Gamified Environment
For Your Team Only
A fully gamified environment with points, badges, ranks, leaderboards that all make the training experience fun and truly engaging.
PROFESSIONAL LABS
Enterprise Attack
Simulation Training
Employees can practice sophisticated
penetration testing on
enterprise infrastructure.
Realistic Corporate Scenarios
Professional Labs are training labs simulating real-world scenarios, giving participants a chance to penetrate enterprise infrastructures. Your cybersecurity team can pick any of our scenarios, own it, and prove their skills with a certificate of completion.
Gamified Environment
Real-World Scenarios, Advanced Corporate Infrastructure
Multi-machine labs and corporate-level networks that will introduce your employees to real-world penetration testing and cybersecurity problems.
Value-Added Admin
Capabilities & Features
Full control of your training lab with advanced user administration tools, user reporting, and lab management in a single pane of glass.
Key Features & Highlights
A set of features that make Professional Labs ideal for the entire CyberSec squad of any organization that wants to be attack-ready. From the Manager/Administrator to the Team/Players.
Scenario Rotation
A flexible, unified subscription. Pick any scenario and swap from one to another.
Content Updates
Periodical content additions and enhancements will keep your employees alerted.
Certificate of Completion
Successful scenario completion? Get your cyber security team certified!
Seamless User Experience
Engaging and challenging content for cybersecurity employees. Straightforward management and deployment for the IT manager.
Dedicated Hall of Fame
Visible only by the members of the lab. Who in your team strives to reach the top?
Guidance & Documentation
Fully documented write-ups will guide you and your team step by step.
Usage Monitoring & Reporting
Keep track of the overall participation and engagement for every enrolled member of your team through user-friendly graphs and exports.
Private VPN Server
A dedicated VPN gateway will ensure privacy and high performance.
Guest User Accounts
Ability to create temporary credentials for guest users & dummy accounts.
Full Business & Technical Support
Your dedicated Account Manager and our technical team will always be there to help.
Lab Redeployment
Redeploy the whole lab on demand to restore it to its original state.
Lab Scenarios
PRO LAB DESIGNATION
Red Team Operator Level I
Genesis
Genesis is an ideal first lab that features a wide-range of OWASP Top 10 vulnerabilities, common privilege escalation techniques, and real-world security misconfigurations. It covers how to exploit the vulnerabilities, and importantly, how they can be mitigated.
Beginner
Difficulty
14
Machines
31
Flags
CPE: 40
- Enumeration
- Exploit modification
- Lateral movement
- Mitigations and best practices
- Privilege escalation
- Situational awareness
- Web application attacks
Dante
Dante is a modern, yet beginner-friendly pro lab that provides the opportunity to learn common penetration testing methodologies and gain familiarity with tools included in the Parrot OS Linux distribution.
Intermediate
Difficulty
16
Machines
27
Flags
CPE: 40
- Enumeration
- Exploit development
- Lateral movement
- Local privilege escalation
- Situational awareness
- Web application attacks
Orion
Orion is a small lab meant as a stepping stone towards Red Teaming. Most (but not all) of the attack vectors are similar in both scope and complexity to the ones found in Genesis, but on a smaller scale; pivoting, which is found in Dante, is also introduced.
Beginner
Difficulty
6
Machines
6
Flags
CPE: 10
- Enumeration
- Public Exploit Research
- Lateral movement
- Privilege escalation
- Pivoting
- Active Directory
Eldritch
Eldritch is focused on web applications and kiosk systems. Users will be introduced to common kiosk breakout techniques in the context of a small Active Directory network; a good understanding of common attacks and pivoting methods will be required.
Intermediate
Difficulty
5
Machines
5
Flags
CPE: 10
- Enumeration
- Public Exploit Research
- Kiosk breakout attacks
- Lateral movement in Active Directory environments
- Network Pivoting
- Web Application attacks
FullHouse
FullHouse is an intermediate-level real-world simulation lab that introduces participants to blockchain, artificial intelligence, and machine learning attacks. However, it is not limited to common network penetration testing and active directory misconfigurations.
Beginner
Difficulty
4
Machines
7
Flags
CPE: 10
- Source Code Review
- Web Application Attacks
- Reversing
- Windows exploitation
- Active Directory exploitation
- Blockchain exploitation
- AI bypass/exploitation
XEN
Xen is designed to upskill in enumeration, breakout, lateral movement, and privilege escalation within small AD environments. The goal is to gain a foothold on the internal network, escalate privileges and ultimately compromise the domain.
Intermediate
Difficulty
6
Machines
6
Flags
CPE: 10
- Enumeration
- Lateral Movement
- Privilege Escalation
- Pivoting
- Phishing techniques
- Situational awareness
- Active Directory enumeration and exploitation
P.O.O.
.O.O. focuses on enumeration, lateral movement, and privilege escalation within small Active Directory environments configured with the latest and greatest operating systems and technologies. The goal is to compromise the perimeter host, escalate privileges and ultimately compromise the domain.
Beginner
Difficulty
2
Machines
5
Flags
CPE: 10
- Enumeration
- Active Directory enumeration and attacks
- Lateral Movement
- Pivoting
- Local privilege escalation
- Situational awareness
- Web application enumeration and attacks
Hades
Hades is designed to put your skills in Active Directory enumeration & exploitation, lateral movement, and privilege escalation to the test within a small enterprise network. The goal is to gain a foothold on the internal network, escalate privileges and ultimately compromise the domain while collecting several flags along the way.
Advanced
Difficulty
3
Machines
7
Flags
CPE: 10
- Enumeration
- Active Directory enumeration and attacks
- Lateral Movement
- Network Pivoting
- Web Application attacks
- Password Cracking
- Disk Backup Forensics
- Network Sniffing
RPG
RPG is designed to put your skills in Active Directory, lateral movement, and privilege escalation to the test within a small enterprise network. The goal is to gain a foothold on the internal network , leverage active users and ultimately compromise the domain while collecting several flags along the way.
Advanced
Difficulty
4
Machines
6
Flags
CPE: 10
- Enumeration
- Web Application attacks
- Reverse Engineering
- Active Directory enumeration and attacks
- Lateral movement
- Network Pivoting
- Privilege escalation
- Phishing techniques
- Situational awareness
- Evading endpoint protections
Solar
Solar is designed to test your skills in Enumeration, Code Review, Pivoting, Web Exploitation and other attacking techniques. The goal is to gain a foothold on the internal network, escalate privileges and ultimately compromise the entire infrastructure, while collecting several flags along the way.
Advanced
Difficulty
3
Machines
7
Flags
CPE: 10
- Enumeration
- Situational Awareness
- Reverse Engineering
- FreeBSD Exploitation
- Exploit Chaining
- Out-of-Band Data Exfiltration
- Web Application Attacks
- Source Code Review
Odyssey
Odyssey is designed to put your skills in enumeration, reversing, VoIP exploitation and much more. The goal is to gain a foothold on the internal network, escalate privileges and ultimately compromise the entire gaming Infrastructure while collecting several flags along the way.
Advanced
Difficulty
4
Machines
7
Flags
CPE: 10
- Enumeration
- Situational Awareness
- Reverse Engineering
- VoIP Exploitation
- Phishing Techniques
- Kubernetes Exploitation
- Solaris OS Exploitation
- Web Application Attacks
- Source code Review
- SGame Server Exploitation
Ascension
Ascension is designed to test your skills in enumeration, exploitation, pivoting, forest traversal and privilege escalation inside two small Active Directory networks. The goal is to gain access to the trusted partner, pivot through the network and compromise two Active Directory forests.
