Hack The Box (Platform Review)

Now I have covered Hack The Box walkthroughs and even a certification; however, I have not really given an honest opinion of the platform as a whole. Slightly ironic when you think about the amount of context I have already covered within my blog posts.

The platform as a whole is divided into six focused sub-platforms, each with a directed purpose that we will cover:

Labs
Academy
LetsDefend
CTF
Enterprise

Labs:

The Labs are a collection of ready-to-deploy machines and networks that individuals can interact with to test their skills. At first glance, this may seem fairly simple and straightforward. However, the labs, for lack of a better analogy, will humble you quite swiftly.

How, you may ask? This is largely due to the weekly release cadence, with content that is fairly close to the bleeding edge of real-world vulnerabilities or deliberately engineered to be an absolute mind-bending experience.

The Labs are what most people are referring to when they speak about Hack The Box, and they offer a surplus of activities, including but not limited to:

Competing in the current season, which is a 13-week competition where hackers race to own boxes first and climb the leaderboards and rankings to earn prizes at the end of the season.
Completing individual boxes to master new skills. Certain plans provide access to 514 standalone machines (at the time of writing), with retired boxes offering formal walkthroughs to assist learning.
Completing a Sherlock, which is a focused digital forensics challenge. Certain plans grant access to all 136 available at the time of writing.
Completing standalone hacking mini-challenges, currently totaling 813 at the time of writing.
Completing a Pro Lab, which is a simulated enterprise-like network designed to let you test your skills in a more realistic environment.

Now let us get into the pricing, which is covered here as well:

Free: Access to a limited set of Active Machines, challenges, and Fortresses, with shared machine access.

VIP+ ($25.00/month or $223/year): Full access to all Machines, Challenges, and Fortresses, with private machine access.

Pro Labs Subscription ($49.00/month or $490.00/year): Grants access to all Pro Labs networks and chains.

Overall, the Labs provide a strong experience that I highly recommend, particularly for those looking to move beyond their comfort zone. The environment is generally stable, and I can only recall a single instance where the Labs were broken to the point that the platform was effectively unusable.

Academy:

Where the Labs are focused on challenging yourself, the Academy exists to help you learn and grow from both offensive and defensive perspectives. The Academy is comprised of structured modules that form defined pathways, allowing individuals to develop specific skills or follow role-based career tracks, such as the Pentester pathway.

Learning is not the only focus here. Upon completing job-based pathways, you can sit for an official exam and earn a certification based on the skills acquired within that pathway. As of writing, the current certifications available are:

HTB Certified Junior Cybersecurity Associate
HTB Certified Penetration Testing Specialist
HTB Certified Web Exploitation Specialist
HTB Certified Defensive Security Analyst
HTB Certified Web Exploitation Expert
HTB Certified Active Directory Pentesting Expert
HTB Certified Wi-Fi Pentesting Expert

This is where things become a bit less straightforward. Some modules require cubes, while others are free depending on your current subscription. The model can be slightly confusing. I typically choose to purchase the cubes needed when I want to review a specific module rather than maintain a subscription, but that is simply my personal preference.

Silver Annual:

Price: $490/year (USD)

Direct access to all modules up to (including) Tier II
Direct access to the entire Web Penetration Tester job role path
Direct access to the entire Penetration Tester job role path
Direct access to the entire SOC Analyst job role path
Direct access to the entire Junior Cybersecurity Analyst job role path
Step-by-step Module Solutions
Unlimited Pwnbox usage
CPE credits submission
One exam voucher per year for HTB CWES, HTB CPTS or HTB CDSA (limited-time offer) (expires when the subscription does)
One exam voucher per year for HTB CJCA
No need to wait to unlock modules

Gold Annual:

Price: $1260/year (USD)

Direct access to all modules up to (including) Tier III
Direct access to the entire Active Directory Penetration Tester job role path
Direct access to the entire Senior Web Penetration Tester job role path
Direct access to the entire Web Penetration Tester job role path
Direct access to the entire Penetration Tester job role path
Direct access to the entire SOC Analyst job role path
Direct access to the entire Junior Cybersecurity Analyst job role path
Step-by-step Module Solutions
Unlimited Pwnbox usage
CPE credits submission
One exam voucher per year for HTB CWEE, HTB CWES, HTB CPTS, HTB CAPE, HTB CDSA (limited-time offer)
One exam voucher per year for HTB CJCA
No need to wait to unlock modules
Pay less than buying through cubes
Exam voucher switching (applies to unused exam vouchers)

Monthly Plans:

Silver
Price: $18/month (USD)
Cubes Based

200 cubes each month to unlock modules.
Unlimited Pwnbox usage
CPE credits submission

Gold
Price: $38/month (USD)
Cubes Based

500 each month to unlock modules
Unlimited Pwnbox usage
CPE credits submission

Platinum
Price: $68/month (USD)
Cubes Based

1000 each month to unlock modules
Unlimited Pwnbox usage
CPE credits submission

Overall, the Academy is phenomenal, with some of the strongest core content I have observed on a platform to date. One potential deal breaker for some, however, is the absence of video content. The material is strictly text-based, which I personally prefer, as searching and referencing specific topics is significantly cleaner.

While the Academy is relatively new compared to other platforms, the momentum behind it is substantial. I genuinely believe it has the potential to become a future standard, depending on how competing platforms respond. I cannot recommend the Academy enough.

LetsDefend:

I will be quite honest, defensive content is not my go-to when studying independently, so I have not spent much time on this platform, and it was only recently acquired.

If it closely follows the structure and quality of the Academy, I am confident it will be strong. I will include a link below to allow readers to form their own opinion, as I cannot provide a formal assessment due to my limited exposure.

CTF:

This is another part of the platform that I am not particularly familiar with, aside from a single instance where I accidentally navigated to the site. However, this platform allows anyone to host their own events, which others can sign up for and compete in. From my understanding, many private CTFs are hosted here.

For example, here are a few past events:

This platform is not really my cup of tea, personally, but if you are more interested in hosting private events, this may be the platform for you. That said, I cannot provide a formal opinion at this time due to limited experience.

Enterprise:

I will keep this short. I have no direct experience with this offering, as I am not an enterprise client and do not anticipate becoming one. I will include a link below for anyone who may be interested.

Hack The Box for Business - Enterprise Solution

Are you ready to train your cybersecurity team the HTB way? Sign in to HTB For Business platform or let’s get in touch and see how we can help.

HTB-Logo-RGB_512-1

Closing thoughts:

In short, I strongly recommend Hack The Box. Its Labs and Academy stand out as some of the strongest hands-on and educational content currently available in the security training space.