@@ -67,24 +67,24 @@ Writeups for retired HTB machines organized by difficulty. Each writeup includes
6767
6868| Machine | OS | Difficulty | Key Techniques | Date |
6969| ---------| ----| ------------| ----------------| ------|
70- | [ DarkZero] ( machines/hard/DarkZero/ ) | Windows | Hard | Cross-Forest Trust, AD Abuse | Apr 2026 |
71- | [ Snapped] ( machines/medium/Snapped/ ) | Linux | Medium | Nginx UI RCE, Static Site Exploitation | Mar 2026 |
72- | [ Browsed] ( machines/medium/Browsed/ ) | Linux | Medium | Browser Extension Exploitation, Headless Chrome | Mar 2026 |
73- | [ Previous] ( machines/medium/Previous/ ) | Linux | Medium | NextJS Exploitation, Framework Abuse | Jan 2026 |
74- | [ Retire] ( machines/hard/Retire/ ) | Windows | Hard | Active Directory, Kerberos Abuse | Jan 2026 |
75- | [ Fries] ( machines/hard/Fries/ ) | Linux | Hard | Web Exploitation, Custom Exploitation | Nov 2025 |
76- | [ NanoCorp] ( machines/hard/NanoCorp/ ) | Linux | Hard | Custom Protocol, Binary Analysis | Nov 2025 |
77- | [ Hercules] ( machines/insane/Hercules/ ) | Linux | Insane | Multi-Stage Exploitation | Oct 2025 |
78- | [ Signed] ( machines/medium/Signed/ ) | Linux | Medium | Code Signing Bypass, Certificate Abuse | Oct 2025 |
79- | [ University] ( machines/insane/University/ ) | Linux | Insane | Multi-Vector Attack, Complex Chain | Aug 2025 |
80- | [ Dog] ( machines/easy/Dog/ ) | Linux | Easy | Backdrop CMS, Web Exploitation | Jul 2025 |
81- | [ Mirage] ( machines/hard/Mirage/ ) | Windows | Hard | Active Directory, ADCS | Jul 2025 |
82- | [ Voleur] ( machines/medium/Voleur/ ) | Linux | Medium | Data Exfiltration, Custom Exploitation | Jul 2025 |
83- | [ RustyKey] ( machines/hard/RustyKey/ ) | Linux | Hard | Rust Binary Exploitation | Jun 2025 |
84- | [ TombWatcher] ( machines/medium/TombWatcher/ ) | Linux | Medium | Custom Service Exploitation | Jun 2025 |
85- | [ Haze] ( machines/hard/Haze/ ) | Windows | Hard | Splunk Enterprise Exploitation | Jun 2025 |
86- | [ Certificate] ( machines/hard/Certificate/ ) | Windows | Hard | ADCS, Certificate Template Abuse | May 2025 |
87- | [ Vintage] ( machines/hard/Vintage/ ) | Windows | Hard | Pure Active Directory, Kerberoasting | Apr 2025 |
70+ | [ DarkZero] ( https://0xdf.gitlab.io/2026/04/04/htb-darkzero.html ) | Windows | Hard | Cross-Forest Trust, AD Abuse | Apr 2026 |
71+ | [ Snapped] ( https://0xdf.gitlab.io/2026/04/01/htb-snapped.html ) | Linux | Medium | Nginx UI RCE, Static Site Exploitation | Mar 2026 |
72+ | [ Browsed] ( https://0xdf.gitlab.io/2026/03/28/htb-browsed.html ) | Linux | Medium | Browser Extension Exploitation, Headless Chrome | Mar 2026 |
73+ | [ Previous] ( https://0xdf.gitlab.io/2026/01/10/htb-previous.html ) | Linux | Medium | NextJS Exploitation, Framework Abuse | Jan 2026 |
