RESOURCES
Hack The Box Cheat Sheets
Download them to have quick points of reference when practising on
labs.
Any commands or tricks you need to know!
Intro to Academy
Your first stop in Hack The Box Academy to become acquainted with the platform, its features, and its learning process.
Hacking WordPress
WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.
Linux Fundamentals
This module covers the fundamentals required to work comfortably with the Linux operating system and shell.
Network Enumeration with Nmap
Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security...
Cracking Passwords with Hashcat
This module covers the fundamentals of password cracking using the Hashcat tool.
Active Directory LDAP
This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.
File Inclusion
File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.
File Transfers
During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging tools commonly available across...
Kerberos Attacks
Kerberos is an authentication protocol that allows users to authenticate and access services on a potentially insecure network. Due to its prevalence throughout an Active Directory...
OSINT: Corporate Recon
OSINT (Open-source Intelligence) is a crucial stage of the penetration testing process. A thorough examination of publicly available information can increase the chances of finding...
SQL Injection Fundamentals
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection i...
Web Requests
This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.
Secure Coding 101: JavaScript
Learn how to improve your JavaScript code's security through Code Review, Static/Dynamic Analysis, Vulnerability Identification, and Patching.
Using the Metasploit Framework
The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, performing privilege escalation ...
JavaScript Deobfuscation
This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and understand its purpose.
Whitebox Pentesting 101: Command Injection
This module focuses on discovering Command Injection vulnerabilities in NodeJS servers and exploiting them to control the server.
Windows Fundamentals
This module covers the fundamentals required to work comfortably with the Windows operating system.
Linux Privilege Escalation
Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resources to move closer to the...
Attacking Web Applications with Ffuf
This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating...
Login Brute Forcing
The module contains an exploration of brute-forcing techniques, including the use of tools like Hydra and Medusa, and the importance of strong password practices. It covers various...
SQLMap Essentials
The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databa...
Windows Privilege Escalation
After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can further our access in the environmen...
Active Directory PowerView
This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that will inform our attacks in lat...
Active Directory BloodHound
This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.
Introduction to Active Directory
Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface. To be successful as penetrat...
Getting Started
This module covers the fundamentals of penetration testing and an introduction to Hack The Box.
Broken Authentication
Authentication is probably the most straightforward and prevalent measure used to secure access to resources, and it's the first line of defense against unauthorized access. Broken...
Intro to Network Traffic Analysis
Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security pract...
Using CrackMapExec
Active Directory presents a vast attack surface and often requires us to use many different tools during an assessment. The CrackMapExec tool, known as a "Swiss Army Knife" for tes...
Intro to Assembly Language
This module builds the core foundation for Binary Exploitation by teaching Computer Architecture and Assembly language basics.
Stack-Based Buffer Overflows on Windows x86
This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities on Windows machines.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute arbitrary JavaScript cod...
Command Injections
Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify and exploit command injection v...
Using Web Proxies
Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.
Footprinting
This module covers techniques for footprinting the most commonly used services in almost all enterprise and business IT infrastructures. Footprinting is an essential phase of any p...
Attacking Common Applications
Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by developers and sysadmins, and more. ...
Shells & Payloads
Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilizes a fictitious scenario where ...
Attacking Common Services
Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service internally and externally to en...
Web Attacks
This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's systems. We will cover how to id...
File Upload Attacks
Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary commands on the back-end server, a...
Active Directory Enumeration & Attacks
Active Directory (AD) is the leading enterprise domain management suite, providing identity and access management, centralized domain administration, authentication, and much more....
Information Gathering - Web Edition
This module equips learners with essential web reconnaissance skills, crucial for ethical hacking and penetration testing. It explores both active and passive techniques, including...
Server-side Attacks
A backend that handles user-supplied input insecurely can lead to devastating security vulnerabilities such as sensitive information disclosure and remote code execution. This modu...
Password Attacks
Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for weak, easy-to-remember passwo...
MacOS Fundamentals
This module covers the fundamentals required to work comfortably within the macOS operating system and shell.
Pivoting, Tunneling, and Port Forwarding
Once a foothold is gained during an assessment, it may be in scope to move laterally and vertically within a target network. Using one compromised machine to access another is call...
Introduction to Windows Command Line
As administrators and Pentesters, we may not always be able to utilize a graphical user interface for the actions we need to perform. Introduction to Windows Command Line aims to i...
Introduction to Deserialization Attacks
In this module, we will explore deserialization attacks with specific examples in Python and PHP.
Attacking Authentication Mechanisms
Authentication plays an essential role in almost every web application. If a vulnerability arises in the application's authentication mechanism, it could result in unauthorized acc...
Introduction to NoSQL Injection
In this module, we will look at exploiting NoSQL injection vulnerabilities, specifically MongoDB, with examples in Python, PHP, and Node.JS.
Windows Attacks & Defense
Microsoft Active Directory (AD) has been, for the past 20+ years, the leading enterprise domain management suite, providing identity and access management, centralized domain admin...
Blind SQL Injection
In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.
Game Hacking Fundamentals
This module serves as an introduction to fundamental Game Hacking concepts. You will learn how to find and change memory values in a running game as well as explore other tools and...
HTTPs/TLS Attacks
This module covers details on Transport Layer Security (TLS) and how it helps to make HTTP secure with the widely used HTTPS. That includes how TLS works, how TLS sessions are esta...
