Skip to main content
Professional Lab Scenarios

Interested in what scenarios we offer? Check this out.

Ryan Gordon avatar
Written by Ryan Gordon
Updated over a week ago

Professional Labs allow customers to practice hacking in enterprise-scale networked environments. These labs go far beyond the standard single-machine style of content. They offer simulated corporate networks that can span multiple subnets, technologies, and dozens of machines.

Hack The Box offers both Business and Individual customers several scenarios. Each provides different technique requirements, learning objectives, and difficulty levels, from beginner-friendly to highly advanced.

If you have any questions or would like to learn more about a given scenario, you can contact the Hack The Box Sales Team.


Ascension

Ascension is designed to test your skills in Enumeration, Exploitation, Pivoting, Forest Traversal and Privilege Escalation inside two small Active Directory networks. The goal is to gain access to the trusted partner, pivot through the network and compromise two Active Directory forests while collecting several flags along the way. Can you Ascend?

Upon completing Ascension, players will gain a strong understanding of advanced Active Directory attacks across multiple domains and become proficient in the following areas:

  • Enumeration

  • Web Application attacks

  • Active Directory Exploitation

  • Credential Harvesting and Abuse

  • Network Pivoting and Lateral Movement

  • Privilege Escalation Strategies

  • Persistence and Post-Exploitation Tactics

  • Situational awareness


Eldritch

Eldritch is a small lab where the focus lies on web applications and kiosk systems. Users will be introduced to common kiosk breakout techniques in the context of a small Active Directory network; while AD is not the main focus of this lab, a good understanding of common attacks and pivoting methods will be required in order to obtain access as the Domain Administrator.

Upon completion of this lab, players will have a good understanding of kiosk breakout attacks and be well-versed in the following areas:

  • Enumeration

  • Kiosk breakout attacks

  • Lateral movement in Active Directory environments

  • Network Pivoting

  • Web Application attacks

Solar

Solar is designed for advanced penetration testers who want to sharpen their skills in a unique environment filled with FreeBSD devices. It is ideal for those who enjoy tackling complex attack vectors, conducting in-depth research and enumeration, and mastering BSD-specific vulnerabilities like jail breakouts and advanced exploitation techniques. With a few Active Directory elements sprinkled in and challenges involving reverse engineering and rediscovering CVEs, this lab also caters to those looking to push the boundaries of their knowledge and experience in niche operating systems and sophisticated security scenarios.

Upon completion of this lab, players will have a good understanding of Active Directory attacks and be well-versed in the following areas:

  • Enumeration

  • Situational Awareness

  • FreeBSD Exploitation

  • Exploit Chaining

  • Out-of-Band Data Exfiltration

  • Web Application Attacks

  • Source Code Review


RPG

RPG challenges your abilities in Active Directory enumeration, exploitation, lateral movement, and privilege escalation within a simulated small enterprise network. Your objective is to infiltrate the internal network, escalate privileges, exploit active users, and ultimately compromise the domain, all while capturing multiple flags along the journey.

Upon completion of this lab, players will have a good understanding of Active Directory attacks and be well-versed in the following areas:

  • Enumeration

  • Web Application attacks

  • Reverse Engineering

  • Active Directory enumeration and attacks

  • Lateral movement

  • Network Pivoting

  • Privilege escalation

  • Phishing techniques

  • Situational awareness

  • Evading endpoint protections


Hades

Hades is designed to put your skills in Active Directory enumeration & exploitation, lateral movement, and privilege escalation to the test within a small enterprise network. The goal is to gain a foothold on the internal network, escalate privileges and ultimately compromise the domain while collecting several flags along the way.

Upon completion of this lab, players will have a good understanding of Active Directory attacks and be well-versed in the following areas:

  • Enumeration

  • Active Directory enumeration and attacks

  • Lateral movement

  • Network Pivoting

  • Privilege escalation

  • Web Application attacks

  • Password Cracking

  • Disk Backup Forensics

  • Network Sniffing


P.O.O

P.O.O, is designed to put your skills in enumeration, lateral movement, and privilege escalation to the test within a small Active Directory environment configured with the latest and greatest operating systems and technologies. The goal is to compromise the perimeter host, escalate privileges and ultimately compromise the domain while collecting several flags along the way.On completion of the lab, players will gain an understanding of:

  • Enumeration

  • Active Directory enumeration and attacks

  • Lateral movement

  • Local privilege escalation

  • Situational awareness

  • Web application enumeration and attacks


XEN

XEN is designed for junior penetration testers who are looking to start practicing their skills and senior penetration testers in search of a lab with legacy systems that showcase a scenario still relevant to the real world. On completion of the lab, players will gain an understanding of:

  • Enumeration

  • Lateral Movement

  • Privilege Escalation

  • Pivoting

  • Phishing techniques

  • Situational awareness

  • Active Directory enumeration and exploitation


Alchemy

Alchemy welcomes beginners and seasoned cybersecurity professionals looking to dive into offensive strategies within a blended IT and OT environment. It`s an ideal platform for those eager to learn, enhance their skills in enumeration, and exploitation, and tackle real-world OT challenges through a safe, fully simulated environment.

