This path is designed to help cybersecurity professionals prepare for the Google Cybersecurity Certificate and is now available on HTB Enterprise platform as part of the LetsDefend acquisition!

By completing this path, you'll gain the knowledge and hands-on experience needed to succeed in the Google Cybersecurity Certificate. Throughout the modules, you'll explore cybersecurity best practices, Linux and scripting fundamentals, threat and vulnerability management, and the use of SIEM technologies in modern security operations.

Modules included in this path are:

We have introduced a range of AI-powered tools built to help you navigate complex cybersecurity content on HTB Academy.

Get contextual technical explanations, summaries, and quizzes based on the specific section you are currently reading.

Dynamically translate module content into Hindi, Arabic, Spanish, French, Chinese, Greek, and Japanese while preserving the correct code blocks and commands.

This is our first step into AI-augmented learning, designed to reduce learning burnout and help you level up faster.

These features will soon also be live for HTB Enterprise teams.

Expand your training with a new exclusive Machine and Sherlock.

Target an LLM-integrated system and train on modern attack techniques such as prompt injection and SSRF in this Medium difficulty Linux machine. Manipulate the LLM to access internal services, exploit a backup system for remote code execution, and escalate privileges through command injection in a system management script.

Complete the IncipientBreeze investigation series by analyzing the TINYSHELL backdoor used by UNC3886. Apply what you learned on IncipientBreeze-1 & 2 to reverse the malware, decrypt the network traffic and uncover what the attacker did and if they exfiltrated any sensitive files.

Three new CTF packs have landed, giving you the ability to assess your team’s skills across emerging AI threats, aerospace cyber operations, and industrial control system security.

We have launched a new medium-difficulty defensive module, Introduction to Detection Engineering, on Hack The Box (HTB) Academy. This module introduces the foundational and advanced concepts required to think and operate like a modern detection engineer.

The sections explain how attackers operate within Windows environments and how operating system telemetry exposes those specific behaviors. Through hands-on tasks, you will simulate real-world attack techniques and design functional detection queries to convert raw telemetry into actionable alerts.

We have released a new medium-difficulty module on HTB Academy, designed to introduce you to the operational and strategic realities of adversary simulation. The Red Team Mindset module covers the foundational concepts of red teaming, explaining how these engagements differ from traditional penetration testing and how they are executed from kickoff to completion.

You will explore the specific roles and responsibilities of red, blue, and white teams during an engagement. The course also addresses critical ethical boundaries, communication protocols with stakeholders, and how artificial intelligence is shifting the landscape of modern adversary simulation.

Cash Credentials simulates a real-world breach that begins when an insider threat sells valid VPN credentials on an underground marketplace. Inspired by compromises attributed to the BlackSuit ransomware gang, this investigation challenges defenders to uncover subtle indicators of compromise, trace attacker activity across the environment, and respond before a ransomware deployment impacts the organization.

Together with your team, you will collaborate to:

By completing this scenario, you will gain hands-on experience investigating credential access techniques, tracking attacker movement through Active Directory environments, identifying data theft activity, and responding to a ransomware attack from initial access through impact.

Within HTB Enterprise Platform, you can now preview and monitor Academy and Dedicated Lab Spaces' progress from a single page, making it easier to track training activity across multiple Spaces without relying on external reports or jumping into each Space to preview team activity.

With Space Reporting, you can now get an overview that helps identify which Spaces are progressing well and which may need attention. From there, you can drill down into user progress within a specific Space to review individual training status and spot users who may be falling behind.

Make sure to use the date parameters and search tab to narrow down your search. You can find this page within your reporting tab.

New exclusive content has been released on Dedicated Labs featuring AI supply chain exploitation, malware analysis, identity governance abuse, and a new Satellite Challenges category.

Augment is a medium-difficulty Linux machine centered around emerging AI application vulnerabilities, including RAG abuse and ML supply chain attacks. Exploit a poisoned vector database to achieve RCE through unsafe markdown processing before abusing a malicious GGUF model validator to escalate privileges and gain full root access.

IncipientBreeze-2 continues the Medusa rootkit investigation series and challenges players to deepen their malware analysis and threat hunting capabilities. Using Elastic SIEM and forensic investigation techniques, you will analyze the Medusa rootkit’s behavior, persistence mechanisms, and operational footprint while building on concepts introduced in the first Sherlock of the series.

Ghost Claims explores weaknesses in identity governance and access management within an enterprise approval platform. Players must move beyond the limited public-facing portal to uncover hidden operator functionality, bypass restrictions, and access sensitive administrative capabilities.

A brand-new Challenge category has landed on HTB, blending cybersecurity with aerospace engineering. These challenges place you in realistic satellite incident response scenarios where precise calculations and problem-solving are critical to restoring mission operations and preventing catastrophic failures.

Threat Range Event Management is now available, introducing a self-service workflow for creating, hosting, and managing defensive cybersecurity simulations directly on the HTB platform.

This enables you to deploy on-demand SOC and DFIR simulations using the same streamlined workflow as standard CTF events.

Now you can: