What is Hack The Box?
Hack The Box (HTB) is the most respected hands-on cybersecurity practice platform in the industry. It’s not a course — it’s a live, competitive environment where you prove your skills by breaking into vulnerable machines called ‘boxes’ in a safe, legal environment. Founded in 2017, HTB has grown into a complete ecosystem: hundreds of machines, professional Pro Labs simulating enterprise networks, an academy with structured modules, CTF competitions, and a community of over 2 million security professionals. If OSCP is the certification the industry respects most, HTB is the practice environment the community trains in most.
Is This Right for You?
This is for you if...
- You want hands-on offensive security practice, not just theory
- You’re preparing for OSCP, CEH, CPENT, or PenTest+ certifications
- You want to rank yourself against a global community of security professionals
- You’re comfortable with basic Linux, networking, and have some security fundamentals
- You want enterprise-level network simulation through Pro Labs
This is NOT for you if...
- You’re completely new to security — TryHackMe is more appropriate as a starting point
- You want guided step-by-step tutorials — HTB expects you to figure things out
- You only want blue team training — try Blue Team Labs Online or LetsDefend instead
Platform Overview
| Feature | What You Get | Access Level |
|---|---|---|
|
Active Machines |
20+ rotating machines — points and global ranking |
Free + VIP+ |
|
Retired Machines |
500+ machines with official write-ups |
VIP |
|
Starting Point |
Guided beginner machines with structured tutorials |
Free |
|
HTB Academy |
Structured learning modules and skill paths |
Free (limited) / Paid |
|
Pro Labs |
Corporate network simulations: Offshore, RastaLabs, APTLabs |
VIP+ |
|
Challenges |
Crypto, reversing, forensics, web, pwn, OSINT, hardware |
Free + VIP |
|
CTF Events |
Regular competitive events with prizes and rankings |
Free + VIP |
Pricing
| Tier | Price | What's Included |
|---|---|---|
|
Free |
$0 |
Starting Point, some retired machines, limited challenges |
|
VIP |
€14/month |
All 500+ retired machines, official write-ups, VIP challenges |
|
VIP+ |
€20/month |
Active machines, Pro Labs, all content, priority support |
|
HTB Academy — Student |
$8/month |
All modules, learning paths, certificates |
|
HTB Academy — Professional |
$14/month |
All modules + enterprise features |
Pro Labs — Enterprise Network Simulation
| Pro Lab | Difficulty | Machines | Focus |
|---|---|---|---|
|
Offshore |
Advanced |
21 machines |
Realistic corporate AD environment — OSCP+ level |
|
RastaLabs |
Advanced |
15 machines |
Red team operations, evasion, APT simulation |
|
APTLabs |
Expert |
21 machines |
Nation-state APT simulation, advanced AD attacks |
|
Cybernetics |
Expert |
28 machines |
Full corporate network — most complex HTB environment |
Certification Prep — What HTB Helps With
| Certification | How HTB Helps | Recommended HTB Content |
|---|---|---|
|
OSCP |
Closest available practice to OSCP exam format — TJ Null’s list is the community standard |
Retired machines on TJ Null list + Pro Labs |
|
PenTest+ |
Builds practical skills behind theoretical exam content |
Starting Point + HTB Academy Pentest path |
|
CEH Practical |
Real exploitation practice for the 6-hour practical exam |
Easy-Medium retired machines |
|
CRTO (Red Team) |
Active Directory attacks, evasion, C2 concepts |
Pro Labs: RastaLabs, APTLabs |
Recommended Resources
- HackTheBox — create your account here
- TJ Null’s OSCP prep list — curated HTB machines that mirror OSCP exam style
- IppSec (YouTube) — most respected HTB walkthrough channel with deep methodology explanation
- 0xdf hacks stuff — detailed written HTB walkthroughs
- HackTricks — the definitive HTB methodology reference
── SecVerse Marketplace — Resources ──
Which Platform is Right for You?
Hack The Box is the right choice when you are past the guided learning stage and ready for unguided, competitive practice. Here is how it compares to similar platforms:
| If you want... | Best Choice |
|---|---|
|
You want guided, beginner-friendly rooms |
TryHackMe — structured paths, in-browser machines, no setup |
|
You want official OSCP practice with write-ups |
OffSec Proving Grounds — same team as OSCP exam |
|
You want free offline machines, no internet needed |
VulnHub — 800+ downloadable VMs, completely free |
|
You want defensive SOC practice |
Blue Team Labs Online — SIEM, forensics, threat hunting |
|
You want the largest machine library + Pro Labs |
Hack The Box — this is the right choice |
How to Get Started
- Create a free account and do Starting Point Tier 0 first. Don’t skip it. Even with experience, Starting Point teaches HTB’s format and methodology structure. Complete all three tiers before touching active machines.
- Set a goal: root 10 retired Easy machines. Work them one at a time — enumerate fully, research, exploit, escalate, root. Take notes on every machine. Notes become your methodology.
- Watch IppSec after you try each machine, not before. Watch walkthroughs after you’ve tried the machine yourself — even if you failed. The difference between watching and trying first is enormous.
📌 Note: The information on this page — including certification details, exam codes, pricing, and salary ranges — is regularly reviewed and updated to reflect the latest data from official sources. Always verify current details directly with the relevant certification body or platform before making any decisions.
Community & Support
── HTB Communities ──
Related Articles
The 6 Learning Paths Every Cybersecurity Beginner Should Know
**In our first guide**, we covered how to start learning cybersecurity without feeling overwhelmed. If you haven’t read it yet, start there.
Now, let’s talk about which path to take once you’re ready. When I decided to get into cybersecurity 20 years ago after I graduated from school of engineering as computer engineer, I had no idea which path to take.
I bought a CEH course first. Then I bought a Security+ book. Then I tried to learn networking. I was all over the place. Don’t be me.
How to Start Learning Cybersecurity Without Feeling Overwhelmed
Let’s be honest with ourselves to avoid the shock and be realistic. Cyber security is huge, branching, and massive field.
When I decided to get and start in this field 20 years ago. I made every mistake imaginable:
Bought expensive courses I never finished.
Tried to learn everything at once – pentesting, malware analysis, cloud security, forensics. All in short time.
Got trapped in “tutorial”- watching videos for hours but never actually doing anything because of not practicing them and being confused.
Got lots and different opinions from people who are in advanced levels.
Here’s the truth I wish someone told me earlier:
