We have introduced XP and Activity Streaks directly to the HTB Profile. This update allows you to highlight your continuous learning and hands-on skills to the community and potential employers.

Hack The Box (HTB) Academy and Enterprise users undertaking certificate exams can now select Australian VPN servers for their connection. This infrastructure update reduces latency and provides a significantly smoother exam-taking experience for users based in the APAC region, across both individual and enterprise plans.

This new module delivers an in-depth, defense-focused study of Windows credential access. It explains how adversaries steal credentials via dumping and abuse of sensitive stores, then breaks down authentication flows, cryptographic protections, and both live-memory and offline extraction to understand tool behavior and build robust detection rules. It also covers DPAPI, Windows Credential Manager, browser credential stores, including App-Bound encryption, and Credential Guard bypass techniques with their detection opportunities.

You can now connect to HTB using a US-based Pwnbox directly from the location drop-down in Windows Pwnbox, improving connectivity and reducing latency for users in the United States.

This update on Windows Pnwbox, which comes with Windows-centric tooling to investigation-driven workflows, delivers a smoother, more responsive experience by allowing you to connect to infrastructure closer to your region.

We have added two new preparation tracks to Hack The Box (HTB) Labs to help users prepare for our web security certifications.

The HTB Certified Web Exploitation Specialist (HTB CWES) preparation track builds a foundation in identifying and exploiting common web vulnerabilities. For those looking for a deeper dive, the HTB Certified Web Exploitation Expert (HTB CWEE) preparation track focuses on advanced techniques and chaining vulnerabilities in complex, real-world scenarios.

Both tracks consist of hands-on challenges designed to bridge the gap between theory and exam performance.

Your HTB Profile now includes an automated Badges showcase that highlights your achievements across HTB Labs and Academy. Clicking any badge reveals the full artwork, completion criteria, and global rarity statistics. This update helps you track your total progress and provides a public-facing snapshot of your milestones.

We updated HTB Jobs to give you more transparency during your job hunt. You can now see critical details on every listing to help you decide if a role is the right fit before you apply.

The new updates include:

👉 Start applying on HTB Jobs here.

We have successfully rolled out HTB XP, a cumulative points system that tracks lifetime growth across the entire HTB Labs and Academy platforms.

XP is now awarded for Machines, Challenges, Academy Modules and Paths. This score is non-deductible and reflects your lifetime activity. More content integration is coming soon.

Completing Active Labs now grants an automatic 1.3x XP bonus.

Climb through 7 new ranks and 3 sub-grades, and more than 100 levels for more frequent rewards, all the way to Grandmaster.

A streak advances when 200 XP is earned within a calendar week (Monday 00:00:00 UTC to Sunday 23:59:59 UTC).

Labs VIP/VIP+ (Monthly and Annual) and Academy Annual subscribers now automatically receive Streak Savers every month (Max 3 held at once).

This month, we have released three of each: One Machine, one Sherlock, and one Challenge (and they are all exclusive)!

Exploit an authenticated RCE in Gogs (CVE-2025-8110) to gain a foothold, then abuse a vulnerable Ray service (CVE-2023-6019) to escalate privileges.

Investigate UNC3886 using the MITRE ATT&CK framework and analyze associated malware. Uncover adversary tactics and produce actionable threat intelligence.

Assess a temporary enterprise environment for exposed services and potential data leaks. Identify weaknesses in a rebuilt pipeline to determine if sensitive data is accessible.

This CTF pack offers beginner-to-intermediate challenges that build practical Linux skills through realistic, terminal-based scenarios.

It mirrors the tasks penetration testers, SOC analysts, and security engineers perform in real environments, guiding players through progressively complex situations that require both technical execution and systems-level reasoning:

And this is just one part of your team's learning journey. Build your foundation with Linux Fundamentals on Academy, apply and expand those skills through aligned scenarios, and now validate and benchmark those capabilities through a CTF.