HTB Academy
Featured Module - Easy/Offensive
Cybersecurity from A to Z
Learn how to hack word by word... Literally.
A technical control used to permit and deny access to a shared resource &/or network.
LEARN MOREThe process of recording events performed on a computer system and associating events with a digital identity. Example: "We were able to attribute the data breach to an internal employee because we were accounting for all actions performed in the file share based on user account & group membership."
LEARN MOREA specialized database of user, group and computer accounts that centralizes authentication, authorization and accounting in Windows-based environments.
LEARN MOREA type of reconnaissance involving direct interaction with a target computer or person. Examples: "Active recon started with us using nmap to scan the public IP of the web server in scope." and "We attempted to get credentials by calling the end-user and pretending to be from the IT department."
LEARN MOREA network protocol used to map IP addresses to MAC addresses.
LEARN MOREA person occupying a job title that focuses on the construction and on-going maintenance of IT systems and hosted applications. Example: "The administrator of the system neglected to run install the latest security update in Windows which left the system vulnerable to attack."
LEARN MORESoftware written to serve a specific need or business function. Example: "We use the OSTicket application to track all our technical issues through to resolution."
LEARN MOREThe continuous process of assessing and ensuring an application is secured against modern attack techniques.
LEARN MOREA low-level programming language designed to act as an interface between higher-level languages and machine code.
LEARN MOREVerifying a user or process. Example: "I was successfully authenticated when I entered the correct username and password."
LEARN MOREBeing given the proper rights or permissions to access a resource. Example: "My user account belongs to the marketing group which grants me the authority to access the Marketing_Projects folder."
LEARN MOREA binary-to-text encoding scheme that represents binary data in an ASCII string. Base64 encoding gained widespread adoption because it enabled devices that could not natively send non-binary data (images, videos, etc..) to be able to do so by encoding the data with Base64.
LEARN MOREA term used to describe a network listener that is started on a target and used by an attacker to remotely connect to the shell of a system.
LEARN MOREA software tool used by attackers and defenders to identify attack paths in an Active Directory and/or Azure AD environment. Creates a graph to visualize potential attack paths.
LEARN MOREAn IT/Cybersecurity professional operating from a defensive perspective focused on protecting IT environments & applications from threats.
LEARN MOREA commonly used command language interpreter present on almost all distributions of GNU/Linux. Named after the computer scientist/author of the original Unix-based Bourne Shell: Steven Bourne.
LEARN MOREA type of attack that uses a computers resources to rapidly guess a password or passphrase. Widely considered to be risky to perform as it is currently easy to detect & prevent and can result in unintentional denial of service on target systems.
LEARN MOREA type of binary exploitation attack that occurs when a program receives data that is longer than expected, such that it overwrites the entire bugger memory space on the stack. Since this type of attack can often cause an application to crash it is also considered Denial of Service.
LEARN MOREAn initiative managed by an organization typically hosted by a third-party that encourages security researches to legally disclose security vulnerabilities for recognition and/or compensation. Example: "I submitted my findings in Dropbox's bug bounty program on hackerone and received a $10,000 payout!"
LEARN MOREA type of network topology where all hosts are connected by a single transmission medium and only one host can send data at a time. Not common in modern network designs however, is still prevelant in the inner workings of a network switch that is operating in a star toplogy.
LEARN MOREA competitive event that offers a series of technical challenges designed to test players abilities in a variety of infosec related subjects. Recently adapted into a type of teaching/learning method where learners must successfully exploit a target, discover a flag.txt file and submit the contents of that file for credit.
LEARN MOREA method of representation that replaces the fixed assignment between IPv4 address and network classes. Often seen in routing tables to identify a network and its accompanying subnet mask.
LEARN MOREA term used to describe software whose source code is not legally accessible or open for alteration & redistribution by anyone other than the publisher and entities in possession of a license. Also known as proprietary software.
LEARN MOREA buzzword used to describe the use of computing resources owned by a cloud service provider. "We decided to host our application on Amazon's AWS cloud infrastructure so we could scale hardware needs easily, plus we don't want to worry about hardware acquisition and maintenance."
LEARN MOREA type of vulnerability present in an application where user-controlled input is misinterpreted as part of a web query or code being executed. This may lead to subverting the intended outcome of the query to a different outcome that is useful to the attacker.
LEARN MOREAn application that enables users to create, manage and publish a website without needing to know how to write code. "I host my personal blogsite on a CMS called WordPress."
