InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

You Need to Get on Hack the Box Academy

grepStrength
InfoSec Write-ups
Published in
11 min readOct 31, 2024

--

There’s no attempt at a witty opener here. You just have to get on HTB Academy. That’s all. Seriously.

I’m actually floored with how many people don’t know this exists.

When I first started HTB Academy, it was on the heels of signing up for TCM Academy, where Heath Adams was my introduction into studying penetration testing and ethical hacking. It was certainly a good start, but I eventually landed at HTB’s own Academy and it was clear that I was looking at something special.

I touched on it a fair amount in my previous article, which was primarily looking at it from the lens of someone trying to prepare for HTB’s Certified Penetration Testing Specialist exam. However, I feel that this didn’t quite do HTB Academy justice (which I will now be abbreviating as “HTBA” to avoid carpal tunnel). I wanted to give a real breakdown what I consider one of the best learning platforms for cybersecurity students and professionals.

I know many people who are trying to decide where to spend their time and money for upskilling themselves and their teams. I wrote this for post for them.

Let me preface this as a post from the perspective of someone who:

  • is an individual and independent learner
  • has mainly been focusing on learning and practicing offensive security

Here is a breakdown of my progress as of 30th October, 2024:

*shrug* I started in DFIR and wanted to expand my overall skillset.

If you are a team lead and want to upskill your entire team, then you’ll want to consider HTB Enterprise, but I’m unfortunately unable to comment on that particular subscription. Additionally, my focus on the offensive side means I can’t fully comment on any of the deeper blue team topics. I just started the SOC Analyst path for CDSA after completing the Penetration Tester Path and getting CPTS.

Disclaimer

As of this writing, I am in no way affiliated with HTB Academy. I was not paid to write and get this published. I quite literally pay for the service.

(Update Jan 2025: I have since become a content creator for the main Labs platform, but again I was not paid to write this review of HTB Academy. It is not sponsored content.)

Also note that I was given permission by HTB staff to use content screenshots that were taken from Tier 0 modules (specifically from the File Transfers module) in addition to some website structure and billing screenshots.

Pros

Let me start with why I even started writing this in the first place.

#1 Quality

It doesn’t take long to realize that HTBA is money well spent.

It’s organized in discrete chunks they call modules, which are then split into multiple individual pages called sections. Each module is designed to teach a particular skill within the broader subject of cybersecurity. The scope of the modules span basic networking to assembly language, programming, web application attacks, abusing Active Directory, Sliver C2, log analysis, network forensics, SIEM operations, etc.

These modules can be grouped in a couple of ways:

  • Skill Paths
  • Job Role Paths

Each tells you how many modules are involved in the completion of them. For example, if you want to study SOC Analyst Prerequisites, you would go to the path and select enroll:

You can only be enrolled in one path at a time, and when you enroll in a path, it makes that the center of what you can focus on, which is accessible from your Dashboard:

For the content itself, I’ve talked before in my CPTS review about how HTBA goes deep into the what, how, and why.

Let’s take a look at the File Transfers module. It’s a Tier 0 module created to show students how a pentester would transfer files to and from a target system:

I love this stuff.

They go in depth for almost every aspect of a given subject. Keeping within the File Transfers module, take a look at a few snippets of the Windows File Transfers page. They go into methodology pretty heavily:

Additionally, they give each student multiple options to accomplish pretty much any goal, regardless of module or page. They show you the commands you would run in a given scenario and also the potential output. For example, we can use PowerShell to download a file:

Or we can use SMB Server:

Or we could use FTP:

In this stage of my career, I’m moving away from learning that’s entirely centered around just memorizing facts and concepts, questions and answers. Yes, learning theory is important, but theory without the practical hands-on application is just that: theory.

Thankfully, HTBA is not like this. Yes, there are questions. No, they aren’t just reliant on rote memorization. The questions at the end of every module are great learning tools because they force you to actually work on producing the answer. The difference between HTBA and traditional teaching methods is in how they do this.