This lab will challenge your understanding of enumeration, exploitation, as well as lateral movement, pivoting, and physical process manipulation in a blended IT and OT environment. Progression through the lab requires compromising specific hosts to access the OT network, revealing crucial information, while others are side-quests to reinforce your skills. The retrieved information is key to understanding and gaining insights into the operation of the OT systems, challenging you to apply your knowledge in a practical, real-world context. On completion of the lab, players will gain an understanding of:

  • Enumeration of IT and OT networks

  • Exploiting misconfigurations

  • Lateral movement

  • Privilege escalation

  • Tunneling and pivoting

  • Documentation analysis

  • Modbus network analysis

  • Web application attacks

  • In-depth understanding of Modbus protocol

  • Structured Text PLC code review

  • Dynamic analysis of Ladder Logic


Orion

Orion Ltd is a small enterprise looking to strengthen its security posture and has tasked you with assessing its network perimeter and internal infrastructure by running a full penetration test. The goal of this challenging lab is to gain a foothold, elevate privileges, and move laterally, to finally reach the domain admin.

Upon completing Orion, players will have been exposed to and gained familiarity with tools and techniques employed to attack enterprise networks, and will have gained basic knowledge in the following areas:

  • Enumeration

  • Public Exploit Research

  • Lateral Movement

  • Privilege Escalation

  • Pivoting

  • Active Directory


FullHouse

FullHouse introduces players to the HTB Casino, which is laser-focused on ensuring the privacy and security of its players. Therefore, the casino hired you to find and report potential vulnerabilities in new and legacy components. The player’s goal is to gain a foothold on the internal network, escalate privileges, and ultimately compromise the entire infrastructure while collecting several flags along the way.

This lab tests your skills in Enumeration, Code Review, Pivoting, Web Exploitation, and various other offensive techniques.

This Penetration Tester Level II lab will expose players to:

  • Source Code Review

  • Web Application Attacks

  • Reversing

  • Windows Exploitation

  • Active Directory Exploitation

  • Blockchain Exploitation

  • AI Bypass and Exploitation


Zephyr

Zephyr Pro Lab

Zephyr is an intermediate-level red team simulation environment designed to be attacked to learn and hone your engagement skills and improve your Active Directory enumeration and exploitation skills. Zephyr includes a wide range of essential Active Directory flaws and misconfigurations to allow players to get a foothold in corporate environments.

Zephyr Server Management has been hired by Painters organization to actively maintain their infrastructure as they continue to grow as a business. The organizations are mandated to have quarterly penetration tests and have employed you to actively seek any potential vulnerabilities that could lead to both companies' networks being fully compromised. You are tasked to explore the corporate environment, pivot across trust boundaries, and ultimately attempt to compromise all Painters and Zephyr Server Management entities.

This Red Team Operator Level I lab will expose players to:

  • Enumeration

  • Exploitation of a wide range of real-world Active Directory flaws

  • Relay attacks

  • Lateral movement and crossing trust boundaries

  • Pivoting

  • SQL attacks

  • Password Cracking

  • Privilege escalation

  • Web application attacks


Genesis

Genesis is an ideal first lab that features a wide range of OWASP Top 10 vulnerabilities, common privilege escalation techniques, and real-world security misconfigurations. It covers how to exploit the vulnerabilities and, importantly, how they can be mitigated.

Genesis LLC is a start-up cybersecurity company. Prior to using their services, a potential client has asked for an internal pentest report of the Genesis network as part of their due diligence. Genesis has tasked you with assessing the security of their internal infrastructure and creating the pentest report. They have asked you to assess the 10.10.110.0/24 range first before moving on to any network beyond.

This Penetration Tester Level I lab will expose players to:

  • Enumeration

  • Exploit modification

  • Lateral movement

  • Mitigations and best practices

  • Privilege escalation

  • Situational awareness

  • Web application attacks


Breakpoint

Breakpoint is a red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills. It's made for junior penetration testers who are looking to enhance their skill set and senior penetration testers in search of a challenging lab to hone their engagement skills.

BreakPoint LLC is a software development startup that takes security seriously. They have enlisted your services to perform a red team assessment of their environment. The goal of this challenging lab is to gain a foothold, elevate privileges, establish persistence, and move laterally to reach the goal of domain admin.

