News
katemous,
Apr 23
2024
In this post, we’ll share updates about the HTB Enterprise Platform, our all-in-one cloud-based platform that allows businesses to develop and measure all aspects of their team's cyber performance.
You’ll learn what’s new in our product offerings—Academy for Business, Dedicated Labs, Professional Labs, and Capture the Flag events—to make the most out of our single, intuitive Enterprise Platform. These powerful updates will streamline cybersecurity upskilling, helping you measure and report your team’s results.
Watch our latest video for a full walkthrough of new product highlights!
Enhanced content categorization empowers managers to align relevant skills with their cybersecurity development plan to meet security and business objectives.
By utilizing skill tags, managers can seamlessly assign tailored content and assess team upskilling progress, resulting in more streamlined content management and improved reporting for measuring cybersecurity performance.
Skill tags focus on specific areas of interest, technologies, vulnerabilities, and operating systems. This helps manage content and candidates more efficiently, ensuring that skills align with organizational goals.
Managers can now provide assistance or access specific information within their team’s assigned Modules. By simply clicking on the team's activity updates in the “Activity” tab of the Academy for Business lab, managers can swiftly navigate to specific sections, ensuring efficient guidance and oversight.
In the example below, as a technical manager, you are monitoring how new team members are onboarding. Thanks to the activity monitoring feature, you can now see whether a member has completed The Triaging Process Module.
The same "Activity" tab on the "My Profile" page is also available for team members, who can now monitor their daily activity on the HTB Academy for Business and keep track of their cybersecurity learning journey.
We introduced a new level of convenience with the redesigned dashboard on the HTB Enterprise Platform for our users. They can navigate the platform effortlessly, accessing labs and features with just a few clicks.
Watch the video to explore our enhanced Dashboard features.
Following the release of last December’s Web Penetration Tester Job Role path on Academy for Business, we introduced our first certification covering specialized security job roles.
The HTB Certified Web Exploitation Expert (HTB CWEE) focuses on building a mindset around risk mitigation and vulnerability identification, using various advanced and modern vulnerabilities as demos.
Tailored for seasoned penetration testers, the HTB CWEE is a hands-on journey that meticulously evaluates candidates' proficiency in uncovering elusive web vulnerabilities using both black-box and white-box techniques.
The HTB CWEE course material is beneficial for security and IT teams of all sizes and industries. It also allows security-aware developers to identify vulnerabilities in existing code, scan for errors, and avoid them by applying secure coding practices.
Certification holders will be able to:
Conduct web penetration tests using white and black box techniques.
Develop custom exploits.
Review large code bases.
Compose a commercial-grade and actionable web penetration testing report.
Our brand-new Module on Supply Chain Attacks provides the essential knowledge and skills needed for navigating the complexities of supply chain vulnerabilities.
This new Module covers:
Intricacies and impact of supply chains in both hardware and software.
The lifecycle of attacks, from Target Identification to Evasion and Persistence.
Specific real-world vulnerabilities and notable incidents.
Mitigation strategies.
Whether you're a seasoned cybersecurity professional or a budding enthusiast, this is your chance to learn how to safeguard against supply chain threats effectively.
We’re thrilled to introduce 29 new offensive and defensive scenarios in Dedicated Labs, designed to empower our members with practical, hands-on experience.
These new Machines and Sherlocks allow members to dive deep into the latest industry vulnerabilities and mechanisms, a unique opportunity to expand their skill set and sharpen their cybersecurity prowess.
Exclusive scenarios, that can only be accessed through Dedicated Labs, have been released to boost an effective purple-minded approach to recent vulnerabilities:
Seven (7) exclusive Machines for offensive skills development on CVE Exploitation, EDR Bypass, Web Application Exploitation, Enumeration, Unix Command and Windows technology.
Six (6) exclusive Sherlocks to enhance defensive skills on DFIR and HARDEN, while exploring different technologies such as Windows, Microsoft Outlook, Linux, Webutler, Confluence, Notepad ++, and Splunk.
Interconnected scenarios on the CVE-2024-21413 vulnerability to gain practical experience in exploiting the MonikerLink vulnerability and applying defensive techniques to safeguard against attacks directed to valuable NTLM hashes.
The addition of new write-ups for Pwn, Mobile, and Reversing Challenges will guide members to master the intricacies of each Challenge.
These write-ups go beyond offering only the solution to each challenge; each one provides step-by-step guidance and real-world technical context. This gives team members the confidence to navigate even the most challenging technical environments when they’re in the field.
March marked the launch of Exitiabilis, our very first Real Case Sherlock crafted to emulate real case incidents shared by top MSSPs directly with Hack The Box. Compared to standard Sherlocks, which simulate real-world scenarios, Real Case Sherlocks are based on recent closed-source reporting, offering a cutting-edge experience.
Developed in collaboration with Aspire Technology Solutions, Exitiabilis tests the abilities of SOC teams to investigate a compromise of a corporate environment utilizing HELK.
With Real Case Sherlocks available in Dedicated Labs, you'll dive deep into hands-on scenarios emulating tactics, techniques, and procedures (TTPs) from actual industry reports. This isn't just about solving puzzles; it's about enhancing your threat-readiness and fine-tuning your response strategies to stay one step ahead of the cyber curve.
FullHouse is a new, captivating scenario available in Professional Labs, designed to introduce innovative attack vectors. This condensed experience blends challenge and innovation, spiced up with elements of AI and Blockchain.
The quick rise of AI has introduced new threat vectors, exposing weaknesses in security practices and incident response while draining organizations of time and money. Considering that AI is one of the 9 critical cybersecurity trends for 2024, ensuring that your organization’s security practices, predictive measures, and defensive operations are aligned is key.
This scenario allows members to explore emerging technologies while benchmarking skills in specific areas, focusing on:
Source Code Review.
Web Application Attacks.
Reversing.
Windows Exploitation.
Active Directory Exploitation.
Blockchain Exploitation.
AI Bypass and Exploitation.
Orion is the perfect initiation into the Professional Labs offering, ideal for guiding beginners through the intricacies of complex enterprise simulations. Designed as a stepping stone to more advanced Professional Labs like Genesis and Dante, Orion covers essential concepts such as:
Enumeration.
Public Exploit Research.
Lateral Movement.
Privilege Escalation.
Pivoting.
Active Directory.
Orion can be leveraged to onboard newcomers into the world of cybersecurity by assessing their knowledge and proficiency in fundamental techniques.
Capture the Flag (CTF) events offer a unique opportunity to benchmark your team's capabilities and identify skill gaps while fostering collaboration and providing invaluable insights for leaders.
With the launch of Enhanced Event Management features within the HTB CTF platform, organizing these events has never been easier and more tailored to your organization's needs.
Enhanced Event Management simplifies the complexity of planning CTF events, offering a seamless and personalized organizational experience. This facilitates clear communication, collaboration, and event organization by:
Automating team member sign-ups.
Keeping better track of members and participation.
Providing insights on purchased Challenges and content packs.
Enabling role assignment.
Aligning Challenge information and objectives to event (or company) goals.
One of the key highlights of this release is the ability to search, filter, and access categorized content within the platform from a library of over 80 CTF Challenges. Whether you're utilizing preexisting packs from the CTF marketplace or starting from scratch, you have full control to customize your event according to your objectives and the skill level of team members.
Hack The Box provides a wide range of scenarios to keep your team’s skills sharp and up-to-date. Organizations like Google, Toyota, NVISO, and RS2 are already using the platform to stay ahead of threats with hands-on skills and a platform for acquiring, retaining, and developing top cyber talent.