Getting Started With HTB Academy
Last updated
Last updated
is a cybersecurity training platform created by . It aims to provide a "University for Hackers," where users can learn cybersecurity theory and get ready for hands-on training in the HTB labs. The platform offers hands-on certifications to enhance job proficiency in various cybersecurity roles.
To Create an account on HTB Academy, go to this page and follow the steps I will show you
Sign-up in this page with your email (Google, Outlook, LinkedIn or any other provider).
If you have an academic account, I highly recommend using it to sign up for the student subscription and unlock its benefits.
Fill in the required field as follows
You will be redirected to the academy login page, then click Continue with HTB Account.
If you get this page that means you created an account successfully and they only ask you a few questions.
After answering a few questions, you will get into your academy account dashboard
Now, you can start learning :)
The Academy offers a huge library of modules in different aspects in cybersecurity. Almost every module in the academy has labs and exercises so they're hands-on training courses. you can get the full list by clicking this button
The modules are categorized as (Tier0, Tier I, Tier II, Tier III, and Tier IV) which we will talk about later in this post, and vary in difficulty (Fundamental, Easy, Medium, Hard, Insane)
Tier 0 modules aim to be foundation modules for later specialization and each one costs 10 cubes. If you complete the module, you will be awarded another 10 cubes, so it can be considered a free course.
Note: you don't need to pay any money because the academy gives you 60 cubes in your account to unlock what every you want from them
The number of modules (from the moment creating this post) is 23 Tier 0 modules:
Intro to Academy
Learning Process
Linux Fundamentals
Windows Fundamentals
MacOS Fundamentals
Web Fuzzing
Attacking Web Application with Ffuf
Web Requests
Introduction to Networking
Introduction to Active Directory
Introduction to Web Applications
Introduction to Network Traffic Analysis
Using Metasploit Framework
JavaScript DE obfuscation
Getting Started
Setting Up
File Inclusion
File Transfers
SQL Injection Fundamentals
Vulnerability Assessment
Brief Intro to Hardware Attacks
Stack-based buffer overflow for Windows
Stack-based buffer overflow for Linux
Again, you can consider them free as you will get your 10 cubes back if you complete the module exercises.
The number of modules (from the moment creating this post) is 12 Tier I modules:
Network Enumeration with Nmap
Introduction to Bash Scripting
Introduction to Windows command Line
Introduction to Python3
Introduction to C#
DNS Enumeration Using Python
Penetration testing Process
Shells & Payloads
Password Attacks
Incident Handling Process
Bug Bounty Hunting Process
Security Incident Reporting
The number of modules (from the moment creating this post) is 37 Tier II modules which are a big number of courses but they're worth the time and money:
Login Brute Forcing
Server-side Attacks
Attacking GraphQL
Hacking WordPress
Cracking Passwords with Hashcat
Linux Privilege Escalation
Windows Privilege Escalation
SQLMap Essentials
Broken Authentication
Cross-Site Scripting (XSS)
Command Injections
Using Web Proxies
Footprinting
Attacking Common Services
Attacking Common Applications
Web Attacks
File Upload Attacks
Active Directory Enumeration & Attacks (Best one)
Information Gathering - Web Edition
Session Security
Pivoting, Tunnelling, and Port Forwarding
Web Services & API Attacks
Documentation and Reporting
Attacking Enterprise Networks
Windows Attacks & Defence
Security Monitoring & SIEM Fundamentals
Introduction to Threat Hunting & Hunting with Elastic
Windows Event Logs & Finding Evil
Understanding Log Sources & Investigating with Splunk
Working with IDS/IPS
Introduction to Assembly Language
Introduction to Malware Analysis
Intermediate Network Traffic Analysis
Detecting Windows Attacks with Splunk
YARA & Sigma for SOC Analysts
Introduction to Digital Forensics
API Attacks
Tier III modules on the other hand are on another level. They target seniors and cover advanced topics with intense and high-quality content and labs. Each one costs 500 cubes :( which makes it expensive but reasonable as they target senior people with these modules.
