#labs-announcements

Channel for updates related to HTB Labs 🙂

Just over 1 hour til the Sherlock "Ultimatum" is released! Forela are getting pretty clumsy and need your help again... Fancy yourself as a blue teamer? Make sure you play at 1900 UTC (or a little later if like me, thats dinner time...).

Hi folks! Confused at the release scheduled of Lockpick3.0? - Fear not! This is being released due to a presentation and workshop we are completing at InfoSec. You will be able to play this as retired & free 🙂

T-50 minutes! Campfire-1 is out! Please perform better than England Vs Denmark.💁

Heads up!

We have made updates to the HTB Job Board. Everyone deserves a chance to shoot their shot, so you will no longer need to be a specific HTB rank to apply for a position.

You'll now see job postings that display a preferred rank to clarify what the job poster is looking for. It eliminates a barrier to applying yourself even if your rank doesn't match.

Your HTB rank might not represent everything "You" are, so we wanted to open this up for those looking for new opportunities.

Additionally, you will see the countries with new job postings!

Hey hey! Here is another shout-out to the Sherlock Campfire Series!

Camp Fire 2 is a very easy Sherlock in a series dedicated to bad Active Directory configs.

Learn to understand AS-REP roasting attacks and become familiar with endpoint artifacts left by host authentication requests.

And hey, for those interested in evasion, it is useful to see what noise you're making on the other end.

Check out the blog for a walkthrough:

https://www.hackthebox.com/blog/as-rep-roasting-detection

Hey hey!

The third Heartbreaker Sherlock is now available on HTB Labs! 💔

Investigate a compromised AWS infrastructure and determine if the attacker exfiltrated any data. Start now:

https://app.hackthebox.com/sherlocks/Heartbreaker-Denouement

Hey-hey hackers,

Wanted to let you know our AI/ML Challenge category is now up! Be sure to keep your eyes on it.

We are looking to develop more Challenges to help you get started in AI/ML hacking.

This includes understanding how to manipulate popular frameworks like PyTorch and TensorFlow. Or, utilizing attacks like model inversion and poisoning techniques to manipulate data.

There’s still a lot of room for this field to grow and opportunities to find your place in it.

Try one out for yourself: https://app.hackthebox.com/challenges
Learn more first: https://www.hackthebox.com/blog/new-AI-challenge-category

Hey hey!

If you haven’t already, head over to HTB Labs and checkout the third Sherlock in the AD Series, Noxious.

This Sherlock focuses on sifting through network traffic and uncovering credential stealing that stems from the LLMNR protocol feature in Windows.

There’s more on the specific here on that attack here: https://www.hackthebox.com/blog/llmnr-poisoning-attack-detection

Play it and get a perspective on another way AD gets hit: https://app.hackthebox.com/sherlocks/Noxious

Hey hackers, a new AI/ML themed Challenge has made its way over to HTB Labs!

In this challenge the players are interacting with an AI assistant with the goal of fooling the assistant in order to reveal to them the secret for each level. In each level, the assistant gets more protective of the secret and the players need to adjust their prompts accordingly.

Next up hackers!

The latest Sherlock of the Active Directory Series is now available on HTB Labs!

You'll get to test your skills in MITM attack detection, AD forensics, and network forensics through NTLM relay attacks.

If you want some quick insights, check out the blog as a companion guide.

https://www.hackthebox.com/blog/ntlm-relay-attack-detection

Hey hey! Got something for users who are new to our CTFs!

CTF Try Out is a free, open and on-going CTF event where users can create teams and play challenges in a HTB CTF platform.

This can help users who are new or looking to get some practice in before any upcoming CTF.

Yo! Hope ya'll are having a wonderful week so far-- I've been cooking up the theme for the next Season! But before that arrives, I wanted to share the new perks we are adding for people who have VIP/VIP+ subs.

If you aren't aware of what they even are, I also go over it. But, most of you here are veterans, so there's some stuff I am absolutely hyped about. My personal favorite is writeups for Challenges

Check it out!

https://www.hackthebox.com/blog/new-additions-for-vip-users

Hope y'all are getting ready for a nice relaxing weekend.

