A new lab is ready for red teamers hungry for advanced recon

Thinking back to your first Hack The Box Machine, odds are you went looking for some help, probably landing straight on a YouTube walkthrough by none other than this lab’s creator, IppSec.

And honestly, how could you miss him?

IppSec has personally guided the HTB community through hundreds of Machines over the years. But now, he’s bringing all that insight and expertise directly into the design of his very own lab: Wanderer.

Wanderer is now part of our Pro Labs content offering in HTB Labs and the Professional Labs content available through HTB Enterprise. These are premium training environments designed to simulate realistic adversary scenarios using challenging, and often fully patched, enterprise technologies.

Curious how the creation of Wanderer looks like behind the scenes? Us too.

Before we dive deep into the lab, we caught up with IppSec himself to hear firsthand about his journey, his inspirations, and his biggest lessons learned from building this content.

Wanderer overview

Honestly, let’s get the story straight from the man himself. Then we can dig into some of the burning questions I had for this lab. So, how did this all start?

"I built Wanderer for the RTV (Red Team Village), which served as the finals for Defcon in 2023. 

Some of the RTV people and myself go way back, Barry (PwnEIP) was on a CTF Team with myself, 0xdf, and a couple of other friends who competed in events like SANS Netwars. 

Anyway, the plan was always to bring the lab over to Hack The Box after the event in 2023, but several changes had to be made. There were some CVEs that just would not age well, such as the MoveIT Vulnerability, and we removed a lot of the Fallout references due to the TV Show being such a hit; we wanted to make sure there were no IP Violations."

The lab itself is called Wanderer because the idea was that you are wandering between vaults (networks), gaining pieces of knowledge to unlock the final flag.

How should hackers tackle the lab?  

What drove your choices around the theme and technologies featured in Wanderer, Ippsec?

"I really like recon and enumeration. 

It probably stems from my love of real-time strategy video games. Many of my choices can be traced back to the thought, 'How can I reward people for going the extra mile and noticing something small?'

The technologies are a bunch of things I thought would be cool, like calling voice mailboxes or hacking a wireless network.

One of my favorite findings was an SQL Injection against a web app. It seemed like it was vulnerable, but due to a limited character set, it was very difficult to exploit. 

After I exploited it, the client showed me a report from a previous big-name pentest firm, which marked it as a false positive, as it wasn’t exploitable. I knew I wanted to release more information around that type of attack.

At that time, I only knew how to do it with boolean-based attacks. After the test, I rebuilt it locally and consulted with Tib3rius to figure out how to do it with union injection." 

What’s the one thing you hope hackers will take away after completing Wanderer?

"I hope people come out of Wanderer with a lot better foundation in cybersecurity, overall.

I don’t think any single step is incredibly challenging, but I didn’t hold back when making the challenges. That SQL Injection I talked about earlier? I’ve needed to do similar things to bypass a default Cloudflare Web Application Firewall.

There’s a mobile application that requires you to defeat SSL Pinning.

One network has some pretty easy challenges, but the pivoting required increases the difficulty tenfold.

In the end, your foundations will be met with elevations to help you grow. It’s up to you to take that leap forward."

Wanderer strikes its own path as a lab 

Each lab’s scenario follows an enterprise storyline that puts the user in the place of a red team member on official business. They primarily focus on real-world type scenarios that focus heavily on Active Directory. 

Wanderer, as the name suggests, strays from that path to give users not only a new type of scenario but also targets technologies that will allow users to explore new skills or reach beyond the fundamentals they might already have. 

You are on a mission

In a post-apocalyptic wasteland, there is little left. One of the few core IT Systems left offers a mobile application to aid in calling the remaining survivors and uploading status reports to unknown leaders.

It is believed that ZAX, who used to go by the pseudonym “WOPR,” set this network up. They have long since gone missing in the chaos of this new world.

You are tasked with wandering from machine to machine, collecting as much information as you can on the users who set this network up. 

Skills coverage

Wanderer is a medium Pro Lab featuring 10 Machines and 20 flags to capture through Enumeration, Advanced SQL Injection, Mobile, WiFi, VoIP Exploitation, Lateral Movement, and Offensive Forensics.

It is designed for intermediate red teamers, with a primary focus on enumeration and building attack chains. While the attacks themselves are not technically complex, they can be challenging to discover.

By completing Wanderer, players will strengthen their enumeration and be well-versed in the following areas:

• Enumeration

• SQL Injection and Filter Evasion

• Web Application Attacks

• Basic Mobile Application Analysis

• Basic WiFi Attacks

• Asterisk Attacks

To reinforce what IppSec said, the key here is enumeration. Learn to dig deeper into technologies you might have fundamental knowledge of. 

Preparing teams for multi-stage cyber attacks

Only 21% of security teams train more than once a year, but attackers don’t wait.

Adversaries chain techniques, exploit the overlooked, and escalate quickly. Organizations that rely on occasional training leave their teams unprepared for what’s really out there. With Wanderer you can start changing this trend and:

• Establish threat-informed red team programs.

• Improve detection and response via offensive forensics.

• Assess readiness on non-traditional attack surfaces.

This dynamic simulation gives the opportunity to red and blue teams to train side by side, transforming security measures into intelligence-driven purple operations to assess and quantify cyber risk.

The scenario enables this by featuring post-exploitation forensics where the goal is to track adversarial behavior, parse mobile logs, and trace lateral movement, building the same instincts used in real-world incident response. This is how teams develop offensive forensics and detection readiness in action, not just in theory.

How to get access to Wanderer

Community members can start attacking Wanderer through the Pro Labs Bundle subscription, which grants access to all red team simulation scenarios in a unique plan (monthly or annual). If you don’t have any active subscription of this kind, you can go straight to your Billing & Plans page to purchase! Get to know more about the Pro Labs subscriptions by visiting this page. 

For business customers, Wanderer is automatically added to your subscription as part of Professional Labs – and it’s ready to be deployed! If your subscription does not include (or you are not an active HTB customer) this new lab, contact your dedicated Customer Success Manager or book a full demo with our team.

GET DEMO 

How strong is your recon game? 

Wanderer is a great opportunity to expand your horizons and sharpen some of your common skills. This Pro Lab was created for explorers and those curious enough to take their hacking the extra mile. 

Start Wanderer Now