LEARN MOREA term used to describe a type of password attack that attempts to recover the original data by performing brute force attacks against various algorithms to divulge the clear text password.
LEARN MOREA term user to describe at type of attack where captured credentials are used to access different systems across an network environment, usually performed through the use of automation. Example: "We were able to capture the IT manager's credentials and through credential stuffing discovered password reuse across countless systems in the environment."
LEARN MOREA users authentication information. Typically the combination of username and password but can also be a combination of biometric information & a physical token in a user's possession.Example: "In order to log in successfully to the server I needed to enter valid credentials."
LEARN MOREA task scheduled to execute on a Linux system using the Cron utility. Example: "The system administrator created a cronjob to backup the MySQL database once a day at 12:00 pm."
LEARN MOREA type of injection attack where an attacker leverages a web application to deliver malicious scripts to a user's browser. Malicious scripts with XSS attacks are normally written in JavaScript.
LEARN MOREThe practice of defending networks, devices, and data from unauthorized access or criminal use.
LEARN MOREConverting encrypted data into it's original form. Example: "I couldn't read the confidential email message until I decrypted it."
LEARN MOREA type of technology typically used with security appliances that inspects the content of a packet in transit to provide admins with more insight into potentially malicious traffic. Example: "Our firewalls use deep packet inspection to block packets containing malicious payloads before they even reach a host."
LEARN MOREThe IP address used to determine what device will handle traffic that is destined for a remote network, typically assigned to a network router. Example: "The destination IP address of the recipient is not on the same network as the source therefore the traffic most be forward to the default gateway."
LEARN MOREA subnetwork located at an organizations perimeter that adds a layer of protection from external attack. Example: "We decided to put our web servers in the DMZ to protect our internal production network from attacks coming from the Internet."
LEARN MOREA file system cataloging structure that contains files. Also, known as a folder.
LEARN MOREA protocol and service designed to resolve hostnames to IP addresses. Listens on UDP port 53.
LEARN MOREA protocol and service designed to resolve hostnames to IP addresses. Listens on UDP port 53.
LEARN MOREA protocol and service designed to resolve hostnames to IP addresses. Listens on UDP port 53.
LEARN MOREEncryption is the process of converting data into a format in which the original content is not accessible. Unlike hashing, encryption is reversible, i.e., it's possible to decrypt the ciphertext (encrypted data) and obtain the original content. Some classic examples of encryption ciphers are the Caesar cipher, Bacon's cipher and Substitution cipher. Encryption algorithms are of two types: Symmetric and Asymmetric.
LEARN MOREA process and phase a hacker goes through to gather as much information as possible about a target machine and/or IT environment. Example: "My enumeration of the target proved to be fruitful. I was able to discover all the services running on the target and even noticed the firewall was already disabled, next Ill see if any of the version numbers associated with the services have known vulnerabilities."
LEARN MOREA program, script or sequence of commands designed to take advantage of a vulnerability in a system or application. Example: "After discovering the application had I known vulnerability, I immediately started looking for a publicly available exploit to run."
LEARN MOREA type of server hosting shared files. Example: "The marketing department keeps all of their design schematics in a file share hosted on the file server."
LEARN MOREA file hosted on a file server that is network-accessible. Typically has permissions applied that limit access based on security group membership. Example: "I am able to access the file share used by my department but am unable to access the file shares associated with other departments."
LEARN MOREA security appliance and/or software feature that filters inbound & outbound traffic based on a pre-defined set of rules. Example: "The firewall is denying any traffic from the guest network to the production network but permitting all traffic to pass out to the Internet."
LEARN MOREA term used to describe an attacker establishing and maintaining persistence access on a compromised system. Example: "After running the exploit and gaining remote control of the system, the attacker installed a remote access tool to establish a foothold in the network environment."
LEARN MOREA pre-configured template image of a virtual machine. Example: "We created a golden image to speed up the process of setting up new user workstations. It also allows our contracted pentesting firm to run their tests in a environment separate from our production network."
LEARN MOREUsing a variety of custom tailored Google search queries to discover publicly available information about a target. Example: "I was able to discover some admin credentials in a publicly accessible Github repo using Google dorks."
LEARN MOREA type of account & security object that contains user accounts. Example: "When the new HR employee started we made sure she had a user account, then we added her user account to the HR group so she could access all the necessary shared network resources used by the HR department."
