Master Active Directory security with HTB CAPE

We’re thrilled to announce the next big step in our certification journey: HTB Certified Active Directory Pentesting Expert (HTB CAPE) — our second certification tailored for specialized security roles! 

Building on our success in addressing core industry roles, Hack The Box Academy is now poised to be the ultimate resource for security enthusiasts and professionals alike. HTB CAPE raises the bar in practical expertise, setting new standards in network pentesting, Windows network security, and Active Directory security.

“Most corporations nowadays rely on Active Directory to manage their users and organization. Without a thorough understanding of Active Directory security and its threat landscape, such organizations would be prune to severe misconfigurations and critical vulnerabilities that may undermine their entire security system. In response to this evolving threat landscape, the Active Directory Penetration Tester job-role path and the HTB CAPE certification provide a comprehensive approach to Active Directory penetration testing training. We aim to enhance the credibility and career prospects of cyber professionals, ensuring they are adept at safeguarding organizations against the increasing threat of Active Directory attacks in today's security landscape.”

Dimitris Bougioukas, VP of Training @ Hack The Box

Who is it for?

The market lacks advanced Active Directory penetration testing learning materials focused on enduring techniques rather than outdated vulnerabilities. With 90% of Fortune 1000 companies relying on Active Directory, targeted training is crucial to address this critical gap.

HTB Certified Active Directory Pentesting Expert (HTB CAPE) focuses on building advanced and applicable skills in securing complex Active Directory environments, using advanced techniques such as identifying hidden attack paths, chaining vulnerabilities, evading defenses, and professionally reporting security gaps. 

Through hands-on demonstrations of real-world network vulnerabilities and misconfigurations, candidates gain practical skills to tackle modern network security challenges confidently and precisely. 

 Get certified

Penetration testers, security analysts, and more

HTB CAPE is designed to empower cybersecurity professionals working in technically demanding roles where Active Directory (AD) security is critical, building on the competencies obtained from HTB CPTS. 

This new certification equips participants with advanced skills to identify and exploit AD vulnerabilities, navigate complex environments, and gain valuable insights into threat mitigation strategies. It enhances the ability to fortify infrastructures against evolving attack vectors while strengthening expertise in domain-specific security practices to proactively safeguard systems and maintain operational efficiency. 

Participants will also refine their ability to secure enterprise networks, simulate real-world attack scenarios, and conduct thorough AD security assessments. HTB CAPE provides the practical knowledge and advanced techniques needed to tackle modern AD security challenges and stay ahead of emerging threats.

From banks to governmental institutions

The HTB CAPE certification is highly valuable for cybersecurity teams in industries where Active Directory (AD) security is essential to protecting sensitive data and infrastructure. Financial institutions, healthcare organizations, government agencies, and the public sector are prime examples where robust AD security is critical for preventing unauthorized access.

In addition, large corporations with modern IT infrastructures, regardless of industry, are increasingly vulnerable to attacks targeting AD systems. With their expansive networks and critical digital ecosystems, these organizations are prime targets for attackers aiming to gain control over their entire network.

By leveraging the HTB CAPE course material, organizations can proactively identify and address common vulnerabilities in their AD environments, strengthening their defenses against malicious actors. This approach not only enhances overall cybersecurity readiness but also reduces the risk of costly breaches, making AD protection a key priority across industries.

Step into advanced security roles with confidence

While certifications aren’t required to excel as an Active Directory penetration testing expert or in other cybersecurity roles, they offer a significant edge in a fast-evolving threat landscape and a competitive job market. Opting for a learning path that provides high-quality training, real-world readiness, and sets you apart can be a pivotal step in advancing your career.

Here’s what makes HTB CAPE different from traditional certifications:

• Continuous evaluation – Evaluation isn’t just reserved for the final exam — it’s integrated into every step of your learning journey! Each Module in the path includes its own hands-on skills evaluation, challenging students to demonstrate their mastery of the concepts as they progress.

• Practical & real-world exam environment – The path's content is designed to simulate advanced network penetration testing activities within diverse, real-world Active Directory environments, providing a hands-on experience that mirrors the complex challenges professionals encounter in their daily roles.

• Focus on advanced & applicable skills – The path is enriched with practical demonstrations that encompass a wide range of contemporary network vulnerabilities and misconfigurations. This comprehensive approach equips candidates with the proficiency needed to discover hard-to-find network security vulnerabilities in future scenarios.

• Thinking outside the box – Candidates will need to think creatively and apply the diverse tactics and techniques learned throughout the path to meet the exam's objectives. Much like real-world engagements, success will require a combination of innovation, strategic thinking, and deep technical expertise.

• Commercial-grade report requirement – Simply completing the required activities is not sufficient to earn the certification. Candidates must go a step further by showcasing their ability to identify and exploit vulnerabilities while demonstrating professional readiness. This includes producing a polished, client-focused report that presents their findings in a commercial-grade format, reflecting the standards expected in real-world engagements.

• Seamless experience powered by Pwnbox – The entire exam and certification process can be conducted through the candidates’ browser from start to finish.

More about HTB CAPE

The HTB Certified Active Directory Pentesting Expert (HTB CAPE) is a highly hands-on certification that assesses candidates' skills in evaluating the security of Active Directory environments, navigating complex Windows networks, and identifying hard-to-find attack paths. HTB CAPE certification holders will possess advanced technical competency in network pentesting. 

This certification is tailored for individuals who aim to go beyond basic penetration testing, focusing on chaining multiple vulnerabilities to uncover critical weaknesses. Candidates will be prepared to professionally report their findings, an essential skill for tackling today's complex security issues.

The HTB CAPE exam is available upon completing the Active Directory Penetration Tester job-role path on HTB Academy. This curriculum reflects the current threat landscape, ensuring that students are prepared for real-world scenarios.

The job-role path includes 15 targeted courses covering essential topics such as:

• Active Directory Enumeration & Attacks

• Active Directory LDAP

• Active Directory PowerView

• Active Directory BloodHound

• Windows Lateral Movement

• Using CrackMapExec

• Kerberos Attacks

• DACL Attacks I

• DACL Attacks II

• NTLM Relay Attacks

• ADCS Attacks

• Active Directory Trust Attacks

• Intro to C2 Operations with Sliver

• Introduction to Windows Evasion Techniques

• MSSQL, Exchange, and SCCM Attacks

By the time students complete the job-role path and obtain their certification, they will be proficient in identifying and exploiting Active Directory (AD) misconfigurations, executing evasion tactics, and utilizing command-and-control (C2) frameworks for post-exploitation activities. 

Additionally, they will be capable of conducting comprehensive security assessments on complex AD infrastructures, identifying security inefficiencies, and reporting their findings using advanced techniques.

The entire path course material is included in the new Gold Annual HTB Academy subscription, which also provides full access to 90+ core and specialized Modules along with other exclusive features for annual subscribers.

Enroll and get certified!

Complete the path to access the certification exam. The Gold Annual subscription includes all 15 Modules and an exam voucher with two attempts.

START THE PATH

The exam

Once entering the exam environment, the candidate will have to perform network penetration testing activities against multiple real-world and heterogeneous Active Directory networks hosted in HTB’s infrastructure and accessible via VPN (using Pwnbox or their own local VM).

Upon starting the examination process, candidates will receive a letter of engagement that clearly outlines all relevant details, requirements, objectives, and the scope of the engagement. To complete the necessary activities, candidates need a stable internet connection and VPN software.

While it is not a strict requirement, it is strongly advised to have completed the HTB Certified Penetration Testing Specialist (HTB CPTS) certification or to have acquired all the knowledge required for the Penetration Tester job-role path. 

This knowledge provides the essential foundation needed to pursue the Active Directory Penetration Tester job-role path and to embark on HTB CAPE. The following is a list of prerequisites for a successful outcome:

• Interpreting a letter of engagement.

• Advanced knowledge of network penetration testing and Windows security concepts.

