Changelog
Follow up on the latest improvements and updates.
RSS
new
Academy
Enterprise
Defensive
Learn how to secure Active Directory environments with a new course
Active Directory is a prime target for attackers, and even small misconfigurations can lead to serious security gaps.
This defensive course teaches you how to:
- Remediate common findings from penetration tests
- Harden AD to reduce attack surface and persistence risk
- Set up effective logging, detection, and long-term maintenance
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
Ready for your skills to do the talking at your next interview?
Head to HTB Academy and start learning today →
new
Labs
Enterprise
Defensive
Analyze APT malware with a new defensive scenario
Step into the role of a threat analyst and examine real-world malware tied to a suspected China-based APT group. In this hands-on scenario, you’ll retrieve a live sample and uncover its inner workings.
What you’ll learn:
- Static malware analysis techniques
- How to identify APT-level attacker TTPs
- The role of cryptography in malicious code
- Practical threat research and profiling skills
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
Want to add new defensive skills to your utility kit?
Login to HTB Labs today →
new
Enterprise
Features
Jump back into training in one click on HTB Enterprise Platform
The new
Resume activity
component makes it easy to continue your training exactly where you left off. It highlights your last three in-progress items directly on your dashboard, helping you stay focused and productive.- Instantly resume labs, courses, or challenges after a break
- Easily view your in-progress content
- Manage and move between multiple learning tracks with ease
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
new
Labs
Enterprise
Defensive
Sharpen your malware analysis & DFIR skills with a new defensive scenario
Step into the role of a digital investigator responding to a real-world email threat. In
Zenith
, you’ll analyze a suspicious PDF opened on a corporate system and uncover how attackers bypass security controls.You’ll learn how to:
- Investigate phishing attempts and email-borne malware
- Analyze malicious PDFs and extract hidden payloads
- Trace attacker actions through forensic artifacts
- Apply reverse engineering to understand malware behavior
- Strengthen detection and response workflows in Windows environments
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →Want to add new defensive skills to your utility kit?
Login to HTB Labs today →
new
Academy
Enterprise
Defensive
Unlock advanced threat detection with kernel telemetry
Want deeper visibility into Windows threats? This Module teaches you how to use kernel telemetry to detect stealthy attacks with confidence.
You’ll learn how to:
- Use ETW, kernel-mode, and filtering drivers to monitor system activity
- Spot attacker behavior by analyzing low-level telemetry data
- Build high-fidelity detections for real-world TTPs
- Work with complex, often undocumented OS internals
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
Ready for your skills to do the talking at your next interview?
Head to HTB Academy and start learning today →
improved
Enterprise
Streamlined team onboarding with Azure SSO
Admins using Azure SSO (Microsoft Entra ID) can now grant access more efficiently. Simply add users to the appropriate Azure AD group, and they will be automatically onboarded to the HTB Enterprise Platform.
- Faster team management
- Simplified onboarding
- More time for training, less time on admin work
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
new
Academy
Enterprise
Offensive
Defensive
Attack and defend in a real-world HTB Cyber Range
Modern attacks are fast—some break out in just 51 seconds—and with most intrusions now malware-free, cyber teams need hands-on training that mirrors real threats.
That’s where the
Detection & OpSec Cyber Range
Module comes in: a fully integrated, cloud-based training environment for realistic, collaborative training across red, blue, and purple teams — no setup needed.How the Range builds skills to enhance cyber readiness:
- Blue
Develop and tune detections using real telemetry from executed TTPs, analyze post-attack artifacts across Windows and Linux targets, and respond to simulated breaches with incident handling and threat hunting in a safe, fully reusable environment.
- Red
Test the visibility of tools and techniques, refine operational security (OpSec) by reviewing logs and alerts, and simulate advanced attacker behaviors, including malware deployment, C2, and evasive tactics in a controlled lab.
- Purple
Collaborate on coordinated attack-defend scenarios, validate control effectiveness and SIEM coverage, and train across the full attack chain using reusable infrastructure that unifies red and blue perspectives in real time.
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
Ready for your skills to do the talking at your next interview?
Head to HTB Academy and start learning today →
new
Enterprise
Offensive
Sharpen your red teaming skills with new Professional Lab scenarios
Two (2) new time-efficient scenarios have been added as part of our VulnLab content migration:
Mythical
and Puppet
.These advanced Active Directory labs are designed to get you straight into action, with a pre-established Mythic or Sliver C2 beacon already running in the target environment.
Here’s what you’ll practice:
- Active Directory attacks
- Lateral movement & privilege escalation
- C2 operations
- ADCS & MSSQL (Mythical)
- DevOps abuse (Puppet)
Available on HTB Enterprise Platform, those scenarios come with all business-exclusive features such as Restore Point, and MITRE ATT&CK mapping.
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
new
Enterprise
Offensive
Defensive
New exclusive content available on Dedicated Labs
Three (3) new exclusive releases are now live on Dedicated Labs, focusing on CVE exploitation, privilege escalation, log analysis, and more!
- Succession | Exclusive Machine
Exploit the BadSuccessor vulnerability on Windows Server 2025 in an Assume Breach setup and practice post-exploitation, lateral movement, and AD attack techniques.
- TemplTrap | Exclusive Machine
Chain RCE in Langflow (CVE-2025-3248) with PrivEsc in Screen (CVE-2025-23395) to learn all about web app exploitation and privilege escalation in modern stacks.
- PunkStar | Exclusive Sherlock
Analyze Sysmon, PowerShell, and Security logs using Splunk across a full attack chain to sharpen your DFIR, detection, and threat hunting skills.
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
new
Labs
Enterprise
Defensive
Level up your digital forensics skills with a new defensive scenario
Boost your expertise in uncovering hidden evidence with
Allegretto
by analyzing recovered data from a high-stakes raid on a suspected drug dealer who attempted to destroy critical information.Your mission? Uncover key activities by piecing together digital clues and artifacts.
Key learning outcomes:
- Master forensic analysis of Windows systems and encrypted drives
- Investigate email and USB device traces
- Understand TOR network footprints in investigations
- Develop skills crucial for real-world digital forensics and incident response
Don't have access to HTB Enterprise Platform?
Start a 14-day business trial FOR FREE →
Want to add new defensive skills to your utility kit?
Login to HTB Labs today →
Load More
→