The learning process is one of the essential and most important components that is often overlooked. This module does not teach you techniques to lear...
Your first stop in Hack The Box Academy to become acquainted with the platform, its features, and its learning process.
WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.
This module covers the fundamentals required to work comfortably with the Linux operating system and shell.
Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both of...
This module covers the fundamentals of password cracking using the Hashcat tool.
This module covers the basics needed for working with Bash scripts to automate tasks on Linux systems. A strong grasp of Bash is a fundamental skill...
This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.
File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.
During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging t...
Kerberos is an authentication protocol that allows users to authenticate and access services on a potentially insecure network. Due to its prevalence...
As a penetration tester or red teamer, it is imperative that we understand the tools that we use inside and out and also have the ability to write out...
OSINT (Open-source Intelligence) is a crucial stage of the penetration testing process. A thorough examination of publicly available information can i...
Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-...
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information s...
As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation...
This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.
Learn how to improve your JavaScript code's security through Code Review, Static/Dynamic Analysis, Vulnerability Identification, and Patching.
The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, pe...
This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and unders...
This module focuses on discovering Command Injection vulnerabilities in NodeJS servers and exploiting them to control the server.
This module covers the fundamentals required to work comfortably with the Windows operating system.
Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and r...
This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this m...
The module contains an exploration of brute-forcing techniques, including the use of tools like Hydra and Medusa, and the importance of strong passwor...
The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the...
After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can furthe...
This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that...
This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform ou...
Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface...
In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an infor...
This module covers the fundamentals of penetration testing and an introduction to Hack The Box.
Authentication is probably the most straightforward and prevalent measure used to secure access to resources, and it's the first line of defense again...
Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational iss...
Active Directory presents a vast attack surface and often requires us to use many different tools during an assessment. The CrackMapExec tool, known a...
This module builds the core foundation for Binary Exploitation by teaching Computer Architecture and Assembly language basics.
This module covers topics that will help us be better prepared before conducting penetration tests. Preparations before a penetration test can often t...
Automating tedious or otherwise impossible tasks is highly valued during both penetration testing engagements and everyday life. Introduction to Pytho...
This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities...
This module teaches the penetration testing process broken down into each stage and discussed in detail. We will cover many aspects of the role of a p...
Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to ex...
This module introduces the concept of Vulnerability Assessments. We will review the differences between vulnerability assessments and penetration test...
Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify a...
Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best framework...
This module covers techniques for footprinting the most commonly used services in almost all enterprise and business IT infrastructures. Footprinting...
Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by develo...
Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilize...
Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service i...
This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's sy...
Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary comm...
Active Directory (AD) is the leading enterprise domain management suite, providing identity and access management, centralized domain administration,...
This module equips learners with essential web reconnaissance skills, crucial for ethical hacking and penetration testing. It explores both active and...
A backend that handles user-supplied input insecurely can lead to devastating security vulnerabilities such as sensitive information disclosure and re...
Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for...
Security Incident handling has become a vital part of each organization's defensive strategy, as attacks constantly evolve and successful compromises...
Maintaining and keeping track of a user's session is an integral part of web applications. It is an area that requires extensive testing to ensure it...
This module covers the fundamentals required to work comfortably within the macOS operating system and shell.
Once a foothold is gained during an assessment, it may be in scope to move laterally and vertically within a target network. Using one compromised mac...
Web services and APIs are frequently exposed to provide certain functionalities in a programmatic way between heterogeneous devices and software compo...
Bug bounty programs encourage security researchers to identify bugs and submit vulnerability reports. Getting into the world of bug bounty hunting wit...
Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presente...
We often encounter large and complex networks during our assessments. We must be comfortable approaching an internal or external network, regardless o...
As administrators and Pentesters, we may not always be able to utilize a graphical user interface for the actions we need to perform. Introduction to...
In this module, we will explore deserialization attacks with specific examples in Python and PHP.
Authentication plays an essential role in almost every web application. If a vulnerability arises in the application's authentication mechanism, it co...
In this module, we will look at exploiting NoSQL injection vulnerabilities, specifically MongoDB, with examples in Python, PHP, and Node.JS.
Microsoft Active Directory (AD) has been, for the past 20+ years, the leading enterprise domain management suite, providing identity and access manage...
In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.
This module serves as an introduction to fundamental Game Hacking concepts. You will learn how to find and change memory values in a running game as w...
This module covers details on Transport Layer Security (TLS) and how it helps to make HTTP secure with the widely used HTTPS. That includes how TLS wo...
In this module, we delve into the intricacies of WPS, uncovering the common vulnerabilities that plague this technology. From brute-force attacks to m...
This module covers advanced SQL injection techniques with a focus on white-box testing, Java/Spring and PostgreSQL.
This module covers three common HTTP vulnerabilities: Web Cache Poisoning, Host Header Vulnerabilities, and Session Puzzling or Session Variable Overl...
