The complete list of Q4 2024 releases and updates on HTB Enterprise Platform

As we begin the new year, let’s take a moment to reflect on the exciting progress we made last quarter. This includes the release of new content and features on the HTB Enterprise Platform, our all-in-one cloud-based solution designed to boost teams’ cyber performance and fortify organizational resilience.

Ready to dive into the details? Watch our latest video for the full breakdown of our newest updates and exciting milestones during Q4!

 Start free trial

General improvements across the platform

Streamlined, unified login access with HTB Account 

On November 12th, all HTB platforms transitioned to HTB Account — a unified single account management solution that simplifies users’ experience offering:  

• Centralized management: Manage all HTB platform settings in one place, including security features like two-factor authentication.

• Sync across platforms: Progress in HTB Labs automatically updates in Enterprise accounts.

• Seamless access: Use a single set of credentials to log in to HTB Labs, CTF, Academy, and Enterprise platforms.

• Passwordless login: Log in easily with Google or LinkedIn using OAuth for added convenience.

• Multiple email linking: Link multiple emails to keep progress intact, perfect for students and professionals.

Empowering collaborative and user-driven learning with new features for related content

With streamlined access to related learning resources, users can take charge of their upskilling. Meanwhile, admins can manage curriculums collaboratively within their Spaces.

For Users:

• Personalized learning: Request related content with a simple click, and your admin will add it to your Space once approved — no emails or chats needed.

• Instant access: Start practicing right away by clicking “Start” or “Play” to dive into relevant content directly within your Space.

For Admins:

• Collaborative learning: Use the “Requested” tab on the Manage Page to view and manage content requests, align resources with team needs, and encourage continuous feedback and collaboration.

• Automated approval of requests: Enable the Auto-adding toggle in your Space settings to let users add related content independently, fostering a self-managed learning environment.

Enhanced user activity tracking in Spaces

Admins can now track team progress more accurately with the newly improved Activity tab, offering precise details on the exact date and time of each activity completion. 

This feature also makes it easy to identify anomalies, such as multiple task completions within the same timeframe, helping to maintain effective integrity management.

Log in with Azure SSO

Teams now have seamless access to the HTB Enterprise Platform with Azure SSO login. 

This integration enables single sign-on between Hack The Box (service provider) and your organization’s Azure system (identity provider), offering:

• Enhanced security: Centralized authentication reduces security risks.

• Simplified access: One set of credentials for effortless login.

• Reduced risk of credential loss: Login credentials are managed securely through Azure.

• Efficient team management: Azure accounts are integrated for quick access.

Academy for Business 

HTB Certified Active Directory Pentesting Expert (HTB CAPE)

To help professionals step into advanced security roles with confidence, we’ve introduced the HTB Certified Active Directory Pentesting Expert (HTB CAPE), a hands-on certification that rigorously evaluates candidates' expertise through 10 Domains and 15 Modules. 

Building on the competencies developed in the Active Directory Penetration Tester job-role path, it focuses on identifying and exploiting AD vulnerabilities, navigating complex environments, and developing effective mitigation strategies.

HTB CAPE certification holders will possess technical competency in:

• Advanced Active Directory Enumeration.

• Kerberos-based Attacks and NTLM Relay Exploitation.

• DACL and Permission Abuse.

• Active Directory Certificate Services (ADCS) Attacks.

• Lateral Movement, Trust Exploitation, and Command & Control Operations.

• Advanced Windows Evasion and Post-Exploitation Tactics.

• Exploiting Common AD Technologies (MSSQL, Exchange, SCCM, WSUS).

Enroll and get certified!

Complete the path to access the certification exam. The Gold Annual subscription includes all 15 Modules and an exam voucher with two attempts.

START THE PATH

9 new courses added to Academy for Business

We ended the year strong with over three times the releases of Q4 2023. We’ve expanded our library with nine (9) new security courses, including our first Modules on Artificial Intelligence (AI) — a revolutionary technology shaping the future of cybersecurity.

These courses are crafted to empower teams with the critical knowledge needed to safeguard organizations and uphold robust security protocols in today’s dynamic IT environments. 

Let’s summarise what teams will learn by completing our new courses: 

1. Fundamentals of AI: Explore the fundamentals of Artificial Intelligence, including key algorithms, learning types, and practical applications.

2. Wi-Fi Penetration Testing Basics: Build essential skills to enumerate access points, exploit vulnerabilities, discover hidden networks, and bypass MAC filtering using aircrack-ng tools.

3. User Behavior Forensics: Learn to analyze Windows artifacts and uncover user behavior to enhance digital forensic investigations.