Advanced
Difficulty
5
Machines
7
Flags
CPE: 10
- Enumeration
- Exploitation
- Pivoting
- Forest Traversal
- Privilege Escalation
PRO LAB DESIGNATION
Red Team Operator Level II
Alchemy
Alchemy offers a simulated IT and OT scenario, specifically crafted for offensive training to enhance your ICS cybersecurity skills in enumeration and exploitation. Within Alchemy you will simulate brewery environment, adding layers of complexity and realism.
Intermediate
Difficulty
9
Machines
21
Flags
CPE: 40
- Enumeration of IT and OT networks
- Exploiting misconfigurations
- Lateral movement
- Privilege escalation
- Lateral movement and crossing trust boundaries
- Tunneling and pivoting
- Documentation analysis
- Web application attacks
- In-depth understanding of Modbus protocol
- Structured Text PLC code review
- Modbus network analysis
- Dynamic Analysis of Ladder Logic
Zephyr
Zephyr is an intermediate-level red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills and improving your active directory enumeration and exploitation skills.
Intermediate
Difficulty
17
Machines
17
Flags
CPE: 40
- Enumeration
- Evading endpoint protections
- Exploitation of a wide range of real-world Active Directory flaws
- Relay Attacks
- Lateral movement and crossing trust boundaries
- SQL Attacks
- Privilege escalation
- Web application attacks
RastaLabs
RastaLabs is a red team simulation environment, designed to be attacked as a means of learning and honing your team’s engagement skills. This company have enlisted your services to perform a red team assessment of their secured AD environment.
Intermediate
Difficulty
14
Machines
20
Flags
CPE: 40
- Active Directory enumeration and exploitation
- Evading endpoint protections
- Exploit development
- Lateral movement
- Local privilege escalation
- Persistence techniques
- Phishing techniques
- Situational awareness
Offshore
Offshore is a real-world enterprise environment that features a wide range of modern Active Directory misconfigurations. If you manage to breach the perimeter and gain a foothold, you are tasked to explore the infrastructure and attempt to compromise all Offshore Corp entities.
Intermediate
Difficulty
18
Machines
34
Flags
CPE: 40
- Active Directory enumeration and exploitation
- Evading endpoint protections
- Lateral movement
- Local privilege escalation
- Situational awareness
- Tunneling and pivoting
- Web application enumeration and attacks
PRO LAB DESIGNATION
Red Team Operator Level III
Breakpoint
Breakpoint requires you to gain a foothold, elevate privileges, establish persistence and move laterally, in order to reach the goal of domain admin at a software development startup during a red team assessment.
Advanced
Difficulty
22
Machines
20
Flags
CPE: 40
- Active Directory enumeration and exploitation
- Code review
- Evading endpoint protections
- Lateral movement
- Local privilege escalation
- Phishing techniques
- Situational awareness
- VoIP exploitation
Cybernetics
Cybernetics is an immersive enterprise Active Directory environment featuring advanced infrastructure and a strong security posture. Players must gain a foothold, elevate their privileges, be persistent and move laterally to reach the goal of domain admin.
Advanced
Difficulty
23
Machines
20
Flags
CPE: 40
- Active Directory enumeration and exploitation
- Advanced phishing techniques
- DevOPS security controls
- Evading endpoint protections
- Lateral movement
- Local privilege escalation
- Situational awareness
PRO LAB DESIGNATION
Red Team Operator Level IV
APTLabs
APTLabs is a modern and extremely challenging lab that provides the opportunity to hone your research skills and compromise networks without using any CVEs. APTLabs will put expert penetration testers and red team operators through an extremely challenging but extremely rewarding exercise.
Expert
Difficulty
18
Machines
20
Flags
CPE: 40
- Active Directory enumeration and exploitation
- Ability to compromise networks without using any CVEs
- Bypassing common security features such as 2FA
- Evading endpoint protections
- Exploiting interactive users
- Lateral movement
- Local privilege escalation
- Situational awareness
Get Your Team Certified
Employee certificates and a company-wide one will await at the end of any successful scenario completion.
