News
ch4p,
Mar 31
2023
Dear Global Hacking Community,
Six years ago, our journey began with the dream to support the cybersecurity community to develop and increase their security skills through the power of gamification and be able to join the battle against cybercriminals.
As we grow, so does our belief in Hack The Box’s role and opportunity for a positive impact in the industry.
No one can deny that the game in cyber has changed, with defensive, reactive, and recovery postures not being fit-for-purpose in the face of an ever-increasing and ever-evolving wave of sophisticated attacks. Thus, a new proactive offensive and defensive approach is needed to take the fight to cybercriminals rather than waiting to be hit.
From individual security professionals to companies, this means adopting a “hacker mindset” and learning to think and act like an attacker. With the goal to reduce the severe global cybersecurity skills shortage and help organizations enhance their cyberattack readiness, this is the kind of mindset that we celebrate today as Hack The Box turns six.
Hack The Box’s mission is to create and connect cyber-ready humans and organizations through highly engaging hacking experiences that cultivate out-of-the-box thinking.
Our progress as an ever-growing and thriving community which today counts more than 1.7 million cybersecurity professionals, is a testament to Hack The Box’s positive impact and a commitment for us to continue to innovate, allowing all cybersecurity professionals of all backgrounds, skill levels, and industries to keep pace with the rapidly evolving cyber technology and threat landscape.
Building this platform has required a willingness to challenge how we do things and reinvent (sometimes even disrupt) ourselves. None of this would be possible without your continuous support, feedback, and suggestions. Cheers to that and to what comes next!
Some amazing stats from last year (Apr 2022 - Apr 2023):
445,884 new HTB Labs platform users
294,583 new HTB Academy platform users
3,978,466 HTB Academy sections completed
216,276 HTB Academy modules completed
150 CTFs hosted
47,981 new CTF players
96 new universities enrolled
2,060,534 machine spawned on our platform
70 machines and 152 challenges released
On January 11th, 2023 we announced a Series B investment round of $55 million led by Carlyle. This new investment will accelerate our existing growth and strengthen our category-defining upskilling offerings that focus on real-world cybersecurity skills.
Of course, with our thriving community being at the heart of Hack The Box, we’re continuing to actively invest heavily in R&D to improve and expand the platform while innovating with new content that delivers the HTB experience that you know and love.
We’re actively hiring through our community and are blown away by the passion, creativity, and energy everyone brings to the table! Our talented team has grown and continues to blossom. There’s a lot to talk about here, but I’d like to highlight that:
30% of new joiners are referred by existing employees. As a CEO, this means a lot. It shows that HTBers are motivated enough to not only share opportunities with their wider networks but also bring the people they know aboard.
Approximately 60% of new joiners filled R&D and Operations roles to help us improve the platform and continue delivering exceptional experiences to users.
Just over 10% of employees come from our community of HTB players (sales engineers, tech support, and content engineers).
Hack The Box prides itself on open communication, helping each other, and breaking down the barriers surrounding cybersecurity to make it accessible to everyone. Considering that we started with three founding members excited about hacking, we’re honored to watch the Discord community reach the 200,000-user milestone, flourish as the biggest infosec server, and become a safe haven for people to upskill together and form strong friendships.
Our community is at the heart of what we do, and we continuously celebrate the safe space we’ve built where inclusiveness and equal opportunity is our number one priority.
Numbers speak for themselves, and this year, we hosted 14,000 people attending our online meetups; we also hosted our first onsite meetup in the Netherlands. The purpose of these meetups is simple: make hacking accessible to everyone.
This is why we host free workshops across the world to help people kickstart their cybersecurity careers and upskill. ( HTB has 61 Meetup groups worldwide: 13 groups in the US, 12 in Asia, and 19 in Europe, just to name a few.)
Local hosts are picked from the community to become HTB ambassadors. We give them whatever they need to start hosting these workshops and reward them with customized gifts and special perks. Thank you to our HTB ambassadors for spreading the message.
If you ever want to become an ambassador, apply here.
Staying true to the HTB community spirit of giving back and supporting each other, we launched a Most Valuable Player (MVP) rewards program for our special supporters from the community who’ve contributed significantly to our mission.