4. Malicious Document Analysis: Master the skills to detect, analyze, and uncover threats in malicious documents.

5. Attacking Wi-Fi Protected Setup (WPS): Develop expertise in identifying, exploiting, and securing against WPS vulnerabilities in Wi-Fi networks.

6. Wired Equivalent Privacy (WEP) Attacks: Understand and exploit WEP vulnerabilities, while developing practical skills to enhance wireless network security.

7. Intro to Academy's Purple Modules: Take your first step into purple teaming with our new course, designed to introduce you to the fundamentals of combining offensive and defensive strategies.

8. Introduction to Information Security: Gain a solid foundation in Information Security frameworks, threat mitigation strategies, and the skills to protect critical assets across networks, software, mobile devices, and cloud environments.

9. Attacking WPA/WPA2 Wi-Fi Networks: Learn to identify vulnerabilities in WPA and WPA2 networks by exploring attack vectors in both WPA-Personal and WPA-Enterprise.

Dedicated Labs

56 offensive and defensive scenarios added on Dedicated Labs

We’ve released a record-breaking fifty-six (56) new offensive and defensive scenarios, offering continuous, real-world practice and purple team training across a wide range of techniques, vulnerabilities, and technologies.

In the past quarter, we also supercharged your defensive training arsenal — growing from just 14 scenarios last year to over 100, with 21 fresh Sherlocks added this quarter alone.

Highlighting our expansion, we introduced eight (8) exclusive Machines offering hands-on experience in some of the most vital aspects of cybersecurity such as:

• CVE exploitation and enumeration.

• Privilege escalation.

• Phishing.

• Remote code execution, and more!

Building ransomware-resilient cyber teams with Operation Tinsel Trace II

Ransomware attacks continue to escalate, with the average recovery cost reaching $2.73 million in 2024, driven by data theft and sabotage, with downtime averaging 24 days per incident.

With the stakes this high, organizations are investing heavily in digital security. But technical defenses are just one part of the equation. 

Teams must be prepared to identify and respond to ransomware threats to protect against financial, reputational, and legal risks. That’s where Operation Tinsel Trace II comes in!

This Sherlock series is designed to address common ransomware scenarios by focusing on crucial aspects such as insider threats, corporate sabotage, business continuity, and data extortion. 

To get started, assign the new festive Sherlocks to your team’s practice Space.

Strengthen incident response skills with Operation Salwar Kameez

The shortage of cybersecurity skills has contributed to a $1.76 million increase in average breach costs for 2024, making organizations more vulnerable to attacks. 

To help address this skills gap, we released five Diwali-themed Sherlocks from October 31 to November 4, immersing participants in the role of an elite Incident Response Team at StoreD Technologies Pvt. Ltd. in Mumbai, where they gain hands-on experience in areas such as:

• Malware analysis.

• Windows downgrade attacks.

• Firmware forensics.

• SQL anomalies.

• Financial network threat detection.

To enable teams to practice these scenarios, administrators simply need to follow these steps to add them to their Space.

Enhancing mobile security skills with a new path 

Mobile applications and services have become integral to our daily lives and their widespread use makes them prime targets for malicious actors looking to exploit vulnerabilities and gain access to sensitive information.

To combat these threats, mobile penetration testing plays a crucial role in identifying weaknesses and safeguarding applications against potential attacks.

The “Intro to Mobile Security” path offers a hands-on experience with easy-to-medium Machines and Challenges for teams looking to explore key topics such as:

• Android OS architecture.

• APK analysis and reverse engineering.

• SSL pinning bypass and debugging.

• Frida-based instrumentation.

• Traffic interception and JavaScript analysis.

• AES data decryption.

Professional Labs

Boost red team expertise and cyber readiness with new scenarios 

To empower teams in developing an authentic red team mindset, we continued releasing two (2) more scenarios for teams to upskill with enterprise-level attack simulations.

Eldtrich, an Enterprise exclusive scenario, and Ascension are now available for Penetration Testers and Red Teamers seeking to build foundational adversarial skills or refine core techniques in realistic enterprise network environments. 

Team members can gain key skills in attacking Active Directory environments, including techniques mapped to the MITRE ATT&CK framework, such as:

• Active Directory enumeration and attacks. 

• Lateral movement.

• Network pivoting.

• Reverse engineering.

• Privilege escalation.

• Web Application attacks.

• Situational awareness.

• Credential harvesting and abuse.

• VoIP exploitation.

• Phishing techniques.

• Kubernetes exploitation.

Each completed scenario offers 10 CPEs to acknowledge team achievements.