What Cyber Teams Say About Professional Labs
Tech teams all around the world utilize Professional Labs as part of their continuous training and need of readiness towards a real-life attack.
“My team and I used RastaLabs from Hack The Box to get used to the new trends of the Red Team concept. After a lot of positive frustration, dedication and self-study we managed to finish the challenge and leave with much more knowledge than we had before. I strongly recommend this service to teams composed of dedicated persons, who love the technical aspects of penetration testing and also enjoy assisted self-study.“
SILAS FRANCISCO
Lead Penetration Tester, SIEMENS Portugal
“Our Offensive Security team was looking for a real-world training platform to test advanced attacks tactics. We couldn’t be happier with the HTB ProLabs environment. We spared 3 days to put our brains together to solve OffShore, and we were thrilled by how challenging it was. Another positive was that the lab is fully dedicated, so we’re not sharing the lab with others. Additionally, we couldn’t be happier with the HTB support team. They have been very accommodating, and allowed for some firewall changes to make our training fit our needs.”
Christian Adounvo
Head of Offensive Security, NortonLifeLock
“Our Offensive Security team was looking for a real-world training platform to test advanced attacks tactics. We couldn’t be happier with the HTB ProLabs environment. We spared 3 days to put our brains together to solve OffShore, and we were thrilled by how challenging it was. Another positive was that the lab is fully dedicated, so we’re not sharing the lab with others. Additionally, we couldn’t be happier with the HTB support team. They have been very accommodating, and allowed for some firewall changes to make our training fit our needs.”
Jean Francois Maes
Senior Red Teamer & Cybersecurity Researcher, NVISO
“Hack The Box does an amazing job in building robust, realistic offensive labs that simulate engagement environments. An operator is able to build a solid understanding of the Tactics, Techniques, and Procedures (TTPs) that is required in real-life scenarios. The concepts include cutting-edge, fully patched Active Directory setups where in some cases deeper research of the published techniques is needed in order to complete the challenges. If you and your team face complex, mature Red Teaming engagements, I strongly recommend the experience of Professional Labs.“
Evangelos Mourikis
Specialist Master, Deloitte Greece
Professional Labs FAQ
At a minimum, Professional Labs provide 10 user seats. Practically, there is no maximum number of users, as we typically set up multiple training lab instances for a company/organization to ensure frictionless operation and seamless experience.
Although all scenarios require a certain experience in red teaming or penetration testing, Dante and Offshore provide an excellent opportunity for beginners and junior members to take part in Professional Labs, learn new skills, and advance their careers. The learning curve has a nice progression and many techniques throughout the lab can be used in real-world engagements.
Yes. This is certainly doable. Organizations that have a Professional Lab dedicated environment, can switch between scenarios. However, we recommend keeping a Pro Lab scenario for at least a period of 6 months, in order to benefit from our lab updates.
Yes. Professional Labs customers get access to the official write-ups. In order to get the official write-ups (which are available ONLY for customers of Professional Labs), please contact our sales team at [email protected]. We request our clients to go through an NDA process to get the official write-ups.
Get Started With Professional Labs
Professional Labs is currently available for enterprise customers of all sizes. Please view the steps below and fill out the form to get in touch with our sales team.
Reach out and let us know your team’s training needs.
STEP 1
We will help you choose the best scenario for your team.
STEP 2
Meet your dedicated Technical Account Manager.
STEP 3
Assign as many users (seats) as you wish and get started.
STEP 4
Interested? Get in touch!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The uncomfortable truth about your organization and MITRE ATT&CK
Join us to uncover how to bridge the gap between intelligence and action with MITRE ATT&CK, fully leverage your CTI & SIEM, and develop the targeted skills to stay ahead of financial sector threats!
November 26th, 2024 @ 16:00 UTC
Learn more
FREE WEBINAR
X