Cyber Security Paths


To provide guidance on which modules to study in order to obtain a specific skill or even the practical skills and mentality necessary for a specific job role HTB Academy features two kinds of paths,"Skill Paths" and "Job Role Paths".

  • Skill Paths contain groups of modules each related to a specific cyber security or IT skill.
  • Job Role Paths contain groups of modules each related to a specific cyber security job role.

Modules in paths are presented in a logical order to make your way through studying.

Card image
Bug Bounty Hunter

Medium 206 Sections +330

Cubes Required: 1410

The Bug Bounty Hunter Job Role Path is for individuals who want to enter the world of Bug Bounty Hunting with little to no prior experience. This path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty hunting. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs. Upon completing this job role path, you will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs to a vendor.

 Web Requests

Fundamental 9 Sections +10

Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.

 Introduction to Web Applications

Fundamental 17 Sections +10

In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an information security perspective.

 Using Web Proxies

Easy 15 Sections +20

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.

 Information Gathering - Web Edition

Easy 10 Sections +20 NEW

This module covers techniques for identifying and analyzing an organization's web application-based attack surface and tech stack. Information gathering is an essential part of any web application penetration test, and it can be performed either passively or actively.

 Attacking Web Applications with Ffuf

Easy 13 Sections +10

This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.

 JavaScript Deobfuscation

Easy 11 Sections +10

This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and understand its purpose.

 Cross-Site Scripting (XSS)

Easy 10 Sections +20

Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute arbitrary JavaScript code within the target's browser and result in complete web application compromise if chained together with other vulnerabilities. This module will teach you how to identify XSS vulnerabilities and exploit them.

 SQL Injection Fundamentals

Medium 17 Sections +10

Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection is a code injection technique used to take advantage of coding vulnerabilities and inject SQL queries via an application to bypass authentication, retrieve data from the back-end database, or achieve code execution on the underlying server.

 SQLMap Essentials

Easy 11 Sections +20

The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.

 Command Injections

Medium 12 Sections +20

Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify and exploit command injection vulnerabilities and how to use various filter bypassing techniques to avoid security mitigations.

 File Upload Attacks

Medium 11 Sections +20 NEW

Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary commands on the back-end server, and even take control over the entire server and all web applications hosted on it and potentially gain access to sensitive data or cause a service disruption.

 Attacking the Server Side

Medium 1 Sections +20 COMING SOON

A backend that handles user-supplied input insecurely can lead to not only sensitive information disclosure but remote code execution as well. This module covers how to identify and exploit server-side bugs. Specifically, Server Side Request Forgery, Server Side Include and Server Side Template Injection attacks will be showcased, alongside other less common server-side attacks.

 Login Brute Forcing

Easy 11 Sections +20

Learn how to brute force logins for various types of services and create custom wordlists based on your target.

 Broken Authentication

Medium 14 Sections +20

Authentication is probably the simplest and most widespread measure used to secure access to resources, and it's the first line of defense against unauthorized access. Broken authentication is currently rated #2 on the OWASP Top 10 Web Application Security Risks. A vulnerability or misconfiguration at the authentication stage can have a devastating impact on an application's overall security.

 Web Attacks

Medium 18 Sections +20

This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's systems. We will cover how to identify, exploit, and prevent each of them through various methods.

 File Inclusion / Directory Traversal

Medium 7 Sections +10

File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.

 Session Security

Medium 1 Sections +20 COMING SOON

Maintaining and keeping track of a user's session is an integral part of web applications. It is also a part that needs extensive testing in order to be both robust and secure. This module covers the most common attacks against web application sessions, such as Cross-site Request Forgery and Session Hijacking.

 Web Service Implementations & Attacks

Medium 1 Sections +20 COMING SOON

Web services are frequently exposed in order to provide certain functionalities through a programmatic way, between heterogeneous devices and software components. They either facilitate the integration between applications or the separation within a given application. This module covers how to identify the functionality a web service offers and also how to exploit any security-related inefficiencies.

 Hacking WordPress

Easy 16 Sections +20

WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.

 Bug Bounty Hunting Methodology

Easy 1 Sections +10 COMING SOON

Bug Bounty programs encourage security researchers to identify bugs and submit vulnerability reports. Getting into the world of Bug Bounty Hunting without any prior experience can be a daunting task though. This module covers a proven methodology that will help you start Bug Bounty Hunting in a methodical and well-structured way. It's all about effectiveness and professionally communicating your findings.

Card image
Basic Toolset

Medium 91 Sections +110

Cubes Required: 470

In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive listing of all tools (both open source and commercial) available to us as security practitioners but covers tried and true tools that we find ourselves using on every technical assessment that we perform. Learning how to use the basic toolset is essential, as many different tools are used in penetration testing. We need to understand which of them to use for the various situations we will come across.

 Network Enumeration with Nmap

Easy 12 Sections +10

Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security practitioners. This module covers fundamentals that will be needed to use the Nmap tool for performing effective network enumeration.

 Login Brute Forcing

Easy 11 Sections +20

Learn how to brute force logins for various types of services and create custom wordlists based on your target.

 Attacking Web Applications with Ffuf

Easy 13 Sections +10

This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.

 Cracking Passwords with Hashcat

Medium 14 Sections +20

This module covers the fundamentals of password cracking using the Hashcat tool.

 SQLMap Essentials

Easy 11 Sections +20

The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.

 Intro to Network Traffic Analysis

Medium 15 Sections +10

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.

 Using Web Proxies

Easy 15 Sections +20

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.

Card image
Cracking into Hack the Box

Easy 43 Sections +30

Cubes Required: 30

To be successful in any technical information security role, we must have a broad understanding of specialized tools, tactics, and terminology. This path introduces core concepts necessary for anyone interested in a hands-on technical infosec role. The modules also provide the essential prerequisite knowledge for joining the main Hack The Box platform, progressing through Starting Point through easy-rated retired machines, and solving "live" machines with no walkthrough. It also includes helpful information about staying organized, navigating the HTB platforms, common pitfalls, and selecting a penetration testing distribution. Students will complete their first box during this path with a guided walkthrough and be challenged to complete a box on their own by applying the knowledge learned in the Getting Started module.

 Web Requests

Fundamental 9 Sections +10

Web applications provide a large potential attack surface and need to be secured properly. A firm grasp of the basics of how applications communicate is critical for anyone interested in learning how to assess and attack web applications.

 JavaScript Deobfuscation

Easy 11 Sections +10

This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and understand its purpose.

 Getting Started

Fundamental 23 Sections +10

This module covers the fundamentals of penetration testing and an introduction to Hack The Box.

Card image
Local Privilege Escalation

Medium 45 Sections +200

Cubes Required: 1000

Privilege escalation is a vital phase of the penetration testing process, one we may revisit multiple times during an engagement. During our assessments, we will encounter a large variety of operating systems and applications. Most often, if we can exploit a vulnerability and gain a foothold on a host, it will be running some version of Windows or Linux. Both present a large attack surface with many tactics and techniques available to us for escalating privileges. This path teaches the core concepts of local privilege escalation necessary for being successful against Windows and Linux systems. The path covers manual enumeration and exploitation and the use of tools to aid in the process.

 Linux Privilege Escalation

Easy 15 Sections +100

Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resources to move closer to the assessment's overall goal. There are many ways to escalate privileges. This module aims to cover the most common methods emphasizing real-world misconfigurations and flaws that we may encounter in a client environment. The techniques covered in this module are not an exhaustive list of all possibilities and aim to avoid extreme "edge-case" tactics that may be seen in a Capture the Flag (CTF) exercise.

 Windows Privilege Escalation

Medium 30 Sections +100

After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can further our access in the environment. Enumeration is the key to privilege escalation. When you gain initial shell access to the host, it is important to gain situational awareness and uncover details relating to the OS version, patch level, any installed software, our current privileges, group memberships, and more. Windows presents an enormous attack surface and, being that most companies run Windows hosts in some way, we will more often than not find ourselves gaining access to Windows machines during our assessments. This covers common methods while emphasizing real-world misconfigurations and flaws that we may encounter during an assessment. There are many additional "edge-case" possibilities not covered in this module. We will cover both modern and legacy Windows Server and Desktop versions that may be present in a client environment.

Card image
Junior Penetration Tester

Medium 261 Sections +640

Cubes Required: 3000

The Junior Penetration Tester Job Role Path is for newcomers to information security who aspire to become professional penetration testers. This path covers core security assessment concepts and provides a deep understanding of the specialized tools, attack tactics, and methodology used during penetration testing. Armed with the necessary theoretical background and multiple practical exercises, students will go through all penetration testing stages, from reconnaissance and enumeration to documentation and reporting. Upon completing our first job role path, you will have obtained the practical skills and mindset necessary to perform professional security assessments against enterprise-level infrastructure at a basic to intermediate level.

 The Penetration Testing Process

Easy 1 Sections +10 COMING SOON

This module teaches the entire penetration testing process and its stages, which will be discussed in detail as this will be an essential part of our work. We cover many aspects of the role of a penetration tester in a penetration test, explained and illustrated with detailed examples. The module also covers pre-engagement steps like the criteria for establishing a contract with a client for a penetration testing engagement.

 Getting Started

Fundamental 23 Sections +10

This module covers the fundamentals of penetration testing and an introduction to Hack The Box.

