Skip to content

Latest commit

 

History

History
121 lines (68 loc) · 7.22 KB

clj1hy65o000209jq647t8bz8.md

File metadata and controls

121 lines (68 loc) · 7.22 KB
Raw
title seoDescription datePublished cuid slug cover tags
Attacking Authentication Mechanisms with HackTheBox Academy
I've been using HackTheBox Academy since 2021 and here are my thoughts about it. TLDR: you should give it at least a try!
Sun Jun 18 2023 14:02:04 GMT+0000 (Coordinated Universal Time)
clj1hy65o000209jq647t8bz8
hackthebox-academy
hacking, cybersecurity-1, securityawareness

%%[support-cta]

HackTheBox is currently running a 20% discount on Academy Silver Yearly Subscription and I thought I might as well finally publish a review of the Academy portal. Especially, because I've been using it since 2021 and I think everyone should also give it at least a try.

For the test run I have chosen Tier III module "Attacking Authentication Mechanisms" mainly because other challenge gives me really hard time with SAML Response validation.

💡
This article contains affiliate link to the HTB Academy. This doesn't mean it is sponsored by HTB and only bias I have towards of HackTheBox is my own love for their work :). If you are my reader for the last years, you know I mean it. If this is the first time you visit CyberEthical - trust yourself. Create the account, then make your own opinion.

Single Module Cost

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687064480575/b296f604-85b5-43b5-926c-99a3ea54bbf8.png align="center")

Costs when buying "raw" cubes, without any subscription:

  • Tier I modules cost 50 cubes (£4)

  • Tier II modules cost 100 cubes (£8)

  • Tier III modules cost 500 cubes (£40)

  • Tier IV modules cost 1000 cubes (£80)

Visual Design

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687065757977/df4a26d9-92c0-4d1c-88b6-af6e4cb23897.png align="center")

Modules are divided into sections, which are clear and easy to read. Lessons content contains visual helps like images, graphics and well styled text (all personal opinion).

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687082857372/ea9ffd2f-4d37-4065-b964-ecaf43ede435.png align="center")

There is a theoretical and practical part. Most practical lessons rewards you with cubes (that way you can get back 20% of cubes you spent to unlock the module).

Cheatsheet

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687083256465/b2eb25cf-6689-4863-901e-4fbd1e738aa1.png align="center")

Exactly what is says. Collection of useful commands and some key notes from the module.

Parrot Pwnbox

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687081232176/13b29e96-4cea-420e-8475-952c08269f86.png align="center")

Very handly and neat system. You just click "Launch" and literally within few seconds the preconfigured Parrot OS appears.

You can even download the ISO for the same OS from the Parrot Security site.

Responsive and ready to go. See what STÖK and others say about it.

Rewards

%%[join-cta]

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687092136701/9ed7d1d6-be7c-4431-86af-1c59937f9b19.png align="center")

After you complete a module, you get the achievemnt-like popup and possiblity to share that completion details with others.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1687092304695/6b6f7602-f748-4f6e-be80-68537972a17a.png align="center")

Personally, I really love that sense of accomplishment :)

Silver Annular Cost Analysis

💡
Create your HTB Academy account here. You can start without any subscribtion and purchases and upgrade later if needed. I encourage you to feel the platform before making any financial decision!

Notice, that all prices are given without VAT. In my country I have to add 23%.

Let's break it one by one.

  • Tier 0: 21 modules x 10 = 210 cubes

  • Tier I: 10 modulesx x 50 = 500 cubes

  • Tier II: 9 modules x 100 = 900 cubes

Each module completed gives 20% cubes back - with the exception of Tier 0 which gives 10 cubes back (full refund). So overall cost in cubes of all modules up to (including) Tier II is 1120 cubes or circa £88.

Both HTB Certified Penetration Testing Specialist and HTB Certified Bug Bounty Hunter exam voucher cost £150 so "one exam voucher per year" totals to £238.

Access to Bug Bounty Hunter path is covered in the previous calculations (includes modules up to Tier II).

Access to Penetration Tester path is covered in the previous calculations (includes modules up to Tier II).

Unlimited Pwnbox usage is hard to estimate becasue on Free Account you can launch it once a day for 120 minutes - is it enough? It depends - it's either you really focus and do the module on one sitting or do in at maximum 2-3 hours a day. But there is always and option to solve all lab tasks on your own system (like on Kali VM) or use that preconfigured Parrot OS.

Last year I've made a useful script to persist some settings and tools on the HTB Pwnbox. See it here.

CPE Credits should be looked at like necessity - it would be a serious negative if a program that cost that much would not give CPE credits.

As for the Lab Exercise guidance via Discord - I haven't got occasion to test it, but I assume that someone is available to chat and help you with the tasks.

Finally, it's a Silver Subscription so it gives 200 cubes each month, 1200 total (£96)

So finally, if you would like to buy everything separately, one day cubes, another day cubes and then come to conclusion that you want to get the certification - £334. And remember that's just a raw cost of all purchasable resources (cubes+exam voucher) without unlimited Pwnbox, CPE credits and lab guidance.

If you are commited and you think you would need the exam later - no brainer, get the yearly subscription, it will save you both money and a hassle in the future.

💡
Until end of June, HackTheBox is having giving the 20% discount on Silver Yearly Subscription. You still have time to register, see if you like the Academy content and decide on purchasing!

%%[follow-cta]