LEARN MOREA technically skilled and creative person that is capable of making computers, applications & networks behave in ways not originally intended.
LEARN MOREHashcat is a popular open-source password cracking tool use for offline password cracking and analysis. It has support for over 320 hash types and support various attack modes (such as dictionary attacks comparing each password hash to a massive list of previously created passwords or pure brute-forcing where all number, letter, case, and special character combinations can be attempted to crack passwords of varying lengths.
LEARN MOREHashing is the process of converting some text to a string, which is unique to that particular text. Usually, a hash function always returns hashes with the same length irrespective of the type, length, or size of the data. Hashing is a one-way process, meaning there is no way of reconstructing the original plaintext from a hash. Hashing can be used for various purposes; for example, the MD5 and SHA256 algorithms are usually used to verify file integrity
LEARN MOREInvented by Tim Berners Lee at CERN in the 1990s to enable sharing of information accessible via web browsers. It has become the foundational language of the World Wide Web.
LEARN MOREAn application-layer protocol used to facilitate requests between a web client and a web server. HTTP does not encrypt traffic passing from the client to the server. Example: "I typed in the IP address of my router into the browser URL bar and the router delivered a web login page over HTTP." Listens on port TCP 80.
LEARN MOREAn application-layer protocol used to facilitate requests between a web client and a web server. HTTPS encrypts traffic passing from the client to the server. Example: "When accessing the bank's website to check my balance I noticed a lock icon and https in the URL bar. This means the information I enter into the login form will be transmitted from my browser to the bank's site in encrypted form." Listens on TCP port 443.
LEARN MOREA collection of of Python classes for working with protocols developed and maintained by the SecureAuth Corporation. Impacket is widely used by penetration testers during engagements and practice sessions because the project has several useful scripts. Example: "I used the Impacket script called smbserver(.)py to transfers files from a Windows-based target to my Linux-based attack host."
LEARN MOREA logical identifier assigned to a network interface allowing for two or more devices to locate and communicate with one another over a network.
LEARN MOREA network security appliance/feature used to detect threats. Is designed to alert admins and analysts, it will not proactively prevent attacks.
LEARN MOREA network security appliance/feature used to detect & prevent threats.
LEARN MOREA file containing an archived copy of the contents of an optical disk. Commonly used to install an operating system on physical hardware or on a virtual machine. Example: "In order to install ParrotOS as a VM using VMware Workstation I had to first download the ISO file from the parrot project website."
LEARN MOREA programming language invented by Brendan Eich in 1995, commonly used with HTML & CSS to add dynamic & interactive features to a website.
LEARN MOREA network authentication protocol invented at MIT and used by the popular Microsoft directory service called: Active Directory.
LEARN MOREAn exploit written to take advantage of a vulnerability present in the kernel of an operating system.
LEARN MOREThis attack is a sophisticated threat that exploits vulnerabilities in data link protocols to intercept and manipulate network data. These attacks can lead to data breaches, unauthorized access, and significant financial and reputational damage. The network can be safeguarded by implementing MAC address filtering, ARP inspection, VLAN access control, and staying vigilant with regular security audits.
LEARN MORELFI is a severe cybersecurity vulnerability that allows hackers to exploit weak input validation in web applications and access sensitive files on a server. By injecting malicious code into input fields, attackers can execute arbitrary commands, compromising data integrity and security. Protecting against LFI requires diligent validation of user input and adopting secure coding practices to fortify web applications against potential exploits.
LEARN MOREThis vulnerability allows attackers to gain elevated permissions on a compromised system, granting them unauthorized access to sensitive data and control over the entire system.
LEARN MOREA sophisticated cyberattack strategy, enabling hackers to move undetected within a network after an initial breach. By infiltrating multiple systems and escalating privileges, attackers can access valuable data and cause significant damage. Securing networks against lateral movement requires robust segmentation, strong access controls, and continuous monitoring to swiftly detect and respond to any suspicious activities.
LEARN MOREThis attack exploits vulnerabilities in web applications using Lightweight Directory Access Protocol (LDAP), enabling hackers to manipulate queries and gain unauthorized access to sensitive data. Fortify web applications against LDAP injection by implementing input validation and secure coding practices.
LEARN MOREA stealthy threat where attackers intercept and manipulate communication between two parties. MITM attacks can lead to data theft, unauthorized access, and even financial losses. Effective preventive measures are encryption and secure communication protocols.