74+ | [ Retire] ( machines/hard/ ) | Windows | Hard | Active Directory, Kerberos Abuse | Jan 2026 |
75+ | [ Fries] ( machines/hard/ ) | Linux | Hard | Web Exploitation, Custom Exploitation | Nov 2025 |
76+ | [ NanoCorp] ( machines/hard/ ) | Linux | Hard | Custom Protocol, Binary Analysis | Nov 2025 |
77+ | [ Hercules] ( machines/insane/ ) | Linux | Insane | Multi-Stage Exploitation | Oct 2025 |
78+ | [ Signed] ( https://0xdf.gitlab.io/2026/02/07/htb-signed.html ) | Linux | Medium | Code Signing Bypass, Certificate Abuse | Oct 2025 |
79+ | [ University] ( https://0xdf.gitlab.io/2025/08/09/htb-university.html ) | Linux | Insane | Multi-Vector Attack, Complex Chain | Aug 2025 |
80+ | [ Dog] ( https://0xdf.gitlab.io/2025/07/12/htb-dog.html ) | Linux | Easy | Backdrop CMS, Web Exploitation | Jul 2025 |
81+ | [ Mirage] ( https://0xdf.gitlab.io/2025/11/22/htb-mirage.html ) | Windows | Hard | Active Directory, ADCS | Jul 2025 |
82+ | [ Voleur] ( https://0xdf.gitlab.io/2025/11/01/htb-voleur.html ) | Linux | Medium | Data Exfiltration, Custom Exploitation | Jul 2025 |
83+ | [ RustyKey] ( https://0xdf.gitlab.io/2025/11/08/htb-rustykey.html ) | Linux | Hard | Rust Binary Exploitation | Jun 2025 |
84+ | [ TombWatcher] ( https://0xdf.gitlab.io/2025/10/11/htb-tombwatcher.html ) | Linux | Medium | Custom Service Exploitation | Jun 2025 |
85+ | [ Haze] ( https://0xdf.gitlab.io/2025/06/28/htb-haze.html ) | Windows | Hard | Splunk Enterprise Exploitation | Jun 2025 |
86+ | [ Certificate] ( https://0xdf.gitlab.io/2025/10/04/htb-certificate.html ) | Windows | Hard | ADCS, Certificate Template Abuse | May 2025 |
87+ | [ Vintage] ( https://0xdf.gitlab.io/2025/04/26/htb-vintage.html ) | Windows | Hard | Pure Active Directory, Kerberoasting | Apr 2025 |
8888
8989### By Operating System
9090
@@ -169,12 +169,12 @@ Enterprise-grade lab environments simulating real corporate networks. These writ
169169
170170| Lab | Difficulty | Machines | Focus |
171171| -----| -----------| ----------| -------|
172- | [ Dante] ( prolabs/dante/ ) | Beginner | 14 | Network Pentesting Fundamentals |
173- | [ Offshore] ( prolabs/offshore/ ) | Intermediate | 21 | Active Directory, Multi-Domain |
174- | [ RastaLabs] ( prolabs/rastalabs/ ) | Intermediate | 15 | Red Team Simulation, Phishing |
175- | [ Zephyr] ( prolabs/zephyr/ ) | Intermediate | 17 | ADCS, DPAPI, Constrained Delegation |
176- | [ Cybernetics] ( prolabs/cybernetics/ ) | Advanced | 20+ | Advanced AD, Cross-Forest Attacks |
177- | [ APTLabs] ( prolabs/aptlabs/ ) | Advanced | 20+ | APT Simulation, Multi-Vector |
172+ | [ Dante] ( prolabs/#{0} ) | Beginner | 14 | Network Pentesting Fundamentals |
173+ | [ Offshore] ( prolabs/#{0} ) | Intermediate | 21 | Active Directory, Multi-Domain |
174+ | [ RastaLabs] ( prolabs/#{0} ) | Intermediate | 15 | Red Team Simulation, Phishing |
