion.



Artificial Intelligence and Machine Learning Challenges

q3 2024

Consistent training in Artificial Intelligence and Machine Learning is essential to reducing the financial impact of data breaches, which can average $1.58 million in detection and escalation costs, and $1.3 million in revenue losses

As demand for such skills continues to rise, with both ranking among the top five in demand for 2024, now is a prime opportunity to advance team capabilities.

Our new Challenge category empowers teams with hands-on practice on securing AI and ML technologies, helping them understand and counteract threats such as:

  • Manipulation of ML models.

  • Exploiting PyTorch and TensorFlow models.

  • Model inversion and data reconstitution.

  • Model poisoning.

  • Model theft.


Pre-Qualification paths for Professional Labs

q3 2024

To empower teams to take the next step in upskilling through enterprise attack simulations, we’ve introduced three (3) new pre-qualification paths to our existing collection. 

By completing these paths, team members will cultivate vital skills that prepare them for each Professional Lab scenario, enhancing their readiness to confront real-world emerging threats.

Professional Labs


Boost red team expertise and cyber readiness with new scenarios 

q3 2024

To empower teams in developing an authentic red team mindset, we’ve transitioned former Endgames on HTB Labs to Professional Labs, aligning them with Red Team Operator Levels for structured skill progression.

Now, corporate teams on the HTB Enterprise Platform have access to 19 enterprise-level attack scenarios (up from 9), providing hands-on simulations. The scenarios are designed to help teams master key tactics, techniques, and procedures (TTPs), address common vulnerabilities, and strengthen overall security readiness.

And that's not all—they come with business-exclusive features like MITRE ATT&CK mapping, Restore Point, and official write-ups.

By completing these scenarios, teams can strengthen their expertise in areas such as:

  • Active Directory.

  • Enumeration.

  • Lateral movement.

  • Privilege escalation.

  • Web Application attacks.

  • Reverse engineering.

  • Exploit chaining and more!

Each completed scenario offers 10 CPEs to acknowledge team achievements.

Switching and assigning new labs is easy. Check out the step-by-step video below to allow your team to tackle these new challenges in no time.


Capture The Flag


Build a new CTF event seamlessly on the HTB CTF Platform

Setting up a CTF event just got easier! Administrators can now create their organization directly through the platform, eliminating the need for manual setups and approvals—even before activating a subscription.

This allows your team to jump straight into the CTF event without any delays.

A step-by-step guide to organizing successful CTF events

q2 2024 updates

Unlock seamless CTF coordination and execution with Enhanced Event Management


Enhance CTF events with AI-generated descriptions

Crafting the perfect event description can be challenging, especially for new hosts.

To simplify this process, we’ve introduced a new GenAI feature that allows CTF hosts to effortlessly generate detailed event descriptions that cover all the critical information—how participants can join, the event rules, and essential links.

This feature addresses common questions like "How do I sign up?" and "Where’s the passcode?" before they even arise.

These editable AI-generated descriptions are designed to support hosts in creating clear, engaging, and informative events.