Three new CTF packs have landed, giving you the ability to assess your team’s skills across emerging AI threats, aerospace cyber operations, and industrial control system security.

We have launched a new medium-difficulty defensive module, Introduction to Detection Engineering, on Hack The Box (HTB) Academy. This module introduces the foundational and advanced concepts required to think and operate like a modern detection engineer.

The sections explain how attackers operate within Windows environments and how operating system telemetry exposes those specific behaviors. Through hands-on tasks, you will simulate real-world attack techniques and design functional detection queries to convert raw telemetry into actionable alerts.

We have released a new medium-difficulty module on HTB Academy, designed to introduce you to the operational and strategic realities of adversary simulation. The Red Team Mindset module covers the foundational concepts of red teaming, explaining how these engagements differ from traditional penetration testing and how they are executed from kickoff to completion.

You will explore the specific roles and responsibilities of red, blue, and white teams during an engagement. The course also addresses critical ethical boundaries, communication protocols with stakeholders, and how artificial intelligence is shifting the landscape of modern adversary simulation.

Cash Credentials simulates a real-world breach that begins when an insider threat sells valid VPN credentials on an underground marketplace. Inspired by compromises attributed to the BlackSuit ransomware gang, this investigation challenges defenders to uncover subtle indicators of compromise, trace attacker activity across the environment, and respond before a ransomware deployment impacts the organization.

Together with your team, you will collaborate to:

By completing this scenario, you will gain hands-on experience investigating credential access techniques, tracking attacker movement through Active Directory environments, identifying data theft activity, and responding to a ransomware attack from initial access through impact.

Within HTB Enterprise Platform, you can now preview and monitor Academy and Dedicated Lab Spaces' progress from a single page, making it easier to track training activity across multiple Spaces without relying on external reports or jumping into each Space to preview team activity.

With Space Reporting, you can now get an overview that helps identify which Spaces are progressing well and which may need attention. From there, you can drill down into user progress within a specific Space to review individual training status and spot users who may be falling behind.

Make sure to use the date parameters and search tab to narrow down your search. You can find this page within your reporting tab.

New exclusive content has been released on Dedicated Labs featuring AI supply chain exploitation, malware analysis, identity governance abuse, and a new Satellite Challenges category.

Augment is a medium-difficulty Linux machine centered around emerging AI application vulnerabilities, including RAG abuse and ML supply chain attacks. Exploit a poisoned vector database to achieve RCE through unsafe markdown processing before abusing a malicious GGUF model validator to escalate privileges and gain full root access.

IncipientBreeze-2 continues the Medusa rootkit investigation series and challenges players to deepen their malware analysis and threat hunting capabilities. Using Elastic SIEM and forensic investigation techniques, you will analyze the Medusa rootkit’s behavior, persistence mechanisms, and operational footprint while building on concepts introduced in the first Sherlock of the series.

Ghost Claims explores weaknesses in identity governance and access management within an enterprise approval platform. Players must move beyond the limited public-facing portal to uncover hidden operator functionality, bypass restrictions, and access sensitive administrative capabilities.

A brand-new Challenge category has landed on HTB, blending cybersecurity with aerospace engineering. These challenges place you in realistic satellite incident response scenarios where precise calculations and problem-solving are critical to restoring mission operations and preventing catastrophic failures.

Threat Range Event Management is now available, introducing a self-service workflow for creating, hosting, and managing defensive cybersecurity simulations directly on the HTB platform.

This enables you to deploy on-demand SOC and DFIR simulations using the same streamlined workflow as standard CTF events.

Now you can:

We have introduced XP and Activity Streaks directly to the HTB Profile. This update allows you to highlight your continuous learning and hands-on skills to the community and potential employers.

Hack The Box (HTB) Academy and Enterprise users undertaking certificate exams can now select Australian VPN servers for their connection. This infrastructure update reduces latency and provides a significantly smoother exam-taking experience for users based in the APAC region, across both individual and enterprise plans.

This new module delivers an in-depth, defense-focused study of Windows credential access. It explains how adversaries steal credentials via dumping and abuse of sensitive stores, then breaks down authentication flows, cryptographic protections, and both live-memory and offline extraction to understand tool behavior and build robust detection rules. It also covers DPAPI, Windows Credential Manager, browser credential stores, including App-Bound encryption, and Credential Guard bypass techniques with their detection opportunities.