We are back with a couple of Active Directory themed Sherlocks!

2 very easy Sherlocks are now available on HTB Labs and Enterprise Platform! Learn how to detect NTDS.dit dumping, one of the most critical Active Directory attacks.

Hey hey!

A new Sherlock is now available for free on both HTB Labs! Pikaptcha is now live!

Investigate an attack triggered by a suspicious CAPTCHA page, using network traffic and endpoint artifacts to crack the case. Start now! Gotta CAPTCHAm'all!

Hey hey, just wanted to drop by an deliver a little news. If you haven't noticed already, you're now able to share badges from Labs the same way you can in Academy!

I mean, this one in particular is probably the toughest to grab (even for me, and I work here- the man is illusive)

Here are the Badges available:

• Leaderboard Badges
• Rank Badges
• Social Badges
• Machine Badges
• Challenge Badges
• Fortress Badges
• Pro Labs Badges
• Battleground Badges
• Starting Point Badges
• Seasonal Badges

That's all- have fun burning the midnight oil !

Hello HTB Community,

We’re thrilled to announce a special Sherlock series for Diwali that’s sure to light up the Hack The Box community—Operation Salwaar Kameez!

Join us as we follow a storyline centered around uncovering the secrets behind a compromised employee at StoreD Technologies Pvt. Ltd., a major data center in the heart of Mumbai.
From October 31st to November 4th, a new Sherlock challenge from this five-part series will be released each day, putting your investigative skills to the test.
We’re counting on you to rally your local community and dive into this investigation together!

Why join?
Experience a story-driven, real-life investigative scenario where participants will learn to investigate database anomalies, firmware forensics, Windows downgrade attacks, and more.
Network with fellow security enthusiasts and celebrate the festival of lights.

Win prizes! We’ll be giving away five VIP+ annual subscriptions to participants who share at least one solved Sherlock case from the operation on X (formerly Twitter) and tag @hackthebox until 10th of November!

Thank you for your support!

For our two releases between seasons this week and next, we're trying something new. Much like many real world pentests, the players these weeks will start the box with low privilege credentials. Please check the seasonal page at release for these credentials.

Got thoughts about this? let us known with /feedback

"Blazorized" and "Resource" have been updated to Hard, This doesnt impact seasonal, but will impact HoF ranks

Hey hey, calling anyone who has been digging Sherlocks on HTB Labs—we have some updates for you! There’s three things we’d like to get you caught up on:

Favorites Feature ❤️

You can now flag content as a favorite in Sherlocks!

Easily mark your top resources and keep a handy list in one place. Whether it’s a case you have already solved or want a nifty way to keep track of on-going investigations, hit the heart button at the top to add it to your list.

HTB Academy Recommendations 👉

What if you want to find the best information to break down a Sherlock?

You’ll now see recommended HTB Academy Modules directly within Sherlocks in HTB Labs, helping you expand your skills alongside your investigations.

CPE Credits for Sherlocks 📚

You deserve some extra credit.

All VIP users holding ISC2 certifications or looking for proof of education can now get CPE credits by completing Sherlocks on HTB Labs.

We all know CVEs are known to cause massive upheaval in any industry whenever they drop.

But have you ever tried to exploit one yourself?

We set up a hottest CVEs Track for anyone curious about learning critical security flaws that are still out there today! 😬

Checkout the list below!

Update! New Sherlock dropped for people looking to get into SOC! This should be a great one for those looking to dip into network analysis.

Description: We've identified an unusual pattern in our network activity, indicating a possible security breach. Our team suspects an unauthorized intrusion into our systems, potentially compromising sensitive data. Your task is to investigate this incident.

We have another Easy Sherlock for ya'!

For those looking to dredge up network traffic and figure out what information has been exfiltrated, this should be a fun one.

Not to mention, love seeing a SOC x C2 investigation.

Come get warmed up with this one before the holidays—might want to practice.

We have released some of our Retired Challenges with write-ups for anyone curious about expanding their skillset!

We focused on releasing Challenges that act as introductions, so give it your best shot. 🫡

We have a new medium free-retired machine called Unrested for you to checkout!

