Skip to main content

Intro to Academy — Writeup

Module IDDifficultyEstimated DurationNumber of ChaptersReward
015Fundamental · Tier 030 minutes8 (including 3 interactive exercises)10 Cubes

Module Link: academy.hackthebox.com/module/details/15

Table of Contents

#ChapterTypeQuestion
1IntroductionTheory
2HTB Academy StructureTheory
3ModulesInteractiveQ1 ✅
4SectionsInteractiveQ1 ✅
5ExercisesInteractiveQ1 ✅
6Paths and CertificationsTheory
7Getting HelpTheory
8Next StepsTheory

1. Introduction

Key Knowledge Points

  • HTB Academy is Hack The Box's official online learning platform, aimed at the cybersecurity field
  • The platform is built around three core philosophies:
    • Highly interactive(Highly Interactive):Learn through hands-on practice, rather than passive reading
    • Guided learning(Guided Learning):Step-by-step learning paths, lowering the barrier to entry
    • Skill Assessment(Skills Assessment):Most modules conclude with near real-world scenarios to test what has been learned

Understanding and Insights

  • These three philosophies do not exist independently, but rather form a complete learning loop: Guided Learning provides direction → Interactive practice consolidates knowledge → Skills Assessment validates abilities
  • "Near real-world practice" is what distinguishes HTB from other learning platforms—not simple multiple-choice exams, but real scenarios requiring hands-on completion
  • Although this section is brief, it clarifies the platform's learning philosophy: Learn by doing, test after learning

Practical Takeaways

  • Established expectations for the HTB Academy learning model: each module will be primarily hands-on, not just watching without practicing
  • Understood the platform's assessment methods, and during subsequent learning, one should consciously connect each knowledge point with real-world scenarios

2. HTB Academy Structure

Key Knowledge Points

  • HTB Academy's learning structure has three levels:
Path
 └── Module
       └── Section
  • Path:The largest learning unit, composed of multiple Modules; some Paths correspond to certification exams
  • Module:A complete course centered around a specific topic
  • Section:The smallest learning unit, designed to be completed in one sitting
  • Core Philosophy: Breaking down seemingly large goals into small steps, gradually accumulating until certification is achieved

Understanding and Insights

  • The three-tier structure design embodies the 'divide and conquer' learning strategy: Section ensures that a single learning session is not overloaded, Module ensures the completeness of the knowledge system, and Path ensures a clear career direction
  • Section is designed to be 'completed in one sitting', suitable for microlearning
  • There is a many-to-many relationship between Path and Module: The same Module may appear in different Paths, and choosing different Paths may result in module overlap, saving Cubes and time
  • Understanding this structure is crucial for planning your learning progress: First, choose a Path to set your direction, then progress module by module, completing a few Sections each day

Practical Takeaways

  • Mastered the platform's content organization method, and can reasonably plan learning paths and pace
  • Understood the 'small steps, fast iteration' learning methodology, avoiding being intimidated by a vast curriculum

3. Modules

Key Knowledge Points

  • Module Types: Offensive, Defensive, Purple, General
  • Module Difficulty: Fundamental, Easy, Medium, Hard
  • Module Tiers and Costs:
TierUnlock Cost (Cubes)Completion Reward (Cubes)
Tier 0 (Free)1010
Tier I5010
Tier II10020
Tier III500100
Tier IV1000200
  • Upon completion of each module, 20% of the unlock fee is returned.
  • Tier 0 modules cost 10 Cubes and return 10 Cubes, making them free.
  • Tier is not equal to difficulty—Tier reflects the cost, not the technical difficulty of the module.
  • Annual subscribers unlock included modules without consuming Cubes, but can still receive completion rewards.
  • To complete a module, you need to solve all exercises, mark all sections complete, finally pass the Skills Assessment, and click Finish.
  • Upon completion, you can share your achievement on social media, write a review for the module, and unlock the corresponding Badge.

Understanding and Insights

  • Tier and difficulty are two independent dimensions and are easily confused: A Tier IV module might be Easy difficulty (simple content but long in length), while a Tier I module might be Hard difficulty (difficult content but short in length). When choosing a module, you should look at both indicators.
  • The design of the Cubes economic system encourages completion rather than hoarding: Tier 0 is completely free (spend 10, get 10 back), and high Tier modules return 20%—this means continuously completing modules is key to maintaining your Cubes balance.
  • The definition of "completion" is stricter than imagined: not only must you answer all questions correctly, but also click Mark Complete for each section, finally pass the Skills Assessment, and click Finish. Missing any step will not count as completion, and you will not receive Badge and Cubes rewards.
  • The biggest advantage for annual subscribers is not just free unlocks, but also the ability to explore different modules without worrying about Cubes consumption.

Practical Takeaways

  • Learned to evaluate modules based on Tier and difficulty dimensions, and reasonably allocate Cubes budget.
  • Clarified the complete process for module completion, avoiding missing rewards due to overlooked steps.