This Red Team Operator Level II lab will expose players to:

  • Active Directory enumeration and exploitation

  • Code review

  • Evading endpoint protections

  • Lateral movement

  • Local privilege escalation

  • Phishing techniques

  • Situational awareness

  • VoIP exploitation


Dante

Dante is a beginner-friendly Professional Lab that provides the opportunity to learn common penetration testing methodologies. Dante LLC have enlisted your services to audit their network. The company has not undergone a comprehensive penetration test in the past and wants to reduce its technical debt. They are concerned that any actual breach could lead to a loss of earnings and reputation damage.

Upon breaching the perimeter, you are required to explore the network, moving laterally and vertically, until you gain administrative control over all hosts. You will level up your skills in information gathering and situational awareness, be able to exploit Windows and Linux Buffer Overflows, gain familiarity with the Metasploit Framework, and much more!

There are many flags to be captured along the way, some on the main attack path and others in side-quests that you must go looking for.

This Penetration Tester Level II lab will expose players to:

  • Enumeration

  • Exploit Development

  • Lateral Movement

  • Privilege Escalation

  • Web Application Attacks


Offshore

Offshore is a real-world enterprise environment that features a wide range of modern Active Directory flaws and misconfigurations. Offshore Corp is mandated to have quarterly penetration tests per financial regulatory body compliance requirements, and are focused on patching. The company has completed several acquisitions, with the acquired entities being "plugged in" by means of domain trusts.

If you are able to breach the perimeter and gain a foothold, you are tasked to explore the corporate environment, pivot across trust boundaries, and ultimately attempt to compromise all Offshore Corp entities.

Offshore will test your understanding of Active Directory enumeration, exploitation, and post-exploitation as well as lateral movement, pivoting, and modern web application attacks. Some flags are required to advance through the lab, while others are side-quests that reinforce enumeration and post-exploitation skills.

This Penetration Tester Level III lab will expose players to:

  • Enumeration

  • Evading endpoint protections

  • Exploitation of a wide range of real-world Active Directory flaws

  • Lateral movement and crossing trust boundaries

  • Privilege escalation

  • Web application attacks


RastaLabs

RastaLabs is a red team simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The company provides security and penetration testing services, offering expertise, flexibility, and extensive support before, during, and after each engagement. They have enlisted your services to perform a red team assessment of their secured Active Directory environment.

The goal of this challenging lab is to gain a foothold, elevate privileges, establish persistence, and move laterally, in order to reach the goal of Domain Admin. There are many flags to be captured and badges to be gained along the way.

This Red Team Operator Level I lab will expose players to:

  • Active Directory enumeration and exploitation

  • A variety of lateral movement techniques

  • Evading endpoint protections

  • Exploit development

  • Persistence techniques

  • Phishing

  • Privilege escalation


Cybernetics

Cybernetics is an immersive enterprise Active Directory environment that features advanced infrastructure. Cybernetics LLC has enlisted your services to perform a red team assessment of their environment. Cybernetics has gone through multiple pentest engagements, iteratively hardening their environment each time, and therefore have a more mature security posture. Many protection technologies are present and the modern operating systems are fully updated. The enterprise in this real-world scenario focuses on Microsoft and DevOps/automation technologies.

This is a highly challenging and modern environment that will push you to the limit and put your skills to the test in enumeration, exploitation, lateral movement, persistence, and privilege escalation.

There are many flags to be captured along the way, some on the main attack path and others in side-quests that you must go looking for.

This Red Team Operator Level II lab will expose players to:

  • Active Directory enumeration and exploitation

  • Breakout

  • Evading endpoint protections

  • Kerberos abuse

  • Lateral movement

  • Phishing

  • Privilege escalation

  • Web application attacks


APTLabs

APTLabs simulates a targeted attack by an external threat agent against an MSP (Managed Service Provider). The lab requires prerequisite knowledge of attacking Active Directory networks. APTLabs consists of fully patched servers, prevalent enterprise technologies, a simulated WAN network, and much more!

Your goal is to compromise all client networks and reach Domain Admin wherever possible. On completion of this lab, you will be familiar with long-lasting TTPs, how to abuse enterprise technology and be a true Google Ninja.

This is an extremely challenging lab that will put your skills to the ultimate test.

This Red Team Operator Level III lab will expose players to:

  • Active Directory enumeration and exploitation

  • Bypassing security features such as 2FA, JEA, and WDAC

  • Exploiting interactive users

  • Kerberos attacks

  • Lateral movement between multiple forests

  • Reaching your goals without using any CVEs

Did this answer your question?