Your cybersecurity journey starts here.
Develop your skills with guided training and prove your expertise with industry certifications. Become a market-ready cybersecurity professional.
Get certified with HTB
Skyrocket your resume. Land your dream job. Stand out from the competition.View Job Role Paths
Master new skills
Learn popular offensive and defensive security techniques with skill paths.View Skill Paths
Why HTB Academy
Prepare for your future in cybersecurity with interactive, guided training and industry certifications. Learn the skills needed to stand out from the competition.
For every skill level, from beginner to advanced
- Threat-informed training approach
- Real-world examples
- Skills assessment exercises
- Discord-based guidance
In-browser Pentesting VM
Tackle all lab exercises from your browser
- In-browser pentesting VM (Pwnbox) to practice everything you learn
- No infrastructure or tool requirements
Practice in a real-world environment
- Interactive exercises against real-world applications and infrastructure
- Gain valuable hands-on experience
Stand out in the job market, skyrocket your resume
- Industry-recognized certifications
- Realistic examinations mimicking real engagements
- Commercial-grade report required to pass
Unlimited & Online
On-demand access from everywhere
- Smaller, easier to digest courses available online
- Lifetime access to completed courses
Job & Skill Paths
Achieve job proficiency or learn a new skill
- Acquire job or skill proficiency
- Develop an outside-the-box thinking mentality
Master a skill
In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive list...
Cracking into Hack the Box
To be successful in any technical information security role, we must have a broad understanding of specialized tools, tactics, and terminology. This p...
Local Privilege Escalation
Privilege escalation is a vital phase of the penetration testing process, one we may revisit multiple times during an engagement. During our assessmen...
Intro to Binary Exploitation
Binary exploitation is a core tenet of penetration testing, but learning it can be daunting. This is mainly due to the complexity of binary files and...
Operating System Fundamentals
To succeed in information security, we must have a deep understanding of the Windows and Linux operating systems and be comfortable navigating the com...
CREST CPSA/CRT Preparation
This is a skill path to prepare you for CREST's CPSA and CRT exams. The following CPSA/CRT syllabus areas (IDs) are covered: A1, A2, A3, A4, A5, B1, B...
CREST CCT APP Preparation
This is a skill path to prepare you for CREST's CCT APP exam. The following CCT APP syllabus areas (IDs) are covered: A1, A2, A3, A4, A5, B1, B4, B5,...
Information Security Foundations
Information Security is a field with many specialized and highly technical disciplines. Job roles like Penetration Tester & Information Security Analy...
The learning process is one of the essential and most important components that is often overlooked. This module does not teach you techniques to lear...
Introduction to Academy
This module is recommended for new users. It allows users to become acquainted with the platform and the learning process.
This module covers the fundamentals required to work comfortably with the Linux operating system and shell.
Introduction to Bash Scripting
This module covers the basics needed for working with Bash scripts to automate tasks on Linux systems. A strong grasp of Bash is a fundamental skill...
DNS Enumeration Using Python
As a penetration tester or red teamer, it is imperative that we understand the tools that we use inside and out and also have the ability to write out...
Introduction to Networking
As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation...
This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.
This module covers the fundamentals required to work comfortably with the Windows operating system.
Introduction to Active Directory
Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface...
Introduction to Web Applications
In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an infor...
Intro to Network Traffic Analysis
Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational iss...
Intro to Assembly Language
This module builds the core foundation for Binary Exploitation by teaching Computer Architecture and Assembly language basics.
This module covers topics that will help us be better prepared before conducting penetration tests. Preparations before a penetration test can often t...
Introduction to Python 3
Automating tedious or otherwise impossible tasks is highly valued during both penetration testing engagements and everyday life. Introduction to Pytho...
Penetration Testing Process
This module teaches the penetration testing process broken down into each stage and discussed in detail. We will cover many aspects of the role of a p...
Incident Handling Process
Security Incident handling has become a vital part of each organization's defensive strategy, as attacks constantly evolve and successful compromises...
This module covers the fundamentals required to work comfortably within the macOS operating system and shell.
Bug Bounty Hunting Process
Bug bounty programs encourage security researchers to identify bugs and submit vulnerability reports. Getting into the world of bug bounty hunting wit...
Documentation & Reporting
Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presente...
WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.
Network Enumeration with Nmap
Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both of...
Cracking Passwords with Hashcat
This module covers the fundamentals of password cracking using the Hashcat tool.
Active Directory LDAP
This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.
File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.
During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging t...
Kerberos is an authentication protocol that allows users to authenticate and access services on a potentially insecure network. Due to its prevalence...
OSINT: Corporate Recon
OSINT (Open-source Intelligence) is a crucial stage of the penetration testing process. A thorough examination of publicly available information can i...
Stack-Based Buffer Overflows on Linux x86
Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-...
SQL Injection Fundamentals
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information s...
