This month, we have released three of each: One Machine, one Sherlock, and one Challenge (and they are all exclusive)!

Exploit an authenticated RCE in Gogs (CVE-2025-8110) to gain a foothold, then abuse a vulnerable Ray service (CVE-2023-6019) to escalate privileges.

Investigate UNC3886 using the MITRE ATT&CK framework and analyze associated malware. Uncover adversary tactics and produce actionable threat intelligence.

Assess a temporary enterprise environment for exposed services and potential data leaks. Identify weaknesses in a rebuilt pipeline to determine if sensitive data is accessible.

This CTF pack offers beginner-to-intermediate challenges that build practical Linux skills through realistic, terminal-based scenarios.

It mirrors the tasks penetration testers, SOC analysts, and security engineers perform in real environments, guiding players through progressively complex situations that require both technical execution and systems-level reasoning:

And this is just one part of your team's learning journey. Build your foundation with Linux Fundamentals on Academy, apply and expand those skills through aligned scenarios, and now validate and benchmark those capabilities through a CTF.

Cloud Forensics - Essentials is a CTF pack designed for aspiring cloud security analysts, incident responders, and security engineers seeking practical experience in investigating cloud intrusions across AWS, Azure, and GCP.

Across 10 beginner-to-intermediate scenarios, players reconstruct cloud attack chains using real forensic artifacts from AWS, Azure, and GCP. The pack covers exposed secrets, SSRF-driven privilege escalation, device-code phishing, and Lambda pivots into IoT infrastructure.

By completing this pack, participants can evaluate and benchmark key cloud forensics skills in:

SATCOM Security Essentials is a CTF pack built around a fictional scenario grounded in real-world SATCOM attack workflows. Across 10 hands-on scenarios, participants operate inside Operation Titan Link, a geopolitical standoff over control of the orbital “High-Road to Mars,” where they intercept signals, decode telemetry, reverse-engineer firmware, and compromise satellite infrastructure to gain operational control before the adversary does.

The pack focuses on the full SATCOM attack surface and helps teams build practical skills across:

We’ve introduced Team Management for the HTB CTF Platform, giving organizations greater control over team formation and management in private events.

Until now, any team on the platform could join any CTF event, which made it difficult to run structured internal competitions. With this update, admins can control how their event's teams are set up, whether they have full control of how teams join, or let teams form on their own and decide how they can join.

Admins can now design their events end-to-end:

Content Library turns HTB into an active learning hub, giving learners one place to discover and start the right content faster, while admins retain control where needed.

This gives users a single place to discover HTB content via global search and filters across supported content types, including Machines, Challenges, Sherlocks, Modules, Professional Labs, and Cloud Labs. Depending on the organization's settings, users can also start the content they’re licensed to.

The Content Library is designed to make learning more skill-first and self-serve, while still respecting governance. You can still adjust content controls and permissions within your Company Management settings.

Registration is now open for our free global Capture The Flag competition for business teams.

Running from the event gives your organization a practical way to benchmark your readiness through a thrilling hands-on competition, and compete for

Built for teams of 1 up to 30 players, you will take on across 13 specialized categories, including Cloud, ICS, Pwn, Forensics, and AI, with varying difficulty levels.

This year’s storyline, places you inside a nation-state cyber warfare simulation focused on shared dependencies, critical infrastructure, virtualization stacks, identity providers, and supplier ecosystems. Your mission is to work to preserve national resilience against covert interference.

Along the way, you can measure performance against 1,000+ corporate squads worldwide, identify skill gaps across 12 critical domains, and use objective results to support future upskilling and planning within your organization.

The event also includes live hacking workshops on May 14, plus certification-aligned milestones such as for teams reaching 15,000 points and a for every player who earns at least 200 points.

The HTB COAE is a professional certification designed to validate advanced skills in AI red teaming and is now available on HTB Academy and HTB Enterprise plans. It serves as the final assessment for the AI Red Teamer Job-Role Path, which was developed in collaboration with Google.

The certification consists of a 7-day practical engagement where candidates must assess a complex AI-driven infrastructure. The exam evaluates proficiency in adversarial ML, LLM output exploitation, and AI system security. A commercial-grade technical report is required for successful completion.

If you are an individual, you can access the full path and the HTB COAE exam through our Silver Annual subscription on HTB Academy.

For those of you hacking as part of a team, the certification and its accompanying path are available for all Grow and Scale plans on the HTB Enterprise Platform. Want to explore the right plan for your team? Book a demo with us here.

The SaaS Integration - Essentials pack immerses players in hands-on exploitation of real-world SaaS and government web applications, exposing practical vulnerabilities across OAuth flows, token management, webhook validation, access controls, and server-side template injection.

Included in this pack are 10 challenges that progress from quick wins (client-side cookie forgery, hardcoded service key extraction) through intermediate challenges (OAuth redirect abuse, webhook signature bypass, IDOR-based password reset, mass assignment privilege escalation) to advanced scenarios (token chaining across diagnostics and logs, VBA macro phishing document analysis, and server-side template injection via file upload).

Each challenge is self-contained yet narratively connected, simulating a real red team operation, Operation Grantfall, across ten Norland government portals, each representing a distinct SaaS integration failure. The scenarios mirror the analytical workflow of penetration testers and AppSec engineers assessing government and enterprise SaaS deployments.

By completing this pack, you will exploit OAuth and token vulnerabilities, bypass webhook and payment controls, master access control and privilege escalation attacks, and chain advanced server-side vulnerabilities across interconnected SaaS portals.

Set up your next CTF.

A new , Persistence Tradecraft Analysis, is now available on HTB Academy. This course provides an in-depth look at Windows persistence mechanisms, covering everything from their role in the attack lifecycle to detection and investigation.

Throughout this module, you will explore how adversaries abuse legitimate system features like Scheduled Tasks, Windows Services, and Registry-run keys to ensure that malicious code executes automatically. The content focuses on identifying system artifacts left behind by attackers and translating that knowledge into reliable, effective detection rules for real-world environments.