50 MVPs comprised of Discord members, top players, content creators, and company MVPs (including IppSec, makelaris, and 0xdf) received an MVP trophy, MVP T-shirt, and a special thank you letter from Hack The Box.
We partnered with CREST, the international not-for-profit cybersecurity accreditation and certification body, to launch a new training pathway available on the Hack The Box platform that aims to support cybersecurity professionals studying CREST penetration testing and Red teaming exams.
The full suite of Labs and Machines will be available to CREST member companies at a reduced cost, while the CREST certification-aligned labs will be provided free to CREST members through the CREST members program.
A big thank you to the teams from different organizations and academic institutions that shared how the HTB Platform and HTB Academy upskill and engage their teams and students.
Toyota, for example, facilitates fun knowledge sharing between its Blue and Red teams by hosting weekly CTFs every Friday afternoon using our Dedicated Labs. They also noticed a significant improvement in cloud security posture after using BlackSky Cloud Labs to bridge the knowledge gap between on-premise and cloud security.
Other great examples of customers upskilling with HTB include:
Easi empowering Purple team training and decreasing onboarding times by 40%.
Sheffield Hallam University teaching the next generation of cyber professionals.
RS2 driving a 150% boost in learning while meeting key compliance requirements (like PCI DSS, SSF, and PCI PIN).
NVISO staying threat-ready with our enterprise platform
AntiguaRecon helping high school graduates become more employable by teaching them critical cybersecurity skills such as digital forensics and web attacks.
Macquarie University advancing its cybersecurity curriculum with a broad spectrum of training machines to put theory to practice.
Lake Superior College feeding skilled grads into US cyber roles.
NOVI seeing a 450% growth in class numbers after introducing Dedicated Labs.
SRA reducing the time spent setting up lab environments by 90%.
We’ve been accredited with three ISO certifications that showcase our commitment to the quality, security, and privacy standards we uphold as a company:
ISO 9001:2015 Quality Management System
ISO 27001:2013 Information Security Management System
ISO 27701:2019 Privacy Information Management System
And not only did we get accredited, but we also passed with flying colors when faced with rigorous requirements. This is no mean feat when you consider that to become ISO compliant, HTB underwent an extensive company-wide audit that included quality, security, privacy management system development, a management system documentation review, a pre-audit, a risk assessment, internal training, and a final assessment.
We’re warmed by your overwhelmingly positive response to the HTB Academy. In April 2022, we reached 500,000 HTB Academy members. Today that number continues to see a strong rise as we approach 1 million members. A massive kudos to the HTB team—who, in just over two years, released more than 60 modules and even two industry certifications—is in order here!
With the aim of supporting our guided, beginner-friendly learning, HTB Academy launched a one-to-one tutoring system on practical module exercises, entirely based on the official Hack The Box Discord server.
Students can request help by linking their HTB and Discord profiles to access one-to-one tutoring that’s tailored to the student's needs.
I’ve lost count of how many times the community asked, “so, when are you going to launch HTB certifications?”
Well, here we are. HTB CPTS (Certified Penetration Testing Specialist), the official penetration testing certification powered by Hack The Box, is already helping cybersecurity professionals level up their skills!
CPTS aims to create outstanding cybersecurity professionals that are not just skilled but are also able to assess the risk to which infrastructure is exposed and compose a commercial-grade and actionable report based on what they find.
We see the certification have a real impact on our students and continue to receive positive feedback from the community. Of course, more is coming on the certifications front! But no spoilers for now.
After beginners use the Academy's guided learning to upskill on the basics, Starting Point welcomes them to our main platform and introduces easily exploitable virtual Machines to help users familiarize themselves with HTB. It allows users to get a feel for how Hack The Box works and paves a basic foundation for building hands-on skills.
The new, revamped Starting Point was launched back in October 2021. In 2022, we committed to releasing one new Starting Point Machine every month, aiming to provide everything necessary to all beginners joining the platform.
After a long-awaited time, our favorite OS is back for more! Parrot OS 5.0 (aka Electro Ara) has been a great improvement for all hackers and security-minded internet users.
The Parrot Team has also finalized a Parrot OS “Hack The Box Edition” that can be easily set up for anyone to start practicing faster than ever. The new, and improved, Pwnbox comes with all tools installed, a new graphic look, and the latest Linux Kernel.
Responding to community demands, we enjoyed delivering a new Fortress alongside an industry leader such as Amazon Web Services (AWS).
This new Fortress is focused on cloud hacking and exploitation, featuring realistic and current techniques, ranging from web exploitation to cloud privilege escalations for services used by thousands of businesses in over 190 countries worldwide. The AWS Fortress is available for all HTB users from Hacker rank and above.
You can learn more about the Fortress here.
Some competitive vibes, finally! Launched in March 2023, HTB Seasons is a new time-limited game mode that keeps players engaged and introduces new content, themes, and hacking techniques.
Our new competitive mode, Seasons, allows players to compete over 13 weeks from a common start to see who can claim the top spot. New and experienced HTB players will now enjoy an opportunity to receive recognition, rank, and prizes for:
Displaying their current hacking skills across the globe.
Aggressively pushing their individual skills to the limit and setting new personal records.
We care about our cybersecurity community, and we decided to engage every single aspiring hacker with great events and competitions during the year. We aimed to unite hackers, corporate teams, and students with our CTFs, and help exchange knowledge through our hacking workshops, and we are proud of the positive response from the community.
The biggest community CTF competition returned for a second year in May 2022, and it was a huge success! Over 12,800 players and 7,000 teams from 181 countries assembled to join the Intergalactic Chase against evil Draeger.
Following the storyline of an unconventional extraterrestrial crew, CTF players hacked top-notch content in partnership with SIEMENS, SonarSource, and Snyk, which included 60 challenges distributed in 7 different categories.
And since it’s a big passion of ours as a company to always help and give back to the community, we are proud to share that, as part of this year’s CTF, we contributed with a $10,000 donation to Doctors Without Borders.
We had high expectations for our 2022 Business CTF after the resounding success of our first event. And to say last year’s results exceeded our expectations would be the understatement of the century!
Thanks to you, we helped more than 650 teams and nearly 3,000 people from around the world engage in friendly competition while putting their skills and knowledge to the test—surpassing the number of participants from last year by 83%.
Challenge accepted! The HTB team attended DEFCON 30, and it was a massive success. We were part of the IoT village where we hosted our first-ever IoT CTF named House Edge. The House Edge is a term used to describe the mathematical advantage that the gambling game - and therefore the commercial gambling venue - has over people as they play over time. The goal was to gain access to the security systems, enter the space casino, and finally retrieve the precious content inside. The community team met with over 10,000 people, gave out swag, discussed all things hacking, played our CTF, and took cool photos. If this is not a true hackers’ party, then I do not know what is. Stay tuned for DEFCON 31!
October is Cyber Awareness Month, and we had to celebrate it! This year we introduced Hack The Boo, a month-long event crafted by our community team with the goal of educating as many beginners as possible.
We released a series with cybersecurity tips on our social media, provided everyone with a discount on our annual VIP+ subscription, and organized a super beginner-friendly 5-day CTF which had 6,000 people join and solve daily challenges. To wrap everything up, 0xdf and Dinosn hosted a live stream sharing the most impactful cyber attacks in human history.
The HTB University CTF came back for a fourth edition, sponsored by EY, and we truly couldn’t expect a better outcome. With 941 universities, and a phenomenal number of participants compared to previous years, we kickstarted a single-round competition with a magical theme that lasted 3 days. The event featured exclusive challenges across eight categories: Web, Reversing, Pwn, Forensics, Crypto, Fullpwn, Cloud, and Machine Learning.
Like any other CTF, it came with our effort to give back to the community. This year it aligned with a mission that’s very dear to us (considering that we’re hosting the biggest online cybersecurity community): a donation of $3,000 to Cyber Smile Foundation, one of the leading anti-cyberbullying non-profit organizations.
Compared to previous years, Hacking Battlegrounds Tournaments took a break. But next year, we are coming back with new ideas to spice things up!
That didn’t stop us, though, from organizing the New Year’s Blitz: HBG Global Tournament by HTB & PlayCyber, in which 32 teams participated in a single-elimination bracket.
