Labs

14 challenges available. Find the flag, submit it, earn points.

All Linux Windows Active Directory AWS Azure Oracle Cloud Google Cloud IBM Cloud API Security Web
Easy 100 pts

Find the Hidden File

A sensitive file is hidden somewhere in the filesystem. Can you find it?

0 solves Linux
Medium 200 pts

Reverse Shell

Establish a reverse shell connection to the target machine.

0 solves Linux
Medium 250 pts

Sudo Privilege Escalation

A user has sudo privileges for an unusual binary. Escalate to root.

0 solves Linux
Easy 150 pts

Registry Secrets

Sensitive information is stored in the Windows Registry. Find it.

0 solves Windows
Hard 300 pts

PowerShell Empire

Use PowerShell to extract data from a remote system.

0 solves Windows
Medium 200 pts

Domain Enumeration

Enumerate the Active Directory domain and find sensitive accounts.

0 solves Active Directory
Expert 400 pts

Kerberoasting

Perform a Kerberoasting attack to extract service account credentials.

0 solves Active Directory
Easy 150 pts

S3 Bucket Misconfiguration

An S3 bucket has been misconfigured. Find and access sensitive data.

0 solves AWS
Hard 350 pts

IAM Privilege Escalation

Escalate privileges using overly permissive IAM policies.

0 solves AWS
Medium 200 pts

Azure AD Enumeration

Enumerate Azure AD tenant and discover security misconfigurations.

0 solves Azure
Medium 250 pts

Broken Authentication

The API has a broken authentication mechanism. Bypass it.

0 solves API Security
Hard 300 pts

Mass Assignment

Exploit mass assignment vulnerability to escalate privileges.

0 solves API Security
Easy 100 pts

SQL Injection

A login form is vulnerable to SQL injection. Login without credentials.

0 solves Web
Medium 200 pts

XSS Stored

A comment section is vulnerable to stored XSS. Steal the admin cookie.

0 solves Web