mirrors the structure, complexity, and progression of a real-world Active Directory (AD) penetration test or red team engagement. In this scenario, you’ll practice operating covertly without triggering detection mechanisms. Along the way, you'll see detections in near real time and be able to tune your actions accordingly.

After completing the 12 machines and 12 flags included in the lab, you’ll understand how initial access through weak credentials can escalate to full Enterprise Admin control while experiencing first-hand how stealthy movement, credential abuse, and certificate exploitation allow teams to test resilience without touching production.

Learning outcomes include:

Two new time-efficient Professional Lab scenarios are now live: and .

Sidecar and Push are small Active Directory scenarios that simulate real-world Windows environments and contain two machines and two flags each. Sidecar simulates PKI abuse, detecting certificate-based persistence, and how shadow credentials enable stealthy lateral movement. Push covers advanced attack techniques including ClickOnce application exploitation, SCCM coercion, and ADCS exploitation via Golden Certificate attacks.

You’ll gain practical skills in:

We’ve just upgraded how you connect your Hack The Box (HTB) account to Discord, and made it easier than ever to get verified.

✅ No HTB Labs? No problem.

Verification now runs through your HTB Account! To connect, go to the Security Settings section of your HTB Account Portal. Scroll down to the Discord Account section and click Connect.

🌟 Why link your HTB Account to Discord?

👉 Follow the updated steps in our Welcome Guide here!

We’ve given HTB Academy a major facelift to boost your learning experience. Try our Academy 2.0 (Beta) and enjoy:

Try it now and let us know what you think → 💬

The module explores sparsity-constrained adversarial attacks that minimize the number of modified input features while showing how to craft targeted misclassifications by changing only the most impactful pixels through L0-focused optimization and saliency-guided feature selection. Complete with hands-on exercises, you’ll gain a comprehensive overview of techniques that generate adversarial examples under strict sparsity constraints.

Key learning outcomes include:

New exclusive content has been released on Dedicated Labs covering intrusion detection system tooling, application-layer vulnerabilities, infrastructure-level compromises, and more.

Analyze Suricata logs from a compromised system involved in an infostealer campaign.

Alpaca is a Medium Linux machine that demonstrates arbitrary file read via prompt injection and remote code execution via CVE-2024-37032 and CVE-2024-45436 in Ollama.

Within your CTF Organization environment, you now have the ability to explore the full Threat Range scenario library and schedule an event, all directly in the platform.

Simply sign in to the CTF platform and select “Threat Range” from the library drop-down to learn more about each scenario and to request your next event.

Want to get a first-hand look at Threat Range? Click here to see the live-fire blue team simulation environment in action.

The module provides a deep exploration of the mechanics of gradient-based evasion techniques that target neural network classifiers. Through hands-on exercises, you’ll learn how to implement and analyze key evasion techniques, including the Fast Gradient Sign Method (FGSM), Iterative FGSM (I-FGSM), and DeepFool, to develop a better understanding of how neural network classifiers can be manipulated and how to defend against such attacks.

Key learning outcomes include:

The HTB Certified Penetration Testing Specialist (CPTS) Preparation Track empowers you to master real-world offensive security skills through 16 hands-on Machines ranging from Easy to Insane.

Each Machine is designed to strengthen core penetration testing techniques, from reconnaissance and exploitation to privilege escalation, building the technical depth and practical experience needed to pass the HTB CPTS exam with confidence.

By completing the track, you gain not only exam readiness but also the proven capability to perform professional-level penetration tests in real-world environments.

is a multi-host intrusion scenario that simulates a realistic Active Directory compromise triggered by a phishing campaign. The intrusion starts with a phishing email posed as a VPN update from the company IT department. The victim unwittingly opens the attachment which establishes a C2 connection to the attacker’s infrastructure. The attacker utilises privileged access to pose as a domain controller and obtain a copy of the active directory database containing the company usernames and passwords.

The environment is composed of critical infrastructure components typically found in a corporate network including: