Academy

I would like to suggest adding a dedicated Vulnerability Research and Exploit Development job-role path and certification to HTB Academy. There is still a gap for learners who want structured, hands-on training focused specifically on discovering vulnerabilities from source code or binaries, triaging bugs, building reliable proof-of-concept exploits, and understanding modern exploit mitigations and how to bypass those defenses.

Supply Chain Security has been a thorn in the side of many enterprises as of late, so many of the major attacks involve a compromised supply chain. I was wondering if there has been any plans or talks around releasing a Supply Chain Security learning path (attacking SCM servers, CI/CD pipelines, Image Registries, K8s clusters, ...). To be clear I did see the "Supply Chain Attacks" module, which seems however fairly light-touch and outdated (last update was 2 years ago). I am mainly asking regarding a more expansive (learning-path size) training. I believe this is a very hot topic in the infosec domain at the moment and one around which there is not a lot of solid training. I am currently doing the AI Red Teamer learning path, which I am finding really informative. It's hard to come by this kind of education on newer topics, and I think a similar learning path regarding SSCS would be appreciated by many.

I'm enjoying CPTS's Penetration Tester job role path so far. This makes me wonder, will HTB introduce a ICS/OT Red Team and/or Penetration Tester job role path and certification in the future? Would really love to see this

Hi HTB team, I’d like to suggest adding a dedicated module focused on phishing techniques and initial access scenarios. While the Academy already covers many technical exploitation paths, there is limited structured content around the human attack surface, which is critical in real-world engagements. The module could include: * Crafting realistic phishing campaigns (email structure, pretexts, OPSEC considerations) * Payload delivery methods (attachments vs links, common trade-offs) * High-level overview of email security controls and user awareness challenges * Safe lab simulations of phishing workflows (end-to-end initial access scenarios) * Detection and defensive perspective (how blue teams identify phishing attempts) This would complement existing red teaming and C2 content by providing a more complete view of the attack chain, from initial access to post-exploitation. I believe this would be highly valuable for both: * Red teamers learning realistic entry points * Blue teamers understanding how phishing attacks are executed Thanks for considering!

Please add Syntax Highlighting for the code blocks in the modules. It would make reading it a lot easier - especially with C/C++. Considering that Tier 4 modules are almost all code.

Prerequisites are no longer provided inside a module in Academy 2.0. "Academy legacy" shows this under "Module Summary". This is helpful if you are not doing the modules in the order they are mentioned within a path.

Hello, some of the badges in the COAE path arent showing ive added a photo as proof Thank you

Users should be able to display the rank they obtained on academy badges. Currently, we can only see how many people have completed each badge, not the rank at which we obtain it. We can only guess the rank by quickly looking at the number whenever we get a new badge, but it's imprecise and disappear whenever more people get that same badge. Thanks a lot !

We would like to have video content added to the training modules, as our students tend to gravitate more towards video-based learning, especially coming from platforms like Security Plus that offer video content and practice exams.

Hoping HTB will considering having a branch of content for cloud redteam/penetration test since nowadays everything seems cloud related.