LEARN MOREA powerful penetration testing tool used by cybersecurity professionals to identify vulnerabilities and assess network security. With its extensive exploit database and modular architecture, Metasploit aids in fortifying systems by uncovering weaknesses before malicious attackers can exploit them, ultimately enhancing overall cybersecurity defenses.
LEARN MOREA versatile post-exploitation tool often used in cybersecurity assessments. As a part of the Metasploit Framework, Meterpreter allows cybersecurity professionals to gain remote access and control over compromised systems, enabling them to perform various security tests, gather valuable information, and strengthen defenses against potential threats.
LEARN MOREA potent cybersecurity tool utilized by both ethical hackers and malicious actors to extract and exploit credentials from compromised systems. With its capability to retrieve sensitive data like passwords and hashes from memory, Mimikatz poses a significant threat to cybersecurity. Defending against this tool requires robust access controls, encryption, and regular security audits.
LEARN MOREA widely-used cryptographic algorithm in cybersecurity to convert data into a fixed-size hash value. While once popular for integrity checks, MD5 is now considered vulnerable to collisions, making it unsuitable for secure applications. Explore more robust hash functions to ensure data integrity and cybersecurity.
LEARN MOREA cyber attack technique where attackers manipulate their device's Media Access Control (MAC) address to impersonate other devices on a network. By disguising their identity, hackers can bypass security measures and gain unauthorized access. Protect the network against MAC Spoofing by implementing strong access controls and monitoring tools to detect and respond to suspicious activities.
LEARN MOREA comprehensive knowledge base used by cybersecurity professionals to understand and counter advanced threat techniques. It categorizes real-world adversary behaviors, providing valuable insights for threat detection and response. Leverage MITRE ATT&CK to bolster cybersecurity defenses and stay one step ahead of evolving cyber threats.
LEARN MOREA collection of two or more computers inter-connected to enable sharing of resources, instant communication, collaboration and remote access.
LEARN MOREA process for finding publicly available information on a target company and/or individuals that allows identification of event , external and internal dependencies, and connections.
LEARN MOREAn identifier assigned to an application used to facilitate connections between clients & servers.
LEARN MOREA critical cybersecurity threat that occurs when attackers exploit vulnerable input fields to manipulate database queries. By injecting malicious code, hackers can gain unauthorized access to sensitive data and compromise web applications. Implement robust input validation and use parameterized queries to protect against query injection.
LEARN MOREA cyber threat that encrypts data, demanding a ransom for decryption. It's a malicious software causing widespread damage to systems and businesses globally, highlighting critical cybersecurity concerns.
LEARN MOREA collection of potential threats their consequences and the perceived result. Often quantified and used by organizations to make data-driven decisions. Consider this small scenario: "The team held a meeting to discuss the risk of implementing remote worker infrastructure."
LEARN MOREA network appliance that makes packet forwarding decisions based on destination IP address.
LEARN MOREA protocol used by admins to remotely access the CLI of an operating system in a secure fashion. All communications are encrypted.
LEARN MOREA protocol used to facilitate connections to a Windows-based file share. Listens on port 445.
LEARN MOREA network appliance that makes frame forwarding decisions based on destination MAC address.
LEARN MOREA protocol used by admins to remotely access the CLI of an operating system. All communications are sent in clear-text so it is not advisable to use in the modern day.
LEARN MOREA crucial cybersecurity concept involves identifying vulnerabilities in web applications that allow attackers to discover valid usernames or user IDs. Understanding User Enumeration helps cybersecurity professionals fortify systems against potential brute force attacks and unauthorized access attempts.
LEARN MOREAn encrypted tunnel of communication connecting two or more private networks over a public network in a secure fashion.
LEARN MOREA family of closed-source desktop and server operating systems developed by Microsoft.
LEARN MOREA common web app vulnerability is that by injecting malicious scripts into web pages, attackers can compromise user data and gain control over users' browsers. Learning about XSS empowers cybersecurity experts to secure web applications and protect users from potential code injection threats.
LEARN MOREA powerful tool used to identify and classify malware based on specific patterns and characteristics. Acquiring expertise in YARA Rules enhances the ability to detect and respond to malicious software, bolstering cybersecurity defenses.
LEARN MOREAre vulnerabilities in software unknown to vendors or the public. Cybersecurity professionals studying Zero-Day Exploits learn how to identify and mitigate these hidden weaknesses to prevent potential attacks, ensuring systems remain secure even against yet-undiscovered threats. defenses.
LEARN MORE