is a multi-host intrusion scenario that simulates a simple privilege escalation from a workstation compromise to a server admin compromise via a brute force attack.

The intrusion starts with an already compromised workstation, and teams are tasked with extracting key information from the SIEM and retrieving files from the compromised endpoints to help understand the scope of the attack.

Throughout the scenario, teams will hunt for:

We’ve officially upgraded the HTB Labs frontend and made some changes in our user interface for a cleaner layout. What does that mean for you?

UI interactions feel smoother and more responsive.

This upgrade streamlines our engineering workflow, so we can ship features and improvements faster.

This change unlocks new capabilities for future development, helping us build a more scalable HTB Labs platform.

You’ll still find the same content and tools. Just now, with a cleaner layout, faster performance, and way more potential. Got feedback or spot a bug? Drop it in /feedback on our Discord channel.

HTB CTF Platform admins now have even more freedom to build, configure, and review CTF events without needing to make early pricing decisions or pay upfront. Alongside a refreshed visual identity, this update introduces new personalization and gamification elements designed to enhance the admin experience.

With our update to the CTF checkout and creation process, you can now:

This enables you to configure the event, build your challenges, invite team members, preview your draft event, and personalize your banner using our new creation flow, all before checkout. Payment is only required before the event starts.

You’ll also notice major quality-of-life improvements across the platform, including:

A faster, more intuitive, and more confident event-building experience. You can explore core CTF management features upfront, personalize your event with ease, understand costs earlier, and enjoy a cleaner separation between planning and payment, all within a responsive interface built for modern workflows.

Two new time-efficient Professional Lab scenarios are now live: and .

Control and Intercept are small Active Directory scenarios that simulate configuration gaps in enterprise systems. Control contains 2 machines and 3 flags that mimic a realistic multi-stage attack that focuses on exploiting web applications, abusing management tooling (OSCTRL / osquery), and leveraging operational misconfigurations. Intercept contains 2 machines and 2 flags that cover common Active Directory vulnerabilities and misconfigurations, demonstrating how relay attacks and authentication coercion attacks can be used to get access to a domain.

You'll gain practical skills in:

HTB Enterprise Platform users now have even more flexibility and control over their training environment with Windows Pwnbox available alongside the existing Linux Pwnbox.

With the introduction of Windows Pwnbox, you can now launch a fully preconfigured Windows environment directly within the HTB Platform, with no local setup, no friction, no additional tooling required. This release brings:

The new Windows Pwnbox can be launched directly within HTB Academy, Dedicated Labs, Professional Labs, and Cloud environments.

Your job hunt is starting to get easier. The HTB Jobs is now a centralized hub where you can browse open opportunities from our partners, track applications, and manage recruiter messages, all in one place. This is the first of many upgrades coming to help our users build their cybersecurity career, together with HTB.

The module introduces you to a range of Wi-Fi pentesting tools, each selected to demonstrate techniques suited for different environments and stages of an engagement. You’ll have the opportunity to work through practical examples that feature the wide variety of technologies, protocols, and security configurations encountered in the field, allowing you to gain hands-on experience in choosing and applying the right tools for your engagement.

Key learning outcomes:

The module incorporates a simulated Wi-Fi penetration test from start to finish, emphasizing hands-on techniques that reflect real-world engagements. It involves conducting scoped reconnaissance, assessing wireless configurations, and evaluating common attack surfaces across WPA2, WPA3, and Enterprise deployments. The environment culminates in a demonstration of internal network pivoting, including Active Directory access, all performed within a controlled, simulated environment and in adherence to strict legal and ethical boundaries.

Key learning outcomes:

The Wi-Fi Penetration Tester Job Role Path is built for professionals and aspiring security practitioners ready to master the art of assessing and securing corporate wireless networks.

Included in this path are 10 hands-on modules that put you in the attacker’s seat evaluating Wi-Fi security, breaking modern authentication and encryption protocols, and simulating real-world threats like rogue access points, man-in-the-middle attacks, and credential harvesting.

As you progress through the material, you’ll gain practical experience with industry-standard methodologies while learning how to pinpoint vulnerabilities, exploit misconfigurations, and deliver impactful countermeasures.

Upon completing the Path, you'll have the skills and confidence to perform authorized Wi-Fi penetration tests and strengthen the wireless security posture of enterprise corporate environments.

New exclusive content has been released on Dedicated Labs which features WSUS vulnerabilities in enterprise environments as well as HTB's first Sherlock that allows players to experience the full remediation process.

In this Sherlock players will utilize logs to track the exploitation of a website and then work through the full remediation process on the site to fix the vulnerabilities.

This Very Easy Machine demonstrates CVE-2025-59287, a critical unauthenticated remote code execution vulnerability affecting Microsoft Windows Server Update Services (WSUS).

The HTB Certified Defensive Security Analyst (CDSA) Preparation track equips you to build real-world defensive expertise through 11 engaging, hands-on scenarios spanning from Very Easy to Hard.

Every scenario is crafted to sharpen the core skills and methodologies you’ll need to succeed in the HTB Certified Defensive Security Analyst exam, from security analysis and SOC operations to incident handling.

As you progress through realistic environments and practical challenges, you’ll develop not only full exam readiness but also the confidence and capability to detect, analyze, and respond to security incidents with precision.