 Introduction to Metasploit Framework

Easy 1 Sections +20 COMING SOON

The Metasploit Framework is an open-source set of tools used for network enumeration, identifying and testing security vulnerabilities, payload creation, exploitation, and post-exploitation activities. Since Metasploit is open-source, penetration testers and even blue team members can use it to probe networks and applications for flaws and vulnerabilities through ready-made code and custom code.

 Shells & Payloads

Medium 17 Sections +10 NEW

Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilizes a fictitious scenario where the learner will place themselves in the perspective of a sysadmin trying out for a position on CAT5 Security's network penetration testing team.

 Reconnaissance

Easy 1 Sections +20 COMING SOON

This module covers techniques for footprinting the most commonly used services in enterprise and business IT infrastructures. Footprinting is an essential part of any penetration test or security audit to identify and prevent information disclosure. It examines the individual services and tries to obtain as much information from them as possible.

 Network Enumeration with Nmap

Easy 12 Sections +10

Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security practitioners. This module covers fundamentals that will be needed to use the Nmap tool for performing effective network enumeration.

 Vulnerability Assessment

Easy 1 Sections +20 COMING SOON

This module contains an introduction to Vulnerability Assessment and the related frameworks. Students will review the differences between vulnerability assessments and penetration tests, how to carry out a vulnerability assessment, how to interpret vulnerability assessment results, and how to deliver an effective vulnerability assessment report.

 Attacking Common Services

Medium 9 Sections +20 COMING SOON

Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service internally and externally to ensure that they are not introducing security threats. This module will cover how to enumerate each service and test it against known vulnerabilities and exploits with a standard set of tools.

 AD Enumeration and Attacks

Medium 1 Sections +20 COMING SOON

Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface. To be successful as penetration testers and information security professionals in general, we must have a firm grasp of tactics and techniques for enumerating and attacking common AD flaws and misconfigurations.

 Using Web Proxies

Easy 15 Sections +20

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.

 Login Brute Forcing

Easy 11 Sections +20

Learn how to brute force logins for various types of services and create custom wordlists based on your target.

 Attacking Web Applications with Ffuf

Easy 13 Sections +10

This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.

 Cross-Site Scripting (XSS)

Easy 10 Sections +20

Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute arbitrary JavaScript code within the target's browser and result in complete web application compromise if chained together with other vulnerabilities. This module will teach you how to identify XSS vulnerabilities and exploit them.

 Attacking Common Applications

Medium 22 Sections +20

Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by developers and sysadmins, and more. It's common to find the same applications across many different environments. While an application may not be vulnerable in one environment, it may be misconfigured or unpatched in the next. It is important as an assessor to have a firm grasp of enumerating and attacking the common applications discussed in this module. This knowledge will help when encountering other types of applications during assessments.

 Web Attacks

Medium 18 Sections +20

This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's systems. We will cover how to identify, exploit, and prevent each of them through various methods.

 File Inclusion / Directory Traversal

Medium 7 Sections +10

File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.

 SQL Injection Fundamentals

Medium 17 Sections +10

Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection is a code injection technique used to take advantage of coding vulnerabilities and inject SQL queries via an application to bypass authentication, retrieve data from the back-end database, or achieve code execution on the underlying server.

 SQLMap Essentials

Easy 11 Sections +20

The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.

 Command Injections

Medium 12 Sections +20

Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify and exploit command injection vulnerabilities and how to use various filter bypassing techniques to avoid security mitigations.

 Linux Privilege Escalation

Easy 15 Sections +100

Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resources to move closer to the assessment's overall goal. There are many ways to escalate privileges. This module aims to cover the most common methods emphasizing real-world misconfigurations and flaws that we may encounter in a client environment. The techniques covered in this module are not an exhaustive list of all possibilities and aim to avoid extreme "edge-case" tactics that may be seen in a Capture the Flag (CTF) exercise.

 Windows Privilege Escalation

Medium 30 Sections +100

After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can further our access in the environment. Enumeration is the key to privilege escalation. When you gain initial shell access to the host, it is important to gain situational awareness and uncover details relating to the OS version, patch level, any installed software, our current privileges, group memberships, and more. Windows presents an enormous attack surface and, being that most companies run Windows hosts in some way, we will more often than not find ourselves gaining access to Windows machines during our assessments. This covers common methods while emphasizing real-world misconfigurations and flaws that we may encounter during an assessment. There are many additional "edge-case" possibilities not covered in this module. We will cover both modern and legacy Windows Server and Desktop versions that may be present in a client environment.

 File Transfers

Medium 8 Sections +10

During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging tools commonly available across all versions of Windows and Linux systems.

