Accelerate your Red Team Career with HTB Academy

Find out how HTB Academy can be your secret to success in your red team or pentesting career, whether you're new or experienced in cybersecurity.

KimCrawley,
Sep 01
2021

Here at Hack The Box, we’re world famous for our Hacking Labs and Pro Labs. They’re interactive hacking environments where people can test their cyber exploitation skills.

Now we also offer other interactive, fully gamified ways for people to prepare for pro-hacking careers. HTB Academy has courses in a variety of areas of hacking and cybersecurity, for n00bs and professionals alike. We’ve got all skill levels covered, with a wide variety of courses. And as someone with inside knowledge, I can tell you that we’re constantly working on new courses to add to the HTB Academy collection. I can’t wait for you to find out about them! You’ll read about it here.

Anyway, a lot of hackers and people in our HTB Community are curious about how HTB Academy can help people pursue red team careers. So I bring to you an exclusive interview with Hack The Box’s Head of Training Development, Ben Rollin.

An inside look into HTB Academy

Kim “Crowgirl” Crawley: If someone wants to become a red teamer, which HTB Academy courses would you recommend?

Ben “mrb3n” Rollin: First I would ask them about their prior experience and current skill level. If they have some prior experience in IT but not information security experience, I would recommend they take some of the courses in our junior pentester path to brush up on core skills.

Even though someone working in IT may already be familiar with these topics, all of our courses, even the fundamental level general IT ones are written with a security "flavor," so folks from all levels will likely learn something. If they have zero experience, I would tell them to start with our fundamental level modules with the goal of completing all of those. And then the entire junior penetration tester path (many more modules in that path are going to be released over the coming months) would be next. For folks with experience in penetration testing or similar work, I would recommend our tier II and above modules to brush up on essential skills such as web, Active Directory enumeration and attacks, password cracking, Windows and Linux privilege escalation, OSINT, and code review.

Crowgirl: How can a hacker translate their success in HTB Academy to bragging rights in a red team job interview? Do they get any credits or credentials they can put on their resume?

mrb3n: They can download their student transcript, which shows all modules they have completed as well as the description of what the module teaches. They also receive a skills summary upon completion of each module. Which they can utilize to bolster their resume, or as talking points during an interview.

This can be particularly useful for those who have struggled to break in to the industry or show real-world hands-on experience. Our modules provide a deeply hands-on experience against simulated environments so students get plenty of hands-on-keyboard time both replicating the enumeration and attack examples and completing hands-on exercises (without being handed the solution) to test their knowledge throughout the module. That culminates in a skills assessment to tie everything together. No multiple choice questions here!

Crowgirl: Would you recommend that red teamers and pentesters continue to enrol in HTB Academy throughout their careers?

mrb3n: Yes, absolutely. Infosec is ever-evolving, with new tactics and techniques coming out constantly. As practitioners it’s imperative that we are constantly sharpening our skill sets (both learning new things and brushing up on things we learned in the past). The field is so vast that it is impossible for anyone to be an expert in all things.

A well-rounded "generalist" type pentester could benefit from pretty much every single module we offer, while someone may want to become much more specialized and go hard down a web attacks path or may decide that binary exploitation or reverse engineering is their dream role. I would not believe anyone in pentesting or red teaming who claims to know everything or not need training anymore. We can always learn more and improve in the areas we already consider ourselves highly skilled in. I see this on a daily basis when I have to design and write courses on topics I have been diving into for over a decade. Never get complacent, never stop learning or being hungry if you want to go far in the industry and be at the top of your trade.