Switching and assigning new labs is easy. Check out the step-by-step video below to allow your team to tackle these new challenges in no time.

Updates to RastaLabs and Zephyr scenarios

We’re committed to keeping our content aligned with industry standards and evolving threats, ensuring an exceptional training experience. To achieve this, we’ve introduced significant updates to both RastaLabs and Zephyr scenarios, enhancing functionality and usability.

In RastaLabs, we’ve installed critical Windows and Linux updates, refreshed Defender signatures, and updated the “ahope” password to reflect the current year. Logging capabilities were improved through audit configuration, and automation scripts were reorganized into dedicated folders to simplify log filtering.

For Zephyr, we’ve implemented the latest Windows and Linux updates, enhanced security with updated Defender signatures, and upgraded VMTools with a scheduled maintenance task on each host. Logging was also enhanced with the configuration of auditd for better monitoring.

Capture The Flag

Set up CTF events in less than 10 minutes with on-demand credits

On-demand CTF credits make hosting tailored events faster and easier than ever! Managers can create events in minutes, track team performance, and use insights to enhance workforce development strategies.

Regular CTFs go beyond engagement — they provide a powerful way to benchmark team performance, assess readiness, and drive impactful training that boosts critical business operations. With our simplified credit purchase process and event setup, organizations gain full control over CTF management without needing additional assistance.

Ready to establish a consistent cadence of events — weekly, monthly, or quarterly — and refine your team’s skills over time? 

Check out our step-by-step guide on how managers can launch a complete CTF event in just 10 minutes!

Organize and manage CTFs efficiently and effortlessly with new features

To streamline Capture The Flag (CTF) event preparation and execution, we’ve introduced new features that simplify event management:

1. Step-by-step event setup: Easily navigate CTF delivery with clear guidelines and checklists directly on your dashboard, ensuring all steps are covered for a successful event.

2. Bulk participant onboarding: Quickly add up to 100 participants using the new CSV bulk upload feature. Automated error detection ensures smooth processing by removing duplicates, validating emails, and providing clear error fixes.

3. Flexible event scheduling: Reschedule event dates and time zones directly within the platform for effortless adjustments.

4. Immediate access to playtesting and analytics: Test Challenges in advance and monitor team progress live during events, enabling timely support and better results — all without delays.

Seamless real-time collaboration during CTF events

The new team chat feature streamlines collaboration by enabling real-time communication directly within the HTB CTF Platform. 

This integrated solution eliminates the need for third-party tools, allowing participants to focus on the event without distractions. 

With private team-only chat, message editing and deletion, and temporary chat history that clears after the event, teams can enjoy secure, smooth communication. Notifications for unread messages ensure no updates are missed, enhancing teamwork and efficiency throughout the event.

New CTF event packs for senior cybersecurity professionals

We've added three (3) new CTF event packs for senior cybersecurity professionals, providing an advanced approach to mastering offensive and defensive skills.

Advanced Web Exploitation:

• Focuses on identifying and exploiting advanced web vulnerabilities.

• Contains ten (10) Challenges covering everything from PHP-type juggling flaws to NoSQL injections.

• Aligns with the Senior Web Penetration Tester job-role path, covering 43% of the recommended Modules.

Bug Bounty Hunting - Enhanced:

• Focuses on bypassing security mechanisms, exploiting vulnerabilities in CMS platforms, and mastering advanced techniques like SQL injection, command injection, and XSS.

• Contains ten (10) Challenges that mirror critical flaws found in modern web applications.

• Aligns with the Bug Bounty Hunter job-role path, covering 90% of the recommended Modules.

Defensive Security Enhanced:

• Focuses on analyzing disk images, deobfuscating scripts, investigating multi-stage phishing attacks, and more!

• Contains ten (10) Challenges covering topics like memory analysis, malware investigation, Active Directory attacks, and network forensics.

• Aligns with the SOC Analyst job-role path, covering 67% of the recommended Modules.

 Host CTF event

Wrapping up 2024

But with so much happening, it’s easy to lose track of it all. So let’s take a moment to celebrate how far we’ve come in just one year, reinforcing our commitment to hands-on learning and career-focused development.

Transform your team’s cyber performance with HTB

Hack The Box offers a diverse selection of scenarios designed to keep your team’s skills sharp and up-to-date. Organizations like Google, Toyota, NVISO, and RS2 are already leveraging the HTB Enterprise Platform to stay ahead of cyber threats by building hands-on expertise and fostering top-tier cybersecurity talent.

Log in to HTB Enterprise Platform and get started.

If your organization doesn't have access to the HTB Enterprise Platform, book a call with our team.