Cyber Teams
t3rraarc,
Aug 29
2022
On this post, we’ll share data (June 2021-2022) on the exclusive machines available on our Hack The Box (HTB) platform for businesses.
Exclusive machines are designed around emerging high-risk vulnerabilities and active threats in the current cyber landscape.
Log4shell, for example, was one of the biggest vulnerabilities of 2021 and went public on December 10th. Within a few days, an exclusive machine was available via HTB Business to help organizations remain threat-ready and secure.
Here’s a summary of the insights:
1 out of 8 owns are on exclusive machines on the HTB Business platform.
Players are also owning both user and root flags, which shows that they are engaged enough to explore all that a machine has to offer.
There are currently 60 exclusive machines with 27 released in the last 12 months. Supporting businesses with exceptional training content will remain a priority as we continue to release 2 exclusive machines every month.
During the last 12 months, we’ve released 27 of these 60 machines.
Most machines are related to specific CVEs covering a wide range of exploits with Web and Systems receiving wider coverage. When building content for (and designing) these machines, we tailor them to meet the needs of our business customers by:
Varying the difficulty levels of content to speed up the training experience for time-poor employees. Easy and very easy machines, for example, are perfect for employees with limited time to train and upskill throughout their work week.
Training employees on bleeding edge technologies with content built on a modern stack. This includes Cloudbox (an AWS-exclusive machine), DirtyPipe, and our HTB Business Cloud Labs offering.
(Note: Exclusive machines are available to users on the Advanced and Enterprise offerings on the HTB Business platform)
Machine owns on HTB Business are in the thousands. Exclusive machines account for 12.7% of these owns. That means 1 out of 8 owns are on exclusive machines.
Considering the vast difference in the volume of general versus exclusive machines available, this makes our team proud of the high-quality content we produce.
Factor in the severity and seasonable relevance of CVEs, and these numbers are even more impressive.
Here’s a highlight of the most popular exclusive machines that HTB business users played:
Eris (CVE-2019-0708) is the most popular exclusive machine. It’s an easy Windows machine focusing on publicly known Network protocol vulnerability. Almost all users have owned both user and root access.
Log4Shell (CVE-2021-44228) is the second most popular machine. It focuses on a critical vulnerability for Log4j. The Log4Shell machine is only a few owns behind Eris despite it being available for only half the time, which shows the strong interest it generates and its high level of relevance to active cybersecurity professionals.
These two machines account for one-third of the exclusive machine owns.
Continuing to rank machines by popularity, we have:
NineTails (CVE-2021-34527) - PrintNightmare vulnerability.
ApacheCGI (CVE-2021-41773) - on apache with mod_cgi enabled.
Spring4Shell (CVE-2022-0824 and CVE-2022-0829) - a critical SpringShell vulnerability.
We know that users are highly engaged with these exclusive machines (which were made available within the month that the vulnerabilities were identified) because they thoroughly owned both user and root privileges.
Finally, some interesting exclusive machines that our content team would like to highlight are:
PwnKit (CVE-2021-4034): A very easy machine that presents a memory corruption vulnerability in Polkit's pkexec.
Follina (CVE-2022-30190): A very easy Windows machine that showcases a Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
HiveNightmare (CVE-2021–36934): A machine that offers a great experience for practicing the latest and well-known vulnerability of SeriousSam.
OmiGod (CVE-2021-38647): A machine that lets you practice the latest and infamous OMIGOD vulnerability on Azure of 9.8 CVSS score.
DirtyPipe (CVE-2022-0847): A Linux kernel vulnerability affecting all Linux-based operating systems, including Android.
HTB’s commitment to continued cybersecurity upskilling.
As our data shows, HTB’s exclusive machines are proving an invaluable asset for teams interested in ongoing cyber-awareness training.
Our monthly release of two exclusive machines enriches the arsenal of all HTB Business customers with a stronger ever-growing offering.
To learn more about how HTB Business can help your organization and team, visit the HTB business page.