There are currently 34 Tier III modules:
Active Directory LDAP
Active Directory PowerView
Active Directory Bloodhound
Kerberos Attacks
NTLM Relay Attacks
ADCS Attacks
DACL I Attacks
DACL II Attacks
Using CrackMapExec
MSSQL, Exchange, and SCCM Attacks
Intro to C2 Operation with Sliver
Introduction to Window Evasion Techniques
Active Directory Trust Attacks
Windows Lateral Movement
Introduction to Deserialization Attacks
Advanced Deserialization Attacks
Attacking Authentication Mechanisms
Introduction to NoSQL Injection
Blind SQL Injection
Advanced SQL Injection
Game Hacking Fundamentals
Game Reversing & Modding
Introduction to Whitebox Pentesting
Whitebox Pentesting 101: Command injection
Whitebox Attacks
Modern Web Exploitation Techniques
Advanced XSS and CSRF Exploitation
HTTPs/TLS Attacks
Abuse HTTP Misconfiguration
HTTP Attacks
Injection Attacks
Introduction to Binary Fuzzing
Supply Chain Attacks
Parameter Logic Bugs
For this tier, I don't know why HTB put it but it's very expensive and each module costs 1000 cubes which means 68$. There are only two modules in this Tier:
OSINT: Corporate Recon
Secure Coding 101: JavaScript
Job Role paths are different from the skill paths because they acquire you for the job market and are related to the certification exam that we will talk about later in this post.
Currently, there are five paths:
Bug Bounty Hunter
Penetration Tester
SOC Analyst
Senior Web Penetration Tester
Active Directory Penetration Tester
Suppose you beginner and want to learn web security, so go for Bug bounty Hunter path. If you're senior or looking for senior position, then go for Senior Web Peneration tester path.
There are four certifications introduced by HTB Academy (CBBH, CPTS, CDSA, CWEE).
For each certification, you need to complete 100% of the job role path related to the cert to enter the exam.
HTB Certified Bug Bounty Hunter (HTB CBBH) evaluates the candidates’ knowledge of the following:
Bug Bounty Hunting processes and methodologies
Web application/web service static and dynamic analysis
Information gathering techniques
Web application, web service, and API vulnerability identification and analysis
Manual and automated exploitation of various vulnerability classes
Vulnerability communication and reporting
The path itself consists of 20 modules covering different topics and aspects of web security. For more details about the cert, the page above contains all the information you need to know about the certification and the exam.
HTB Certified Penetration Testing Specialist (HTB CPTS) evaluates the candidates’ knowledge of the following:
Penetration testing processes and methodologies
Information gathering & reconnaissance techniques
Attacking Windows & Linux targets
Active Directory penetration testing
Web application penetration testing
Manual & automated exploitation
Vulnerability assessment
Pivoting & Lateral Movement
Post-exploitation enumeration
Windows & Linux Privilege escalation
Vulnerability/Risk communication and reporting
HTB Certified Defensive Security Analyst (HTB CDSA) certification evaluates the candidates’ knowledge of the following:
SOC Processes & Methodologies
SIEM Operations (ELK/Splunk)
Tactical Analytics
Log Analysis
Threat Hunting
Active Directory Attack Analysis
Network Traffic Analysis (Incl. IDS/IPS)
Malware Analysis
DFIR Operations
The HTB Certified Web Exploitation Expert (HTB CWEE) certification evaluates the candidates’ knowledge of the following:
Advanced black box web penetration testing
White box penetration testing
Large code base security reviews
Web exploit development
Advanced injections in web applications
Attacking advanced authentication mechanisms
Attacking HTTP/s requests
Performing blind web attacks
Bypassing advanced security filters
Performing deserialization Attacks
Using modern web exploitation techniques
The HTB Certified Active Directory Pentesting Expert (HTB CAPE) certification evaluates the candidates’ knowledge of the following:
Advanced Active Directory Enumeration
Advanced Active Directory Attacks
Abusing AD Protocols
Abusing AD Trusts
Abusing AD Misconfigurations
Abusing Common Active Directory Components
Command and Control (C2) Operations
Windows Evasion
Pivoting & Lateral Movement
Advanced Post-exploitation Tactics
The academy has several subscription plans (Silver, Gold, Platinum, and Student).
