The module introduces you to a range of Wi-Fi pentesting tools, each selected to demonstrate techniques suited for different environments and stages of an engagement. You’ll have the opportunity to work through practical examples that feature the wide variety of technologies, protocols, and security configurations encountered in the field, allowing you to gain hands-on experience in choosing and applying the right tools for your engagement.

Key learning outcomes:

The module incorporates a simulated Wi-Fi penetration test from start to finish, emphasizing hands-on techniques that reflect real-world engagements. It involves conducting scoped reconnaissance, assessing wireless configurations, and evaluating common attack surfaces across WPA2, WPA3, and Enterprise deployments. The environment culminates in a demonstration of internal network pivoting, including Active Directory access, all performed within a controlled, simulated environment and in adherence to strict legal and ethical boundaries.

Key learning outcomes:

The Wi-Fi Penetration Tester Job Role Path is built for professionals and aspiring security practitioners ready to master the art of assessing and securing corporate wireless networks.

Included in this path are 10 hands-on modules that put you in the attacker’s seat evaluating Wi-Fi security, breaking modern authentication and encryption protocols, and simulating real-world threats like rogue access points, man-in-the-middle attacks, and credential harvesting.

As you progress through the material, you’ll gain practical experience with industry-standard methodologies while learning how to pinpoint vulnerabilities, exploit misconfigurations, and deliver impactful countermeasures.

Upon completing the Path, you'll have the skills and confidence to perform authorized Wi-Fi penetration tests and strengthen the wireless security posture of enterprise corporate environments.

New exclusive content has been released on Dedicated Labs which features WSUS vulnerabilities in enterprise environments as well as HTB's first Sherlock that allows players to experience the full remediation process.

In this Sherlock players will utilize logs to track the exploitation of a website and then work through the full remediation process on the site to fix the vulnerabilities.

This Very Easy Machine demonstrates CVE-2025-59287, a critical unauthenticated remote code execution vulnerability affecting Microsoft Windows Server Update Services (WSUS).

The HTB Certified Defensive Security Analyst (CDSA) Preparation track equips you to build real-world defensive expertise through 11 engaging, hands-on scenarios spanning from Very Easy to Hard.

Every scenario is crafted to sharpen the core skills and methodologies you’ll need to succeed in the HTB Certified Defensive Security Analyst exam, from security analysis and SOC operations to incident handling.

As you progress through realistic environments and practical challenges, you’ll develop not only full exam readiness but also the confidence and capability to detect, analyze, and respond to security incidents with precision.

HTB Enterprise Platform admins are now able to report on skills mapped to key industry frameworks more quickly and easily than ever before.

With this release, HTB Skills have been separated from NIST/NICE and MITRE ATT&CK using a new secondary picker. Now, when you select a framework, you’ll only see the data that’s truly relevant to it.

This update gives you:

In addition, admins will now see an “Express Interest” option on the Reporting page which can be used to tell us which frameworks you want to see full-scale coverage for to help us prioritize what to work on next!

The module covers techniques for conducting digital forensics on Linux systems prevalent in enterprise servers and cloud infrastructures. This includes an in-depth overview of the steps included in the forensics process, what scenarios require an investigation, becoming familiar with open-source and command-line tools, what types of artifacts are examined, and how to create a detailed timeline.

Key learning outcomes include:

Thinking about testing new skills before your next hands-on engagement or certification? Of course you are. Good news: Hack The Box (HTB) has reloaded our stock of Pro Labs with new scenarios to build confidence in your ability to succeed, and with a big discount for the annual plan running until the end of November.

Get access to 26+ Pro Labs and 25% discount on the annual plan using this code on checkout: .

If you are interested in knowing more about Pro Labs and the new additions, read all about it here →

Kickstart your certification journey with the Silver Annual subscription on HTB Academy. Now, we're including an extra HTB CJCA exam voucher, so you can learn the basics of cybersecurity and then proceed to the certification of your choice!

This extra voucher is also available on the Gold Annual plan.

The HTB CJCA certification was designed to help beginners break into cybersecurity with practical, hands-on training. By including it in our annual plans, we’re making it easier to go from zero to pro, all within Hack The Box.

Now, one annual subscription supports your entire certification path:

It’s more value, more progress, and more recognition, all rolled into your HTB plan.

P.S. If you bought your Silver or Gold Annual subscription recently, don't worry! We are also adding this extra voucher for annual plan purchases after September 1, 2025.

Exploring Labs just got a lot easier!

Our new improved search functionality helps you find what you’re looking for based on content relevance, not just content names. Now, if you type Active Directory, you’ll instantly see all related challenges and machines rather than guessing and scrolling to find what you were looking for.

This update makes it easier to:

Two new CTF packs have just dropped, designed to build hands-on expertise in forensics and blockchain.

Featuring nine new challenges (with one more coming soon!) for entry-level cyber defense analysts, this pack includes a diverse set of forensics challenges designed to emulate real-world attack scenarios across network, memory, and host-based evidence. Players will investigate complex, multi-stage intrusions ranging from CVE exploitation and phishing to memory-based evasions and malware persistence.

Complete with 10 challenges built for entry-level penetration testers and security-minded developers, this pack introduces players to the fundamentals of Ethereum smart contracts, transaction mechanics, and on-chain investigation through a progression of realistic, hands-on challenges. From basic account and RPC interaction to reading contract storage and interacting with deployed contracts, participants will learn how blockchain primitives and common Solidity patterns work in practice and how insecure designs can be abused.