Exercise Solutions

Q1: This module is a tier 0 "free" module. What is the total cubes that will be rewarded back to you by completing it?

Hint: Consult the tiers table above

Solution Approach:

  1. The question tells us that the current module is a Tier 0 module.
  2. Check the Reward column corresponding to Tier 0 in the table above.
  3. The completion reward for Tier 0 is 10 Cubes.

Answer: 10

4. Sections

Key Takeaways

  • Theory Section: purely theoretical explanation, no hands-on practice.
  • Interactive Section: includes demonstrations and practice exercises, which is the main part of HTB Academy.
  • Pwnbox: a browser-based Parrot OS virtual environment, allowing hands-on practice without local configuration.
  • Note-taking Feature: each section supports online note-taking; combined with a Cheatsheet, it's a powerful tool for exam preparation.
  • To complete a section, you need to click "Mark Complete and Next"; sections with practice exercises must first submit the correct answer.
  • You can click Next to skip the current section and come back later to complete it.

Insights and Reflections

  • The distinction between Theory Section and Interactive Section is very important: Theory sections can be marked complete after a quick read, while Interactive sections are the true core of learning, requiring more time investment.
  • Pwnbox is a major highlight of the platform—it eliminates environment configuration, the biggest obstacle for beginners. However, be aware that Pwnbox sessions have time limits, so pay attention to the countdown during long operations.
  • The note-taking feature is easily overlooked, but it's a powerful tool for exam preparation: notes within each Section are tied to that chapter, allowing you to quickly locate your understanding and questions during review.
  • The "skip" mechanism is a double-edged sword: it allows you to skip difficult parts and move forward, but if you keep skipping without coming back to complete them, the module cannot be completed.

Key Takeaways

  • Learned how to use Pwnbox for in-browser practical operations, without needing to set up any local environment.
  • Understood the chapter completion mechanism, allowing for flexible arrangement of learning order (from easy to difficult).

Exercise Solution

Q1: Start your workstation, then use the integrated terminal to find the Linux OS flavor by running the following command: cat /etc/issue

Hint: It is the name of a bird

Solution Approach:

  1. At the bottom of the module page, click "Connect to HTB""Start Pwnbox" to launch the Pwnbox workstation.
  2. After Pwnbox finishes loading, open the built-in terminal.
  3. Execute the following command in the terminal:
cat /etc/issue
  1. The output will be similar to:
Parrot GNU/Linux 5.x \n \l
  1. You can see that the operating system name is Parrot.

Answer: Parrot

5. Exercises

Key Points

  • Exercises usually come with a bootable target, divided into two categories:
    • Docker Target: Fast to start, accessed directly in the browser via IP:PORT, no VPN required.
    • VM Target: Used for more complex scenarios (Windows / AD / network environments), requires access via VPN or Pwnbox.
  • Each user can only have one active target at a time.
  • Some challenges provide a Hint button
  • Challenges marked as Optional Exercises can directly Reveal Answer without affecting chapter completion
  • Correctly answering practice questions will reward a certain number of Cubes

Understanding and Insights

  • The difference between Docker Target and VM Target is not just about technical implementation, but also impacts the learning experience: Docker targets launch in seconds, are directly accessible via browser, and are suitable for quick practice; VM targets require VPN or Pwnbox, launch slower, but provide a more realistic penetration testing environment
  • "Only one active target at a time" is an important limitation – launching a new target will automatically shut down the current target. Progress made halfway will not be saved, so before launching a target, ensure you have enough time to complete the current exercise
  • Although Optional Exercises allow direct viewing of answers, they are often extensions of core concepts. Skipping them does not affect completion, but you will miss out on additional practice opportunities
  • The Hint feature is a learning aid, not cheating – reasonable use of Hints can prevent getting stuck for too long on non-core knowledge points

Practical Takeaways

  • Mastered the launch and access methods for both target types, and can choose the appropriate connection method based on the exercise type
  • Understood the limitations of target management, and learned to plan time effectively before launching a target

Exercise Solutions

Q1: Start the above target, copy the shown IP:PORT by clicking on them, and then paste them in your browser. What's the proof shown in the page?

Hint: Follow along the GIF above

Solution Steps:

  1. Find the "Spawn the target system" button at the bottom of the module page, and click to launch the target
  2. Wait for the target to finish launching; the page will display a IP:PORT address (e.g., 94.237.xx.xx:xxxxx)
  3. Click the IP:PORT to copy it to the clipboard
  4. Open your browser, paste the address into the address bar and visit.
  5. The page will display a piece of proof text.

Answer: t4rg3ts

6. Paths and Certifications

Key Takeaways

  • Skill Path: Organizes modules around a specific popular skill, such as Basic Toolset.
  • Job-Role Path: Designed for specific cybersecurity job roles, linked to HTB certification exams.
  • Registering for a Path does not consume Cubes.
  • The Duration on the Path page is calculated based on an 8-hour workday (2 days = 16 hours).

Understanding and Insights

  • The core difference between Skill Path and Job-Role Path lies in their purpose: Skill Path is suitable for scenarios like "I want to learn a specific skill," while Job-Role Path is suitable for scenarios like "I want to get a certain certification/work in a specific role."
  • "Registering does not consume Cubes" can be misleading – registering a Path only adds it to your learning dashboard; unlocking individual modules within the Path still requires Cubes. You can register for multiple Paths first to compare them, then decide which modules to unlock with Cubes.
  • The "8-hour workday" calculation method for Duration is a useful planning reference: if a Path is marked as 10 days, it means approximately 80 hours of study time are needed. Estimate the actual completion period based on the time you can realistically dedicate each day.
  • The HTB certification system forms a clear career progression path from beginner to advanced, with the intermediate stage branching into three directions: Attack (CPTS), Web (CWES), and Defense (CDSA).

Practical Takeaways

  • Able to choose the appropriate Path type based on your own level and goals (Skill Path for filling gaps, Job-Role Path for pursuing certifications).
  • Mastered the conversion method for Duration, allowing you to create realistic and feasible study time plans.

HTB Certification Scheme

LevelCertificationDescription
JuniorHTB CJCAJunior Cybersecurity Associate, starting from scratch
IntermediateHTB CPTSCertified Penetration Testing Specialist
IntermediateHTB CWESCertified Web Exploitation Specialist
IntermediateHTB CDSACertified Defensive Security Analyst
AdvancedHTB CWEECertified Web Exploitation Expert
AdvancedHTB CAPECertified Active Directory Pentesting Expert

7. Getting Help

Key Knowledge Points

  • There are three ways to get help when you encounter difficulties:
    1. Help Center: Click the help button in the top bar to consult common questions and the platform usage guide
    2. Show Solution: Step-by-step solution below each exercise question (available only to annual subscribers / enterprise users)
    3. Discord: Join the Hack The Box Discord community for discussion

Understanding and Insights

  • Three approaches apply to different scenarios: Help Center addresses platform operation issues, Show Solution resolves specific problem roadblocks, and Discord handles open-ended questions and in-depth discussions.
  • Show Solution is one of the hidden values of an annual subscription — for beginners, this is equivalent to having detailed official solutions for every problem. However, over-reliance can weaken independent problem-solving skills, so it's recommended to attempt independently for at least 30 minutes before checking.
  • The Discord community is not only a help channel but also an information source: you can learn about other students' learning progress, discover new module recommendations, and get experience sharing for certification exams.
  • When asking questions on Discord, follow community guidelines: do not directly send answers (flag), but describe your thought process and where you're stuck.

Practical Takeaways

  • Mastered three different levels of seeking help, and can quickly find the appropriate help channel when stuck.
  • Understood the balance between independent problem-solving and timely help — first attempt, then hint, finally solve.

8. Next Steps

Key Learnings

  • The platform recommends three levels of learning paths based on user proficiency:
Your LevelRecommended PathTarget Certification
BeginnerJunior Cybersecurity AnalystHTB CJCA
IntermediatePenetration Tester / Web Exploitation Specialist / Defensive Security AnalystHTB CPTS / CWES / CDSA
AdvancedSenior Web Penetration Tester / Active Directory Penetration TesterHTB CWEE / CAPE
  • Beginners are advised to start with the CJCA path, which begins from scratch.
  • The intermediate stage offers three optional directions, corresponding to penetration testing, Web attacks, and defensive analysis.
  • The advanced stage focuses on in-depth Web attacks and Active Directory penetration.

Understanding and Insights

  • Path selection is not a final decision: you can first take the CJCA path to build a foundation, then branch out to intermediate directions based on your interests. There are module overlaps between different paths, and modules completed earlier do not need to be repeated in subsequent paths.
  • "Beginner→Intermediate→Advanced" is not a strictly linear relationship: if you already have an IT foundation (e.g., system administration, programming experience), you can directly start from an intermediate path, and if you encounter knowledge gaps, you can go back to complete Fundamental modules.
  • The three intermediate directions (CPTS/CWES/CDSA) represent the three most mainstream career tracks in the cybersecurity industry: Red Team attacks, Web security, and Blue Team defense. When choosing, you should combine your interests and target job roles.
  • This module (Intro to Academy), as a Tier 0 free module, is the common starting point for all paths, and completing it does not consume any Cubes.

Practical Takeaways

  • Gained a global understanding of the HTB learning paths and are able to formulate a clear learning plan based on your own level.
  • Understood the hierarchical relationship of the certification system and established a sense of direction for long-term career development.

Answer Key

ChapterQuestion NumberAnswer
3 - ModulesQ110
4 - SectionsQ1Parrot
5 - ExercisesQ1t4rg3ts