Wired Equivalent Privacy (WEP) Attacks
In this module, we delve into Wired Equivalent Privacy (WEP) and the various attacks that can compromise it. We'll explore how to identify access points configured with WEP and dem...
Attacking Wi-Fi Protected Setup (WPS)
In this module, we delve into the intricacies of WPS, uncovering the common vulnerabilities that plague this technology. From brute-force attacks to more sophisticated exploitation...
Advanced SQL Injections
This module covers advanced SQL injection techniques with a focus on white-box testing, Java/Spring and PostgreSQL.
Abusing HTTP Misconfigurations
This module covers three common HTTP vulnerabilities: Web Cache Poisoning, Host Header Vulnerabilities, and Session Puzzling or Session Variable Overloading. These vulnerabilities ...
HTTP Attacks
This module covers three HTTP vulnerabilities: CRLF Injection, HTTP Request Smuggling, and HTTP/2 Downgrading. These vulnerabilities can arise on the HTTP level in real-world deplo...
Injection Attacks
This module covers three injection attacks: XPath injection, LDAP injection, and HTML injection in PDF generation libraries. While XPath and LDAP injection vulnerabilities can lead...
Whitebox Attacks
This module explores several web vulnerabilities from a whitebox approach: Prototype Pollution, Timing Attacks & Race Conditions, and those arising from Type Juggling. We will disc...
DACL Attacks I
Discretionary Access Control Lists (DACLs), found within security descriptors, are a fundamental component of the security model of Windows and Active Directory, defining and enfor...
Wi-Fi Penetration Testing Basics
In today's digital age, wireless networks are ubiquitous, connecting countless devices in homes, businesses, and public spaces. With this widespread connectivity comes an increased...
Introduction to C#
Introduction to C# aims to provide a solid foundation to understand and work with C# code. Covering the crucial foundations and more intricate concepts, providing a comprehensive d...
NTLM Relay Attacks
The NTLM authentication protocol is commonly used within Windows-based networks to facilitate authentication between clients and servers. However, NTLM's inherent weaknesses make i...
Advanced XSS and CSRF Exploitation
Modern web browsers and applications utilize a variety of security measures to protect against CSRF and XSS vulnerabilities, rendering their exploitation more difficult. This modul...
Advanced Deserialization Attacks
This module focuses on developing custom exploits for .NET deserialization vulnerabilities from a whitebox perspective.
Intro to C2 Operations with Sliver
Active Directory is present in over 90% of corporate environments and it is the prime target for attacks. This module covers the attack chain from getting the initial foothold with...
Supply Chain Attacks
This module provides a detailed overview of Supply Chain Attacks, covering hardware and software aspects. It explores the impact of supply chains, the lifecycle of attacks, specifi...
Intro to Whitebox Pentesting
Whitebox penetration testing enables thorough testing to identify various hard-to-find vulnerabilities. This module covers the process of whitebox pentesting and follows that with ...
User Behavior Forensics
This module covers the critical aspects of user behavior analysis by exploring Windows artifacts. It is specifically designed for digital forensic analysts, incident responders, cy...
Active Directory Trust Attacks
Active Directory (AD) is the leading solution for organizations to provide identity and access management, centralized domain administration, authentication, and many other tasks. ...
Introduction to Windows Evasion Techniques
In this module we will cover the basics of evading antivirus solutions (Windows Defender specifically) from an attackers point-of-view.
DACL Attacks II
In this second module on Discretionary Access Control Lists (DACLs), we delve into sophisticated attack techniques and strategies within Windows Active Directory environments. Buil...
Detecting Access Token Manipulation Attacks
This module focuses on Windows privilege escalation techniques through access token manipulation. It covers various topics, including Windows processes, access tokens, token privil...
Windows Lateral Movement
Windows lateral movement involves techniques to navigate and control remote systems within a network, primarily after gaining initial access. It is crucial in offensive and defensi...
Malicious Document Analysis
This module is focussed on understanding different document formats, and techniques for identifying and analyzing the threats posed by malicious documents. By the end of this cours...
Process Injection Attacks and Detection
This module focuses on understanding the process injection techniques attackers use to execute malicious code within the context of legitimate processes. This detection engineering...
MSSQL, Exchange, and SCCM Attacks
This module covers attacks targeting tightly incorporated technologies in Active Directory environments such as MSSQL, Exchange, and SCCM, and how to identify them.
Attacking GraphQL
GraphQL is a query language for APIs as an alternative to REST APIs. Clients are able to request data through GraphQL queries. If improperly configured or implemented, common web s...
Web Fuzzing
In this module, we explore the essential techniques and tools for fuzzing web applications, an essential practice in cybersecurity for identifying hidden vulnerabilities and streng...
Attacking WPA/WPA2 Wi-Fi Networks
This module explores the security challenges of WPA and WPA2 Wi-Fi networks, focusing on WPA/WPA2-Personal and WPA/WPA2-Enterprise. Although these protocols aim to secure wireless ...
Wi-Fi Evil Twin Attacks
This module explores the concept of evil twin attacks on Wi-Fi networks, focusing on WPA2, WPA3, and WPA-Enterprise. Despite these protocols being designed with strong security mea...
Pentest in a Nutshell
This module focuses on providing a detailed, guided simulation of a real penetration test, emphasizing the fine details of the penetration testing process. It guides you through ea...