This module covers three HTTP vulnerabilities: CRLF Injection, HTTP Request Smuggling, and HTTP/2 Downgrading. These vulnerabilities can arise on the...
This module covers three injection attacks: XPath injection, LDAP injection, and HTML injection in PDF generation libraries. While XPath and LDAP inje...
This module explores several web vulnerabilities from a whitebox approach: Prototype Pollution, Timing Attacks & Race Conditions, and those arising fr...
This module serves as a follow-up to the Game Hacking Fundamentals module. You will learn how to persist Cheat Engine Scripts by scanning for byte arr...
This module provides a concise yet comprehensive overview of Security Information and Event Management (SIEM) and the Elastic Stack. It demystifies th...
This module initially lays the groundwork for understanding Threat Hunting, ranging from its basic definition, to the structure of a threat hunting te...
This module covers the exploration of Windows Event Logs and their significance in uncovering suspicious activities. Throughout the course, we delve i...
This module provides a comprehensive introduction to Splunk, focusing on its architecture and the creation of effective detection-related SPL (Search...
Discretionary Access Control Lists (DACLs), found within security descriptors, are a fundamental component of the security model of Windows and Active...
In today's digital age, wireless networks are ubiquitous, connecting countless devices in homes, businesses, and public spaces. With this widespread c...
This module offers an in-depth exploration of Suricata, Snort, and Zeek, covering both rule development and intrusion detection. We'll guide you throu...
This module offers an exploration of malware analysis, specifically targeting Windows-based threats. The module covers Static Analysis utilizing Linux...
Introduction to C# aims to provide a solid foundation to understand and work with C# code. Covering the crucial foundations and more intricate concept...
Through network traffic analysis, this module sharpens skills in detecting link layer attacks such as ARP anomalies and rogue access points, identifyi...
This mini-module concisely introduces hardware attacks, covering Bluetooth risks and attacks, Cryptanalysis Side-Channel Attacks, and vulnerabilities...
This module covers advanced web concepts and exploitation techniques, including performing DNS Rebinding to bypass faulty SSRF filters and the Same-Or...
The NTLM authentication protocol is commonly used within Windows-based networks to facilitate authentication between clients and servers. However, NTL...
This Hack The Box Academy module is focused on pinpointing attacks on Windows and Active Directory. Utilizing Splunk as the cornerstone for investigat...
This Hack The Box Academy module covers how to create YARA rules both manually and automatically and apply them to hunt threats on disk, live processe...
Modern web browsers and applications utilize a variety of security measures to protect against CSRF and XSS vulnerabilities, rendering their exploitat...
This module focuses on privilege escalation attacks by abusing misconfigurations in Active Directory Certificate Services.
Dive into Windows digital forensics with Hack The Box Academy's "Introduction to Digital Forensics" module. Gain mastery over core forensic concepts a...
Tailored to provide a holistic understanding, this Hack The Box Academy module ensures participants are adept at identifying, categorizing, and docume...
This 'secure coding' module teaches how to identify logic bugs through code review and analysis, and covers three types of logic bugs caused by user i...
This module focuses on developing custom exploits for .NET deserialization vulnerabilities from a whitebox perspective.
Active Directory is present in over 90% of corporate environments and it is the prime target for attacks. This module covers the attack chain from get...
This module provides a detailed overview of Supply Chain Attacks, covering hardware and software aspects. It explores the impact of supply chains, the...
Whitebox penetration testing enables thorough testing to identify various hard-to-find vulnerabilities. This module covers the process of whitebox pen...
This module covers the critical aspects of user behavior analysis by exploring Windows artifacts. It is specifically designed for digital forensic ana...
Active Directory (AD) is the leading solution for organizations to provide identity and access management, centralized domain administration, authenti...
In this module we will cover the basics of evading antivirus solutions (Windows Defender specifically) from an attackers point-of-view.
In this second module on Discretionary Access Control Lists (DACLs), we delve into sophisticated attack techniques and strategies within Windows Activ...
Fuzzing is a powerful software testing technique that deliberately introduces chaos into your applications. By bombarding your code with unexpected or...
Windows lateral movement involves techniques to navigate and control remote systems within a network, primarily after gaining initial access. It is cr...
This module is focussed on understanding different document formats, and techniques for identifying and analyzing the threats posed by malicious docum...
This module covers attacks targeting tightly incorporated technologies in Active Directory environments such as MSSQL, Exchange, and SCCM, and how to...
Web APIs serve as crucial connectors across diverse entities in the modern digital landscape. However, their extensive functionality also exposes them...
GraphQL is a query language for APIs as an alternative to REST APIs. Clients are able to request data through GraphQL queries. If improperly configure...
In this module, we explore the essential techniques and tools for fuzzing web applications, an essential practice in cybersecurity for identifying hid...
19 Sections