 Pillaging

Medium 1 Sections +20 COMING SOON

Pillaging is the process of obtaining information from a compromised system. It can be personal information, corporate blueprints, credit card details or passwords, and other credentials. These may help in gaining further access to the network or in completing goals defined in the pre-engagement process of penetration testing. This data may be stored in a wide range of different applications, services, and device types, which may require specific tools to obtain them.

 Password Attacks

Medium 1 Sections +20 COMING SOON

Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for weak, easy-to-remember passwords that can often be cracked offline and used to further our access. We will encounter passwords in many forms during our assessments. We must understand the various ways they are stored, how they can be retrieved, methods to crack weak passwords, ways to "replay" passwords that cannot be cracked, and hunting for weak/default password usage.

 Pivoting, Tunneling & Port Forwarding

Medium 1 Sections +20 COMING SOON

Once a foothold is gained during assessments, it may be in scope to move laterally and vertically within a target network. Using one compromised machine to access another is called pivoting and allows us to access networks and resources that are not directly accessible to us through the compromised host. Port forwarding accepts the traffic on a given IP address and port and redirects it to a different IP address and port combination. Tunneling is a technique that allows us to encapsulate traffic within another protocol so that it looks like a benign traffic stream.

 AD Lateral Movement Fundamentals

Medium 1 Sections +20 COMING SOON

Once an initial foothold is gained during Active Directory penetration testing assessments, we usually look for ways to move laterally within a target network. Many techniques can be used for lateral movement, including credential theft and reuse, using protocols for system management and administration, remote exploits, password guessing attacks, and more. This module showcases various Active Directory lateral movement techniques that can be used depending on the technologies present within the host and network.

 Documentation & Reporting

Easy 1 Sections +20 COMING SOON

Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presented to a broad audience within the target organization. We must take detailed notes and be very organized in our documentation, which will help us in the event of an incident during the assessment. This will help ensure that our reports contain enough detail to illustrate the impact of our findings properly.

 Attacking Enterprise Networks

Medium 1 Sections +20 COMING SOON

We often encounter large and complex networks during our assessments. We must be comfortable approaching an internal or external network, regardless of the size, and be able to work through each phase of the penetration testing process to reach our goal. This module will guide students through a simulated penetration testing engagement, from start to finish, with an emphasis on hands-on testing steps that are directly applicable to real-world engagements.

Card image
Intro to Binary Exploitation

Hard 62 Sections +130

Cubes Required: 570

Binary exploitation is a core tenet of penetration testing, but learning it can be daunting. This is mainly due to the complexity of binary files and their underlying machine code and how binary files interact with computer memory and the processor. To learn the basics of binary exploitation, we must first have a firm grasp of Computer Architecture and the Assembly Language. To move into more advanced binary exploitation, we must have a firm grasp on basic buffer overflow attacks, principles such as CPU architecture, and CPU registers for 32-bit Windows and Linux systems. Furthermore, a strong foundation in Python scripting is essential for writing and understanding exploit scripts.

 Introduction to Python 3

Easy 14 Sections +10

Automating tedious or otherwise impossible tasks is highly valued during both penetration testing engagements and everyday life. Introduction to Python 3 aims to introduce the student to the world of scripting with Python 3 and covers the essential building blocks needed for a beginner to understand programming. Some advanced topics are also covered for the more experienced student. In a guided fashion and starting soft, the final goal of this module is to equip the reader with enough know-how to be able to implement simple yet useful pieces of software.

 Intro to Assembly Language

Medium 24 Sections +100

This module builds the core foundation for Binary Exploitation by teaching Computer Architecture and Assembly language basics.

 Stack-Based Buffer Overflows on Linux x86

Medium 13 Sections +10

Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-of-Service (DoS) attack. These vulnerabilities are caused by insecure coding, resulting in an attacker being able to overrun a program's buffer and overwrite adjacent memory locations, changing the program's execution path and resulting in unintended actions.

 Stack-Based Buffer Overflows on Windows x86

Medium 11 Sections +10

This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities on Windows machines.

Card image
Active Directory Enumeration

Hard 27 Sections +500

Cubes Required: 2500

Active Directory (AD) is widely used by companies across all verticals/sectors, non-profits, government agencies, and educational institutions of all sizes. By its nature, AD is easily misconfigured and has many inherent flaws and widely known vulnerabilities. Due to the sheer number of objects and in AD and complex intertwined relationships that form as an AD network grows, it becomes increasingly difficult to secure and presents a vast attack surface. AD environments can become quite large and often hold many obvious and more difficult to discover flaws. A deep understanding of AD enumeration techniques and tools is essential to becoming a well-rounded information security professional.

 Active Directory LDAP

Medium 12 Sections +200

This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.

 Active Directory PowerView

Medium 9 Sections +200

This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.

 Active Directory BloodHound

Medium 6 Sections +100

This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.