• Knowledge of Active Directory and its critical components (Kerberos, ADCS, Exchange, MSSQL, WSUS, SCCM, etc.).

• Proficiency in comprehending and effectively navigating complex Active Directory networks.

• Understanding Active Directory security inefficiencies and misconfigurations, with the ability to detect and exploit them.

• Knowledge of different Command and Control (C2) frameworks for post-exploitation activities.

• Knowledge of evasion techniques to circumvent various Windows security measures.

• Proficiency in chaining multiple Windows vulnerabilities.

• Professional communication and reporting of vulnerabilities.

How can you take the exam?

1. Complete the Active Directory Penetration Tester job-role path 

To be eligible for the HTB Certified Active Directory Pentesting Expert (HTB CAPE) certification, an individual must first complete the Active Directory Penetration Tester job-role path in its entirety. This job-role path includes a combination of theoretical knowledge and interactive exercises designed to adequately prepare candidates for the HTB CAPE exam.

2. Purchase a voucher

Academy students who successfully complete the job-role path become eligible for the certification. HTB Academy's Gold Annual subscription includes a free exam voucher, while non-subscribers can purchase one separately through the Academy's billing page. Each voucher provides two (2) exam attempts. 

3. Enter the exam

Candidates can start the examination process by clicking "Exams", then "EXAM INFORMATION" and finally "ENTER EXAM." The lab and report submission deadlines will always be visible on the exam lab page. Reminder emails will be sent to ensure that you deliver everything on time and that your voucher does not expire.

4. Start pentesting

Upon clicking the "ENTER EXAM" button and accepting the terms and conditions of the exam, a letter of engagement will be provided that will clearly state all engagement details, requirements, and objectives, as well as the scope. A report template will also be provided.

To ensure that students fully achieve the exam’s objectives, they will also be asked to submit several flags on the exam lab’s page. The exam lab will be accessible for ten (10) days without restrictions.

Each candidate will be provided with a dedicated instance of the exam lab. This means that you can perform your penetration testing activities without interruptions caused by others and reset the lab at any time.

5. Upload your report

Based on the provided template report, candidates must professionally document the identified vulnerabilities and remediation advice.

Please note that if you don't upload a report within the deadline, your exam voucher will expire and you won't be provided with a second exam attempt!

6. Obtain your results!

An HTB Academy instructor will first check if the minimum amount of points is gathered and then evaluate the submitted report meticulously. The results will be presented within 20 business days.

If the first attempt fails, an HTB Academy instructor will identify lacking areas and provide constructive feedback for improvement. The instructor’s feedback will be available on the exam page, "EXAM HISTORY" tab.

Every candidate will have a second chance in the form of a free retake to use the obtained feedback. The retake lasts ten (10) days, and the exam lab will be accessible again for the entire duration. By the time the instructor’s feedback regarding your first attempt is received, candidates will have fourteen (14) days to start their retake. Otherwise, the exam voucher will expire. Once candidates successfully pass the exam, they can claim the digital certificate and download it from the "EXAM HISTORY" tab.

You can verify the validity of an HTB Certified Active Directory Pentesting Expert (HTB CAPE) by submitting its ID on the Certificate Validation page. Additionally, all successfully certified students will receive the HTB CAPE digital badge through Credly, which will be sent directly to your email. Once you receive it, be sure to accept and share it on your social media accounts so others can verify your skills!

For teams and organizations

With 86% of data breaches involving stolen credentials and Active Directory (AD) being a prime target, mastering AD security is critical since breaches can cost organizations up to $300,000 per hour in downtime.

By obtaining HTB CAPE, teams can ensure they are equipped with the necessary skills to proactively defend against evolving threats, reduce risk, and enhance their organization’s overall security posture. A certified workforce demonstrates a commitment to safeguarding critical infrastructure, which is vital for building trust with customers, meeting compliance requirements, and mitigating potential financial losses from security incidents.

Aligned with NIST and MITRE ATT&CK frameworks, this course material helps technical managers develop a robust workforce development plan and promote a unified security approach.