New Professional Labs scenario: Zephyr

We’re excited to announce a brand new addition to our HTB Business offering. We’ve expanded our Professional Labs scenarios and have introduced Zephyr, an intermediate-level red team simulation environment designed to be attacked, as a means of honing your team’s engagement while improving Active Directory enumeration and exploitation skills.

Zephyr, created by Daniel Morris (dmw0ng) and Matthew Bach (TheCyberGeek), is designed for red teams with the foundational knowledge of Active Directory TTPs looking to expand their skill set in Active Directory enumeration and exploitation. 

The Red Team Operator I lab will expose players to corporate networks designed to imitate a real-life engagement with multiple areas of essential knowledge to be acquired throughout the engagement.

What is Zephyr about?

Zephyr Server Management has been hired by Painters organization to actively maintain their infrastructure as they continue to grow as a business. The organizations are mandated to have quarterly penetration tests and have employed you to actively seek any potential vulnerabilities that could lead to both the Painters and Zephyr Server Management networks being fully compromised. You have been assigned to test the internal network and have been given access to a VPN to communicate with the network. You are tasked to explore the corporate environment, pivot across trust boundaries, and ultimately attempt to compromise all Painters and Zephyr Server Management entities.

What does your team need to know to take on Zephyr?

Basic knowledge and understanding of:

• Penetration testing tools

• Windows and Linux operating systems

• Windows Active Directory

• Microsoft SQL servers

• Web application exploitation skills

• PowerShell

• Pivoting knowledge, Proxychains, and Metasploit usage

• BloodHound usage

Is there any HTB-related experience needed? 

Zephyr is an intermediate-level scenario, but would be suitable for users who are able to solve HTB Medium level Machines and Academy Modules. 

What will your team learn?

The primary learning objectives of this new scenario will expose players to:

• Enumeration

• Exploitation of a wide range of real-world Active Directory flaws

• Lateral movement and crossing trust boundaries

• Password Cracking

• Privilege escalation

• Web application, SQL, and relay attacks

• Pivoting

How to get certified?

Upon completing the Zephyr scenario, players will earn the Zephyr Professional Lab HTB Certificate.

How to get started?

This new scenario lab is inclusive for all existing Professional Lab customers on our Enterprise Platform. With more Professional Labs on demand, customers can choose from a bigger pool of Professional Labs at any point and at no extra cost. 

Zephyr will also be available for individual users in the near future. We’re preparing some exciting changes in the Pro Labs offering for this release. Stay tuned for more!

If you’re not an HTB for the Business customer yet, then contact us to get started.

Happy hacking!

Hack The Box Team