Some of the Q&A fits the bill as “test your knowledge” questions, however, a significant number of module pages also include rapidly deployable VMs. These are designed to get students to practice what they’ve learned by answering questions to reinforce the methodology and skills HTBA is trying to teach:

I’ll get to those little green cube things later…

You even get multiple options with how to tackle them. You can either connect via VPN from your Kali (or whatever) VM:

Or you can spawn a Pwnbox to work on the module’s concepts. This is a custom HTB-branded Parrot Security Linux distro that is accessed through a VNC connection right from your browser:

This is great, honestly.

Additionally, at the end of the majority of modules, there is a skill assessment which combines lessons from each page within it.

And let me be clear, while I’ve been primarily working on offensive security, I’ve also started going through the SOC Analyst path for CDSA. I’m a whopping 11.52% of the way through, but it’s of the same quality I found when going through the CPTS path. I most recently worked on a module that rapidly deploys an Elastic server to work on SIEM queries.

It later goes into deobfuscation techniques, basic malware analysis, introductory threat hunting, and more.

Another benefit to HTBA is the tie in with the main HTB Labs platform. If you want extra practice on a given subject, you can go to the Academy X HTB Labs page, and get a listing for pretty much anything available within the broader HTB ecosystem:

I personally like to use it to see a map of how a given module relates to HTB machines:

Just bear in mind that to take full advantage of this, you will need to purchase a subscription or two from the main Labs platform.

#2 Cost*

(Note 1: All of this is available to see on their main website or in the Billing section of academy.hackthebox.com. Feel free to skip this entire Cost section if you know where to see this information on your own.)

(Note 2: That asterisk is there for a reason. See the Cons.)

Regardless of what anyone says, one of the biggest determinants of what gets butts in seats is the cost. For HTBA, be rest assured that the overall cost for anything Tier 0-II is very affordable.

There are a few options.

For yearly subs:

  • Silver Annual — $490/yr — Access to all Tier II modules and below. It gives you full access to the Bug Bounty Hunter, Penetration Tester, and SOC Analyst job role paths within HTBA. You also get one exam voucher for CBBH, CPTS, or CDSA.
  • Gold Annual — $1260/yr — Access to all Tier III modules and below. It gives you full access to the Active Directory Penetration Tester and Senior Web Penetration Tester job role paths in addition to those mentioned above in Silver Annual. You also get one voucher for CWEE in addition to the above.

For monthly subs:

  • Student — $8/mo — Access to all Tier II modules and below. It gives you full access to the Bug Bounty Hunter, Penetration Tester, and SOC Analyst job role paths within HTBA. To take advantage of this, you need to be signed up with an active .edu email address.
  • Silver — $18mo — Everything from the Student subscription + 200 cubes per month.
  • Gold — $38/mo — +500 cubes per month
  • Platinum — $68/mo — +1000 cubes per month

“What the hell are cubes?” you might ask… more on that later.

Another thing to note is that their certification vouchers are all very affordable.:

  • $210USD — Certified Penetration Testing Specialist, Certified Bug Bounty Hunter, and Certified Defensive Security Analyst
  • $350USD — Certified Web Exploitation Expert

It’s apparent that they are pricing the vouchers based on the level of the certification. As of this writing, there is also another unreleased Active Directory-focused advanced/expert certification on the way which the HTB community has been calling “CHAD.” But keep in mind that this has no official name publicly released yet.

#3 CPEs

While this isn’t applicable to me, and I can’t give a firsthand account of the success of it, HTBA offers automatic CPE credit submission for the CISSP by completing any Tier I-IIII modules.

To be honest, I feel that CPE credits shouldn’t be limited to just CISSP, but as of this writing I only have two certifications that require renewal (GCTI and GICSP) and both have long met their CPE requirements for renewal. I’ll be glad to test my ability to use HTB modules to renew my GIAC certs sometime in 2026+.

(Note: Unfortunately, Tier 0 modules do not provide CPE credits.)

