Attacking Authentication Mechanisms with HackTheBox Academy
My thoughts about HTB Academy
HackTheBox is currently running a 20% discount on Academy Silver Yearly Subscription and I thought I might as well finally publish a review of the Academy portal. Especially, because I've been using it since 2021 and I think everyone should also give it at least a try.
For the test run I have chosen Tier III module "Attacking Authentication Mechanisms" mainly because other challenge gives me really hard time with SAML Response validation.
Single Module Cost
Costs when buying "raw" cubes, without any subscription:
Tier I modules cost 50 cubes (ยฃ4)
Tier II modules cost 100 cubes (ยฃ8)
Tier III modules cost 500 cubes (ยฃ40)
Tier IV modules cost 1000 cubes (ยฃ80)
Visual Design
Modules are divided into sections, which are clear and easy to read. Lessons content contains visual helps like images, graphics and well styled text (all personal opinion).
There is a theoretical and practical part. Most practical lessons rewards you with cubes (that way you can get back 20% of cubes you spent to unlock the module).
Cheatsheet
Exactly what is says. Collection of useful commands and some key notes from the module.
Parrot Pwnbox
Very handly and neat system. You just click "Launch" and literally within few seconds the preconfigured Parrot OS appears.
You can even download the ISO for the same OS from the Parrot Security site.
Responsive and ready to go. See what STรK and others say about it.
Rewards
After you complete a module, you get the achievemnt-like popup and possiblity to share that completion details with others.
Personally, I really love that sense of accomplishment :)
Silver Annular Cost Analysis
Notice, that all prices are given without VAT. In my country I have to add 23%.
Let's break it one by one.
Tier 0: 21 modules x 10 = 210 cubes
Tier I: 10 modulesx x 50 = 500 cubes
Tier II: 9 modules x 100 = 900 cubes
Each module completed gives 20% cubes back - with the exception of Tier 0 which gives 10 cubes back (full refund). So overall cost in cubes of all modules up to (including) Tier II is 1120 cubes or circa ยฃ88.
Both HTB Certified Penetration Testing Specialist and HTB Certified Bug Bounty Hunter exam voucher cost ยฃ150 so "one exam voucher per year" totals to ยฃ238.
Access to Bug Bounty Hunter path is covered in the previous calculations (includes modules up to Tier II).
Access to Penetration Tester path is covered in the previous calculations (includes modules up to Tier II).
Unlimited Pwnbox usage is hard to estimate becasue on Free Account you can launch it once a day for 120 minutes - is it enough? It depends - it's either you really focus and do the module on one sitting or do in at maximum 2-3 hours a day. But there is always and option to solve all lab tasks on your own system (like on Kali VM) or use that preconfigured Parrot OS.
Last year I've made a useful script to persist some settings and tools on the HTB Pwnbox. See it here.
CPE Credits should be looked at like necessity - it would be a serious negative if a program that cost that much would not give CPE credits.
As for the Lab Exercise guidance via Discord - I haven't got occasion to test it, but I assume that someone is available to chat and help you with the tasks.
Finally, it's a Silver Subscription so it gives 200 cubes each month, 1200 total (ยฃ96)
So finally, if you would like to buy everything separately, one day cubes, another day cubes and then come to conclusion that you want to get the certification - ยฃ334. And remember that's just a raw cost of all purchasable resources (cubes+exam voucher) without unlimited Pwnbox, CPE credits and lab guidance.
If you are commited and you think you would need the exam later - no brainer, get the yearly subscription, it will save you both money and a hassle in the future.