About HackTheKnowledge

We believe the only way to truly learn cybersecurity is by doing it. HTK was built to give practitioners real, guided, hands-on experience, not another playlist of videos.

Explore Courses →See How Labs Work

Our impact

Practical cybersecurity training
with measurable outcomes

Students solve guided labs, validate flags against real objectives, and build evidence of competency they can use in interviews and daily work.

200+

Students trained

Across 5 cybersecurity paths

20+

Lab hours

Hands-on practice per path

Courses available

Beginner & intermediate levels

100%

Practical focus

No passive theory-only content

Real scenarios, not simulations

Our labs use actual malware samples, live network captures and documented attack scenarios, the same material practitioners deal with every day.

Self-paced with permanent access

No deadlines, no expiration. Courses and labs remain accessible after purchase so you can revisit, practice again, and deepen your skills.

Credentials backed by real skill

HTK certificates are awarded only after passing validated exams that test practical ability, not time-watched or quiz completion.

The team

Meet the instructors

HTK courses are built by practitioners who work in the field every day, not by marketers or generic content creators.

Francisco Ramos

Founder · Malware Analyst · Lead Instructor

Cybersecurity specialist with 5+ years of hands-on malware analysis and reverse engineering. GREM-certified, builds the Windows and Android malware analysis paths.

Malware AnalysisReverse EngineeringDFIRIncident ResponseGREMOSINT

Francisco is a cybersecurity specialist and malware analyst with 5+ years of experience focused on reverse engineering and behavior mapping. GREM-certified and a member of the SANS Advisory Board, he has investigated 30+ real-world malware families. As HTK's Founder and Tech Cybersecurity Specialist at UBS, he applies enterprise-tested workflows to the curriculum. Over the past 4+ years as an instructor, he has taught malware analysis and phishing investigations, translating complex tradecraft into clear, practical lessons that learners can immediately apply. He is also an instructor for Immune Technology Institute where he teaches malware analysis. His goal is to demystify malware, teach repeatable analysis methods, and support learners with clear guidance.

Path

Windows Malware Analysis

Certification

GREM

Focus

DFIR and Incident Response

Experience

6+ years

Mohamed Mahdi Besbes

Co-Founder · Incident Response Specialist

Cybersecurity professional with extensive experience in incident response and forensic analysis. Tech Cybersecurity Senior Specialist at UBS, brings real-world detection and response expertise.

Incident ResponseForensicsMalware AnalysisSANS GCIHCyberArkSplunk

Mohamed Mahdi is a cybersecurity professional with extensive experience in the finance sector, currently serving as Tech Cybersecurity Senior Specialist at UBS. His expertise spans cyber defense, incident response, forensics, and malware analysis. He brings enterprise-tested workflows and strategic thinking to HTK, bridging the gap between technical execution and organizational resilience. Previously as Senior Consultant at PwC, he advised leading organizations on cybersecurity strategy and risk mitigation. He is also an instructor at Masterschool where he has helped over 100 students build strong foundations in cybersecurity. He leads live sessions on CompTIA Security+, incident response, and SOC operations, combining real-world insights with hands-on learning.

Path

Incident Response & Forensics

Certification

SANS GCIH

Focus

Cyber Defense and Detection

Experience

6+ years

Massimiliano D'Onofrio

Co-Founder · Social Engineering Specialist

Focused on social engineering defense playbooks, human-risk workflows, and communication security. Leads the Social Engineering and OSINT paths at HTK.

Social EngineeringSecurity AwarenessHuman RiskOSINTOperations

Massimiliano brings a unique dual perspective to HTK: part attacker mindset, part organizational defense. His work centers on the human element of cybersecurity, how people are targeted, how organizations can build resilient awareness cultures, and how to translate behavioral science into practical security protocols. He is the architect of the Social Engineering curriculum and contributes to the OSINT path methodology. His expertise helps learners understand the psychology of attacks and build real defenses.

Path

Social Engineering & OSINT

Focus

Human Risk and Awareness

Methodology

MITRE ATT&CK (Initial Access)

Experience

5+ years

How we teach

The HTK methodology

Four steps that take you from zero context to validated, demonstrable skill, applied consistently across every course and lab.

Guided Objectives

Every lab breaks down into clear, actionable objectives. No vague instructions. You always know what you're trying to find and why it matters.

Isolated VM Environment

Practice against real malware samples, network traffic, and attack scenarios inside a fully sandboxed virtual machine. Zero risk to your machine.

Validated Progress

CTF-style flags auto-validate every objective instantly. No waiting for reviews, you get immediate and objective feedback on your analysis.

Certified Achievement

Complete the course exams and earn your HTK certificate, a credential backed by real demonstrated skill, not just passive video consumption.

Try a lab →Browse all courses →

Curriculum

Training paths we cover

Five distinct threat domains, each with beginner and intermediate courses, guided labs, and an HTK certificate upon completion.

Windows Malware

From static triage to advanced unpacking, process injection, C2 extraction, and MITRE ATT&CK-mapped DFIR reports, all in isolated FLARE-VM labs.

FLARE-VMx64dbgPE-StudioProcmonProcess Explorer+11 more

Beginner + IntermediateExplore →

Android Malware

Reverse engineering APKs and safe dynamic analysis.

jadx-guiapktoolMobSFADBFrida+11 more

Beginner + IntermediateExplore →

Phishing & OSINT

Detect, analyze, and investigate phishing campaigns end-to-end, email forensics, SSL/TLS analysis, domain intelligence, malicious document triage, and threat actor attribution with professional OSINT tools.

urlscan.ioVirusTotalWHOISShodanCensys+11 more

Beginner + IntermediateExplore →