#4 Transcripts

“Medium”!? The hardest certification exam I’ve ever done is considered “Medium” level???

I quite literally discovered this while poking around today. This is a full academic transcript listing each certification, skill/job role path, and module completed.

I am not entirely sure how valuable this is from an academic perspective, because I got my degree before starting in HTBA, but it’s nice to have the option. Some potential uses:

  • Add it as part of the application process for a college or university.
  • Share it with your existing college or university to potentially count your HTBA coursework towards credits in your degree plan.

#5 Community

Like pretty much any cybersecurity training vendor nowadays, they have their own Discord server where students can get their questions answered. I’ve personally seen this server be nothing but a very friendly and collaborative environment.

Cons

Unfortunately, nothing is perfect so there is, of course, some area for improvement.

#1 Cubes

There is no question that this is the biggest complaint about HTBA. The cost of HTBA is certainly affordable, but there is one thing that has had a poor reception, cubes.

So what are cubes? It’s the the very convoluted and confusing secondary payment system for HTBA. To unlock modules that you don’t currently have access to, you can either purchase a subscription that includes that module (like Silver or Gold Annual), or you can buy the modules outright with cubes if a particular module isn’t covered in your subscription:

You also earn cubes through “playing” HTBA and completing modules. The problem is that almost anything you want, outside of modules covered by the Silver/Gold subscription, will exceed the number of cubes you have. I guarantee it.

This will of course require you to buy cubes outright.

For example, I completed approximately 88% of the CPTS path this year and a few modules from the CDSA and CBBH paths, and I earned a total of 470 cubes. I recently wanted to get the Sliver C2 module… 500 cubes.

Here is the payment breakdown in USD:

This looks strangely familiar…

Honestly, cubes feel like the in-game currency for a live service designed to drain kids’ parents’ wallets.

#2 No Videos

I’m personally accustomed to learning through videos. It’s my preferred way to learn if I’m studying something for which I’m completely unfamiliar. There is a certain flow from watching someone go from start to finish in a video that is missing in even the most detailed step-by-step walkthroughs comprised entirely of text and screenshots. I myself initially struggled with getting started with HTBA because of the lack of videos.

Thankfully, learners have options. As I’ve talked about before, to supplement the lack of videos, go to Ippsec’s site to enter a keyword from a module and it will take you a listing of different HTBA modules and Ippsec’s own YouTube videos.

Go here:

Enter your term:

Then you can go to a YouTube video with Ippsec walking you through how to solve a retired machine.

So what’s the problem?

The problem is that it requires you to also have a subscription for HTB’s main Labs platform at app.hackthebox.com. Those are two entirely different subscription plans.

If it weren’t for the existence of the cubes, this would be my biggest issue with the platform.

#3 Forced Paths*

This is a big complaint among those who want to sit for one of their certification exams. HTBA does not allow you to take their exams until you 100% complete that exam’s specific job role path. This was a huge stressor and time sink when I was going through the CPTS path this year. I was forced to do multiple modules that I already extensively studied or knew from my previous work.

I understand the reasoning, because their exams require you to know everything in a given job role path, but I still ultimately disagree with it. If you want to wing one of their extremely difficult exams, then that’s on you!

The asterisk is because this can be bypassed somewhat if you get one of their annual subscriptions, Silver or Gold Annual. With them, you get the option to reveal answers as part of those subscriptions. I’d honestly still be doing the CPTS path otherwise. That Password Attacks module…

Conclusion

While not perfect, HTB Academy is the best and most complete training platform for technical cybersecurity teams, in my opinion.

They also keep releasing new modules, updating existing ones, and offering new ways to certify skills acquired, so even today’s HTB Academy is not at its full potential.

If they added videos, stopped with the cubes, and gave the option to just take a certification exam without completing a job role path first, it would actually be perfect, in my eyes.

With that being said, it’s money and time well spent.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by grepStrength

Security Researcher | Cyber Risk Analyst | CPTS | GCTI | GICSP | CCSK | CCZT

Responses (3)

Write a response