There are two plans also for annual subscription. Both of them give you an exam voucher of your choice and a step-by-step walkthrough for exercises and labs in each module.
The most interesting one is the student subscription. When you register with your university email, the student subscription will be activated for you.
If it's not activated after registering with university email, Contact the support and they will activate it for you.
When you purchase the student sub for 8$ a month, you will have access to Tier 0,1,2 modules and CBBH, CPTS, and CDSA paths which is awesome and a big deal to have such high-quality content with this low price compared to other vendors.
Very Important:When canceling your student subscription, it's recommended not to use the direct "Cancel" button. Instead, update your billing information with an empty Visa card. This will automatically cancel the subscription three days after the renewal date.
Click Subscribe in the subscription you want and then click proceed. The billing Information page will look like this:
you can pay with a Visa card or PayPal.
Fill your card info and enjoy learning :)
There is a fantastic server on Discord to find study mates and find solutions to any issue you may face. Click on the button below to be redirected to the HTB discord server.
There are a lot of chats on different topics you can join and learn from great people
Chats for certifications paths and HTB platform stuff.
If you're a complete beginner and you want to start learning cybersecurity from the academy, I will list my recommended modules to start with.
Introduction to Networking
Windows Fundamentals
Linux Fundamentals
Introduction to Active Directory
Introduction to Web Application
Web Requests
Introduction to python3 (Optional)
Introduction to Bach Scripting (Optional)
Introduction to Windows Command Line (Optional)
Bug Bounty Hunter path (For Web Security)
Penetration Tester path (For Web, Network, AD Pentesting)
SOC Analyst path (For Defenders)
Web challenges and machines focusing on web attacks (For Web Security)
Machines focusing on network & AD (For Network penetration testing)
Sherlock challenges, DFIR challenges (For SOC and defenders)
I hope this post has provided you with valuable insights into HTB Academy and how it can help you advance your cybersecurity skills. Whether you're a beginner or an experienced professional, there's something here for everyone. I encourage you to explore the modules and certifications, apply the knowledge in labs, and take advantage of the affordable student subscriptions. Thank you for reading, and I hope you find this guide beneficial in your learning journey! 💻🎯
After you sign up using your email, you will be redirected to your account page. Now, Click on the button
Tier I modules go beyond basics and work on developing your skills. Each one costs 50 cubes but we will unlock from tier 0 to tier II with a
Tier II modules go deep in specialization in both offense and defense sides. Each one cost 100 cubes. Again, don't worry about the cubes. we will unlock from tier 0 to tier II with a
Skill paths aim to teach the student a specific topic or skill, for example path teaches you the required and essential tools for any penetration tester or cybersecurity specialist
There are several paths such as (Local Privilege Escalation, Intro to Binary Exploitation, and others). Each path consists of several modules. For example, the path consists of three modules (Linux, Windows, MacOS fundamentals), and so on for other paths.
CBBH stands for Certified Bug Bounty Hunter, and the job role path related to the certification is the path.
CPTS is for Certified Penetration testing specialists and the job role path related to the cert is path. The path itself consists of 28 modules.
CDSA is for Certified Defensive Security Analyst and the related job role path is path. The SOC Analyst path consists of 15 modules.
CWEE is for Certified Web Exploitation expert and the related job role path is . The path consists of 15 intense and hard modules targeting senior-level and web security experts.
CAPE is for Certified Web Active Directory pantsing expert and the related job role path is . The path comprises 15 intense and hard modules targeting senior-level and Windows security experts.
Follow this to know more about HTB Labs.
