The Privilege Escalation Tradecraft Analysis module covers the analytical study of privilege escalation tradecraft on Windows, from its role in the attack lifecycle to how it can be detected and investigated. While completing this module, you will analyze real-world techniques and exploits to understand how they work internally and learn how to translate this knowledge into effective and reliable detection strategies.

Key learning outcomes:

The Hack The Box OWASP Top 10 2025 track introduces you to the most critical web application security risks facing modern applications.

Included in the track are 10 hands-on challenges ranging from Very Easy to Medium that have been aligned with the latest OWASP Top 10. By completing these challenges, you will learn how to identify and exploit common vulnerabilities, strengthening your ability to assess web applications in real-world environments.

Challenges include scenarios where you will uncover potential vulnerabilities, secure critical intelligence, infiltrate digital systems, analyze platform architecture, and more.

The pack is designed to provide essential training that prepares teams to identify vulnerabilities before adversaries exploit them in production environments.

Each challenge in this pack represents a real vulnerability class from OWASP LLM Top 10, OWASP ML Top 10, and cutting-edge AI security research, requiring participants to exploit everything from access control systems and financial authorization to ML classifiers and federated learning networks.

The first seven challenges focus on practical LLM exploitation using prompt injection, agent manipulation, and MCP server attacks - techniques accessible to traditional penetration testers. The final four challenges introduce ML model attacks including adversarial examples, gradient leakage, federated learning backdoors, and LoRA artifact exploitation for those ready to advance.

Set up your next CTF!

HTB CWPE is a hands-on, cloud-based certification that brings wireless security training into the modern age. Paired with the WiFi Penetration Tester Job-Role Path, it's one of the few programs to offer a holistic curriculum, real-world practice with WPA3 attacks, and doesn’t require specific hardware or complex setups.

Included in the job-role path and certification are learning material and hands-on labs that focus on how attackers actually approach wireless environments: reconnaissance, exploiting weak configurations, credential attacks, evil twins, captive portals, and full corporate Wi-Fi attack chains for anyone who wants to properly understand and test wireless security, not just check a box.

Get started with HTB CWPE here or learn more on our blog here.

Three new Professional Lab scenarios are now available on the HTB Enterprise Platform!

is a medium-difficulty scenario that includes 14 machines and 12 flags focused on operating covertly without triggering detection mechanisms. The scenario demonstrates how covert techniques can bypass EDR, avoid SOC detection, and abuse trusted systems, highlighting the real business risk of advanced threats and why continuous testing, visibility, and resilience are critical to protecting core operations and critical infrastructure.

is a hard-difficulty, time-efficient Active Directory scenario that includes 3 machines and 3 flags which simulate a vulnerable enterprise environment and challenges users to progress from limited access to Domain Administrator. This scenario demonstrates how a small, everyday security mistake can escalate into full control of an organization’s systems, putting users, data, and business operations at risk without the need for advanced attacks.

is a hard-difficulty, time-efficient Active Directory scenario with 2 machines and 2 flags designed around an internal red team engagement on Trusted Inc. This scenario shows how a small, easily overlooked issue can grow into a complete enterprise takeover.

The pack is designed to help SOC analysts, incident responders, and developers get comfortable with CTFs using pure OSINT before touching exploits or malware.

This pack introduces 10 pure OSINT challenges built from real-world nation-state APT operations, using only public sources (MITRE ATT&CK, VirusTotal, ThreatFox, vendor reports). Throughout the 10 challenges in the pack, teams will expand analytical capabilities beyond daily alerts, giving Tier 1 and 2 analysts the exact skills needed to produce real attribution reports in addition to establishing the foundational OSINT workflow required by government agencies, MSSPs, and Fortune-500 CTI teams.

The module provides a structured, hands-on introduction to the most common and impactful security risks affecting modern mobile applications. By completing the module, you will learn how mobile vulnerabilities arise, how to categorize them based on known mobile security frameworks, how they are exploited in real applications, and how to identify and remediate them using techniques learned in the previous modules.

Key learning outcomes:

No flash, no story. . We’d like to cast the light on one of the best underground security communities around! We have grown a group of extremely dedicated competitors and global initiates, looking to learn in a trial by fire.

For those just joining, Seasons are what you’ve learned to the test:

Whether you’re seeking glory or refining your skills, we will begin dropping our weekly Machines this weekend.

Is this your first Season? Check out our Seasonal blog for important updates + tips & tricks.

Tune in on the 31st for the first Machine.

The countdown has already begun. Head to HTB Labs now →

ClickRat simulates a real-world SOC investigation into an Active Directory workstation compromise orchestrated by an Initial Access Broker (IAB).

After being lured to a convincing but deceptive Web portal, an MIRAI HR staff member unknowingly sets off a silent compromise on their workstation. As the team responsible for safeguarding the organization, you must work together to uncover the hidden foothold the attacker has established, trace their quiet expansion of control, and prevent your environment from becoming a target for further exploitation.

This environment is composed of critical infrastructure components typically found in a corporate network and together with your team, you will collaborate to:

New exclusive content has been released on Dedicated Labs which feature an end-to-end compromise of a modern automation platform as well as observed activity by real ransomware groups in the wild.

This Sherlock is based on a real-life Ransomware and data exfiltration incident on a corporate network documented by the Triskele Lab DFIR Team, a Hack The Box partner. You will utilize several artifacts from two triage images and correlate the data to create a timeline and understanding of the whole incident.

A Very Easy Linux machine that demonstrates an exploit chain leading to unauthenticated RCE on a n8n workflow automation platform via two CVEs: CVE-2026-21858 (Ni8mare) and CVE-2025-68613.