175+ | [ Zephyr] ( prolabs/#{0} ) | Intermediate | 17 | ADCS, DPAPI, Constrained Delegation |
176+ | [ Cybernetics] ( prolabs/#{0} ) | Advanced | 20+ | Advanced AD, Cross-Forest Attacks |
177+ | [ APTLabs] ( prolabs/#{0} ) | Advanced | 20+ | APT Simulation, Multi-Vector |
178178
179179---
180180
@@ -184,9 +184,9 @@ DFIR (Digital Forensics & Incident Response) investigation labs. Blue team scena
184184
185185| Category | Path | Focus |
186186| ----------| ------| -------|
187- | Easy | [ ` sherlocks/easy/ ` ] ( sherlocks/easy/ ) | Log Analysis, Basic DFIR |
188- | Medium | [ ` sherlocks/medium/ ` ] ( sherlocks/medium/ ) | Memory Forensics, Malware Triage |
189- | Hard | [ ` sherlocks/hard/ ` ] ( sherlocks/hard/ ) | APT Investigation, Complex IR |
187+ | Easy | [ ` sherlocks/easy/ ` ] ( sherlocks/ ) | Log Analysis, Basic DFIR |
188+ | Medium | [ ` sherlocks/medium/ ` ] ( sherlocks/ ) | Memory Forensics, Malware Triage |
189+ | Hard | [ ` sherlocks/hard/ ` ] ( sherlocks/ ) | APT Investigation, Complex IR |
190190
191191### Featured Sherlocks
192192
@@ -215,12 +215,12 @@ Writeups from official Hack The Box competitive CTF events.
215215
216216| Event | Year | Path | Highlights |
217217| -------| ------| ------| ------------|
218- | Cyber Apocalypse | 2025 | [ ` ctf-events/cyber-apocalypse-2025/ ` ] ( ctf-events/cyber-apocalypse-2025/ ) | Web, Crypto, Pwn, Forensics |
219- | Business CTF | 2025 | [ ` ctf-events/business-ctf-2025/ ` ] ( ctf-events/business-ctf-2025/ ) | Enterprise Security Focus |
220- | University CTF | 2025 | [ ` ctf-events/university-ctf-2025/ ` ] ( ctf-events/university-ctf-2025/ ) | Academic Team Competition |
221- | Cyber Apocalypse | 2024 | [ ` ctf-events/cyber-apocalypse-2024/ ` ] ( ctf-events/cyber-apocalypse-2024/ ) | Hacker Royale Theme |
222- | Business CTF | 2024 | [ ` ctf-events/business-ctf-2024/ ` ] ( ctf-events/business-ctf-2024/ ) | Corporate Scenario |
223- | University CTF | 2024 | [ ` ctf-events/university-ctf-2024/ ` ] ( ctf-events/university-ctf-2024/ ) | Binary Badlands Theme |
218+ | Cyber Apocalypse | 2025 | [ ` ctf-events/cyber-apocalypse-2025/ ` ] ( ctf-events/ ) | Web, Crypto, Pwn, Forensics |
219+ | Business CTF | 2025 | [ ` ctf-events/business-ctf-2025/ ` ] ( ctf-events/ ) | Enterprise Security Focus |
220+ | University CTF | 2025 | [ ` ctf-events/university-ctf-2025/ ` ] ( ctf-events/ ) | Academic Team Competition |
221+ | Cyber Apocalypse | 2024 | [ ` ctf-events/cyber-apocalypse-2024/ ` ] ( ctf-events/ ) | Hacker Royale Theme |
222+ | Business CTF | 2024 | [ ` ctf-events/business-ctf-2024/ ` ] ( ctf-events/ ) | Corporate Scenario |
223+ | University CTF | 2024 | [ ` ctf-events/university-ctf-2024/ ` ] ( ctf-events/ ) | Binary Badlands Theme |
224224
225225---
226226
@@ -230,11 +230,11 @@ Multi-machine, multi-stage scenarios that simulate real penetration testing enga