Players from the United States, Australia, Austria, Belgium, Botswana, Canada, Chile, Columbia, Czech Republic, Finland, Germany, Greece, Hungary, Iceland, India, Italy, Lesotho, Malaysia, Malawi, Mexico, Mongolia, Mozambique, Namibia, Netherlands, New Zealand, Norway, Peru, Portugal, Serbia, Slovenia, South Africa, South Korea, Spain, Sweden, Taiwan, United Kingdom, Zimbabwe, and the UAE gave their best in an event that was live streamed on our channel.
In 2022, the Enterprise platform achieved a significant milestone by evolving from a standalone platform to a comprehensive solution encompassing all of HTB's content offerings, spanning from Academy to Professional and Cloud Labs. This means that organizations can now:
Manage users effectively on a single platform.
Develop a seamless upskilling and practicing journey in one location, effectively assigning individuals to appropriate content.
Monitor the progress of both individual users and teams in one central location.
Invite guests to join a Lab by sharing a unique guest voucher code.
In essence, the Enterprise platform has become the ultimate destination for growing and advancing your cybersecurity skill set for years to come within your organization. This platform lets you modify and customize your learning materials based on your team's skill set and organizational goals.
Picture having the capability to assign a seat to a user and automatically withdraw it after a designated time frame. We have made it a reality! This particular feature has proven to be beneficial for:
Team evaluations of users.
Automatic release of seat allocation after a specified duration, removing the need for manual administration across all users.
Enhancement in quality of life for the administrator, as trainee-exposed functionality is no longer required.
Self-serve Dedicated Labs - November 2022
If you’re a user of the main Hack The Box Platform, you can now use the self-served Dedicated Labs option to experience the benefits of our Business platform without relying on the HTB team to manually set up/create an organization for you. You can purchase the self-serve option for Dedicated Labs directly from the HTB website.
We’ve now added the ability to export to a CSV option for all filtered progress on the reporting page. Admins can grab any user progress in a format that they can manipulate on their own. The CSV export offers the following:
Progress breakdown per user.
Data formatted for extra manipulation (date, numbers, decimals).
We’ve expanded our Professional Labs scenarios and have introduced Zephyr, an intermediate-level Red team simulation environment designed to be attacked as a means of honing your team’s engagement while improving Active Directory enumeration and exploitation skills. The Red Team Operator I lab will expose players to corporate networks designed to imitate a real-life engagement with multiple areas of essential knowledge to be acquired throughout the engagement.
Upon completing the Zephyr scenario, players will earn the Red Team Operator Level I HTB Certification.
Academy admin users can now monitor and track the progress of their team members in their academy training. With this new feature, admin users will have a bird's eye view of all the modules, paths, and playlists in progress and completed by their team.
Navigating through over 400 HTB Machines and Challenges can be a challenge, especially when trying to find content that is customized to your specific interests, job role, or skill set requirements. That’s why we released Dedicated Labs Paths, a solution designed to equip users with more customized and comprehensive Machines and Challenges focused on a specific area of interest.
Being hackers at heart, we aspire to redefine the standards of cybersecurity expertise and the way security skills are being developed. This is what keeps us awake day and night. Only by understanding the latest techniques and methods being used by bad actors and continuously updating our security skill set accordingly can we hope to stay ahead of cybercriminals and find system vulnerabilities before they do.
With a rapidly evolving threat landscape and a global cyber-professional shortfall that stands at 3.4 million, it's time to learn to think and act like an attacker to cope with the cyber "new normal" and proactively stay ahead of the game. The hacker mindset isn't just for frontline security teams, though. It should be an organizational-wide shift in approach that is all about looking ahead, using out-of-the-box thinking, and responding to threats creatively.
As hackers, we are driven by the curiosity to discover how systems work and find innovative ways to solve complex problems. We must keep developing this curiosity, never stop learning, and never stop challenging ourselves and innovating.
Speaking of innovation, we’ve been actively listening and responding to requests from the cybersecurity community. So let’s just say that this year we’re fully embracing the fact that effective offense requires a strong defense.
I’ll leave it at that. But you’ll hear more about this from the team very soon.
Keep hacking,
Ch4p