Play it @ https://app.hackthebox.com/machines/Unrested

Hey hey, hackers—

We have a quick heads-up for newcomers or those mentoring any beginners.

Tracks have been recently updated! We now have a new Intro to Red Team and Intro to Blue Team Track!

If you’re looking for a good place to bring a friend you’ve been teaching, a security group you are looking to put together, or even just starting out yourself—this is where we think you should start.

They are broken up into Machines (Red) and Sherlocks (Blue), with core concepts you will want to know on the path forward.

Finding a place to start in all our content can be overwhelming. We aim to clear a path for your progress to security wizardry. We all gotta start somewhere ✌️

Hey, going around spreading the word

I'm booting up our Twitch Streams again! The ITaV (It Takes a Village) stream will include one helpless newb (me) and one professional (always selected from hacking streaming community) who will walkthrough content together. We encourage you to boot-up and do the walkthrough with us.

Why would a beginner care? Trust me, I will be asking a ton of the foolish questions for you. I take the hits, you learn the bits--plain and simple.

Why would a pro care? Our guest will cover the high-level concepts at the end, and I make sure to pick the perfect person for each piece of content we tackle.

Win/Win.

This time around we are lucky to have Garr! A pentester for Walmart who will be breaking down the Tinsel Trace Sherlock "Neural Noel." He's been big into AI pentesting lately, so this would be a great one to start on!

This will be an on-going stream that I want to build with y'all. We start tomorrow at 8 PM UTC, we hope to see you there!

Y'all might already know this, but new Sherlock dropped!

ReliableThreat 💣

Level: Medium
Category: DFIR
Technology: Windows & Volatility

Description: In this Sherlock, you must analyze the tools used by a developer and understand how they may have been the victim of a security breach.

Have fun!

YOOOO! I clipped up our last It Takes a Village stream where we went over Neural Noel. ITaV is a stream I am running that has a beginner and expert work through HTB content together.

https://www.youtube.com/watch?v=ETVYhkMkzrc

New Sherlock dropped!

Name of Sherlock: SmartyPants (don't ask me why he's looking at you like that)

Level: Very Easy
Category: DFIR
Technology: Windows

Rundown: Players will use SmartScreen debug logs to understand user activities and corporate sabotage. This free Sherlock is released alongside a HackTheBox blog post (https://hackthebox.com/blog/smartscreen-logs-evidence-execution) to highlight how this log, which was discovered by HackTheBox content engineers during their research, can serve as a crucial artifact in incident investigations.

Hey hey! Just an update:

AI vs Humans: The Ultimate CTF Battle – $7500 Prize Pool!

Get ready for an epic showdown between AI agents and human hackers in this thrilling Capture The Flag event in HTB, hosted by Palisade Research!

Date: 14 Mar-16 Mar

Human participants, register now with code:
{41_3v3ntpa$$w0rd$tr1ng}

Join now and see if you can outsmart the AIs!

Link: https://ctf.hackthebox.com/event/details/ai-vs-human-ctf-challenge-2000

Hey hey! Just wanted everyone to know that we are making a push to update/consolidate/create tracks!

Here are all of the recent Offensive related tracks to get a boost. With a new one coming out later this week!

Check the blog for more context if you're new! 👇

https://www.hackthebox.com/blog/new-and-updated-tracks

Time to hunt some threats, be the thrunter you want to be

Mainly, learn how to use one of MITRE's frameworks.

Level: Very Easy
Category: Threat Intelligence
Technology: Research

Description: In this Sherlock, players will be introduced to the MITRE ATT&CK framework, which is a comprehensive tool used to research and understand advanced persistent threat (APT) groups.

Rolling out another Sherlock that Android forensic lovers may want to jump to 🤳

Anpu

Level: Medium
Category: DFIR
Technology: Android

Description: In this Sherlock, you'll explore the Android file system to locate, extract, and analyze different evidence and artifacts. Following this, a more in-depth analysis is necessary through reverse engineering an APK file. This involves decompiling and examining the source code to uncover sensitive features and information that could be crucial to the investigation.

Another blue content drop, inbound

Sherlock: Origins

Level: Very Easy
Category: DFIR
Technology: Wireshark

Description: You are provided with a minimal packet capture file. Your goal is to find evidence of brute force and data exfiltration.

New Tracks have been update on Labs

The Detecting AD Attacks is beginner jog through various different attack methods used commonly to target Active Directory. 🟦

The AI/ML Track is more advance, but is a great place to practice AI/ML attacks. Definitely would pair it with the AI red teamer job role path that came out! 🟥

Hey hey! We've another Sherlock for ya'

Name of Sherlock: Kuber

Level: Easy
Category: DFIR
Technology: Kubernetes

Description: Kuber is an easy Sherlock designed to help you understand the structure of Kubernetes resources. You will learn to analyze resource dumps from a Kubernetes cluster, enabling you to identify malicious activities and assess potential attack vectors.

Got more Sherlock drops today!

First, is TrainingDay

An Easy Sherlock that is a great step into reverse engineering for beginners.

Technology: Pestudio, IDA & XDBG

&&

Second, is NeuroSync-D

This another easy level Sherlock that's a paired with the NeuroSync Challenge to emulate a red team/blue team perspective of CVE-2025-29927.

Technology: Express.js, Nginx, Redis

Hey hey, y'all

Another Sherlock has been added!

Name of Sherlock: Unsupervised

Level: Medium
Category: DFIR
Technology: Windows, USB, Forensic Toolkit & RegRipper

Description: In this Sherlock, the player will investigate various Windows artifacts to uncover the methods used for data exfiltration via a USB drive. The goal is to enhance the player's skills in digital forensic analysis by delving into the intricacies of how data can be extracted from a system using common devices.

We’re rolling out a brand new security feature that lets you see all the sessions you’re logged into. You can also sign out from any session individually or log out from all sessions at once.

This means more control and peace of mind knowing you can manage your sessions with just a few clicks. You can find it under security settings on HTB Account.

(I removed the IP from this image, but it will show you that, too!)

Hey hey, another Sherlock has been added to the roster.

Level: Easy

Category: Threat Intelligence

Technology: Email & Wayback Machine

Description: Starting with a suspicious email, you need to pivot and find as much information as possible about the potential threat actor targeting Jason, collect indicators, and map their techniques to the MITRE ATT&CK framework.

Enjoy

Another Sherlock released for anyone who missed it!

DroidPhish 🎣

Level: Easy
Category: DFIR
Technology: Android & Forensic Toolkit

Description: In this Sherlock players will analyze a disk image acquired from a compromised Android Device.

Got one for those looking for something advanced to chew on.

Name of Sherlock: Novitas

Level: Insane
Category: Malware Analysis
Technology: Volatility & Debuggers

Creator: bquanman

Description: With MS Office macros being ever more locked down in enterprise environments, attackers are branching out to other techniques to get initial access to a victim’s machine. One of these technique that is gaining popularity is known as ‘GrimResource’ which utilise weaponised Microsoft Management Console files.

In this Sherlock the player is required to extract the malicious file from a memory dump and perform detailed malware analysis to extract IOCs.

Wanna learn about APT tactics? Checkout this next Sherlock!

Name of Sherlock: ElectricBreeze-1

Level: Very Easy
Category: Threat Intelligence
Technology: Research & MITRE ATT&CK

Creator: VivisGhost

Description: In this Sherlock, players will be introduced to the MITRE ATT&CK framework, which is a comprehensive tool used to research and understand advanced persistent threat (APT) groups.

Specifically, players will focus on the APT group known as Volt Typhoon. As they progress, players will get to explore various tactics, techniques, and procedures (TTPs) associated with Volt Typhoon

We have a quick message for any Pwnbox or Parrot OS users out there.

A while back, we got Caido and the Parrot OS team together for a possible collaboration.

We are happy to announce that Caido is now natively integrated into Pwnbox! Caido has a guest mode, so you can head straight into the tool to test it out.

If you’re curious about trying a new lightweight web proxy, be sure to give Caido a shot.

Happy hunting