230230
231231| Endgame | Path | Flags | Focus |
232232| ---------| ------| -------| -------|
233- | P.O.O. | [ ` endgames/poo/ ` ] ( endgames/poo/ ) | 5 | MSSQL Linked Servers, IIS Enumeration |
234- | Xen | [ ` endgames/xen/ ` ] ( endgames/xen/ ) | 5+ | Citrix Breakout, AD, Phishing |
235- | Hades | [ ` endgames/hades/ ` ] ( endgames/hades/ ) | 5+ | AS-REP Roast, DPAPI, RBCD, DNS Spoofing |
236- | RPG | [ ` endgames/rpg/ ` ] ( endgames/rpg/ ) | 6 | Linux Exploitation, Multi-Host Pivoting |
237- | Ascension | [ ` endgames/ascension/ ` ] ( endgames/ascension/ ) | 7 | Blind SQLi, MSSQL Proxy, RBCD |
233+ | P.O.O. | [ ` endgames/poo/ ` ] ( endgames/ ) | 5 | MSSQL Linked Servers, IIS Enumeration |
234+ | Xen | [ ` endgames/xen/ ` ] ( endgames/ ) | 5+ | Citrix Breakout, AD, Phishing |
235+ | Hades | [ ` endgames/hades/ ` ] ( endgames/ ) | 5+ | AS-REP Roast, DPAPI, RBCD, DNS Spoofing |
236+ | RPG | [ ` endgames/rpg/ ` ] ( endgames/ ) | 6 | Linux Exploitation, Multi-Host Pivoting |
237+ | Ascension | [ ` endgames/ascension/ ` ] ( endgames/ ) | 7 | Blind SQLi, MSSQL Proxy, RBCD |
238238
239239---
240240
@@ -244,12 +244,12 @@ Multi-flag single-host challenges created by partner companies. Like machines on
244244
245245| Fortress | Creator | Flags | Focus |
246246| ----------| ---------| -------| -------|
247- | [ Jet] ( fortresses/jet/ ) | Jet | 11 | Multi-service exploitation |
248- | [ Akerva] ( fortresses/akerva/ ) | Akerva | 8 | WordPress, SNMP, web chains |
249- | [ Context] ( fortresses/context/ ) | Context/Accenture | 7 | Web + infrastructure |
250- | [ Synacktiv] ( fortresses/synacktiv/ ) | Synacktiv | Multiple | Symfony, AppSec, infrastructure |
251- | [ AWS] ( fortresses/aws/ ) | Amazon Web Services | Multiple | Cloud security, IAM, Lambda, S3 |
252- | [ Faraday] ( fortresses/faraday/ ) | Faraday | 7 | General offensive security |
247+ | [ Jet] ( fortresses/ ) | Jet | 11 | Multi-service exploitation |
248+ | [ Akerva] ( fortresses/ ) | Akerva | 8 | WordPress, SNMP, web chains |
249+ | [ Context] ( fortresses/ ) | Context/Accenture | 7 | Web + infrastructure |
250+ | [ Synacktiv] ( fortresses/ ) | Synacktiv | Multiple | Symfony, AppSec, infrastructure |
251+ | [ AWS] ( fortresses/ ) | Amazon Web Services | Multiple | Cloud security, IAM, Lambda, S3 |
252+ | [ Faraday] ( fortresses/ ) | Faraday | 7 | General offensive security |
253253
254254---
255255
@@ -518,7 +518,7 @@ We welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for detailed gu
518518
519519** Quick start:**
5205201 . Fork the repository
521- 2 . Use the appropriate [ template] ( templates/ ) for your writeup
521+ 2 . Use the appropriate [ template] ( CONTRIBUTING.md ) for your writeup
5225223 . Place it in the correct category folder
5235234 . Submit a Pull Request
524524
0 commit comments