Using the Metasploit Framework
The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, pe...
Whitebox Pentesting 101: Command Injection
This module focuses on discovering Command Injection vulnerabilities in NodeJS servers and exploiting them to control the server.
Linux Privilege Escalation
Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and r...
Attacking Web Applications with Ffuf
This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this m...
Login Brute Forcing
Learn how to brute force logins for various types of services and create custom wordlists based on your target.
The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the...
Windows Privilege Escalation
After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can furthe...
Active Directory PowerView
This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that...
Active Directory BloodHound
This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform ou...
This module covers the fundamentals of penetration testing and an introduction to Hack The Box.
Authentication is probably the most straightforward and prevalent measure used to secure access to resources, and it's the first line of defense again...
Active Directory presents a vast attack surface and often requires us to use many different tools during an assessment. The CrackMapExec tool, known a...
Stack-Based Buffer Overflows on Windows x86
This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities...
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to ex...
This module introduces the concept of Vulnerability Assessments. We will review the differences between vulnerability assessments and penetration test...
Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify a...
Using Web Proxies
Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best framework...
This module covers techniques for footprinting the most commonly used services in almost all enterprise and business IT infrastructures. Footprinting...
Attacking Common Applications
Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by develo...
Shells & Payloads
Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilize...
Attacking Common Services
Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service i...
This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's sy...
File Upload Attacks
Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary comm...
Active Directory Enumeration & Attacks
Active Directory (AD) is the leading enterprise domain management suite, providing identity and access management, centralized domain administration,...
Information Gathering - Web Edition
This module covers techniques for identifying and analyzing an organization's web application-based attack surface and tech stack. Information gatheri...
A backend that handles user-supplied input insecurely can lead to sensitive information disclosure and remote code execution. This module covers how t...
Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for...
Maintaining and keeping track of a user's session is an integral part of web applications. It is an area that requires extensive testing to ensure it...
Pivoting, Tunneling, and Port Forwarding
Once a foothold is gained during an assessment, it may be in scope to move laterally and vertically within a target network. Using one compromised mac...
Web Service & API Attacks
Web services and APIs are frequently exposed to provide certain functionalities in a programmatic way between heterogeneous devices and software compo...
Attacking Enterprise Networks
We often encounter large and complex networks during our assessments. We must be comfortable approaching an internal or external network, regardless o...
Introduction to Deserialization Attacks
In this module, we will explore deserialization attacks with specific examples in Python and PHP.
Attacking Authentication Mechanisms
Authentication plays an essential role in almost every web application. If a vulnerability arises in the application's authentication mechanism, it co...
Introduction to NoSQL Injection
In this module, we will look at exploiting NoSQL injection vulnerabilities, specifically MongoDB, with examples in Python, PHP, and Node.JS.
Blind SQL Injection
In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.
Game Hacking Fundamentals
This module serves as an introduction to fundamental Game Hacking concepts. You will learn how to find and change memory values in a running game as w...
This module covers details on Transport Layer Security (TLS) and how it helps to make HTTP secure with the widely used HTTPS. That includes how TLS wo...
Advanced SQL Injections
This module covers advanced SQL injection techniques with a focus on white-box testing, Java/Spring and PostgreSQL.
Abusing HTTP Misconfigurations
This module covers three common HTTP vulnerabilities: Web Cache Poisoning, Host Header Vulnerabilities, and Session Puzzling or Session Variable Overl...
This module covers three HTTP vulnerabilities: CRLF Injection, HTTP Request Smuggling, and HTTP/2 Downgrading. These vulnerabilities can arise on the...
Windows Attacks & Defense
Microsoft Active Directory (AD) has been, for the past 20+ years, the leading enterprise domain management suite, providing identity and access manage...
Security Monitoring & SIEM Fundamentals
This module provides a concise yet comprehensive overview of Security Information and Event Management (SIEM) and the Elastic Stack. It demystifies th...
50k+ 5 star reviews
To obtain skill or job proficiency
From a diverse pool of instructors
To obtain hands-on experience
Hack The Box is where my infosec journey started. The main question people usually have is “Where do I begin?”. At NVISO, we provide new team members access to the HTB Academy, in which they complete modules and follow tracks focused on a specific topic (e.g. AD, Web Pentesting, Cryptography, etc.). This way, new NVISO-members build a strong knowledge base in these subjects.
Firat Acar - Cybersecurity Consultant/Red Teamer
We immediately started using HTB Academy after we signed up and found that the modules challenge the students to work hard to successfully reach an end goal. Now, we have students getting hired only a month after starting to use HTB! We're excited to see this trend continue the rest of the academic year.
Matthew McCullough - Lead Instructor
Thank you HTB family for all of the hard work and countless hours that have gone into developing the premier content in HTB Academy. I am grateful to have an affordable training resource that is helping to fill the gap between what we are taught in school and what will actually be required of us in the field.
@jhillman - Learner