Learn
Practice
Compete
AI Upskilling
Education
Business
Pricing
Certifications
Search hundreds of walkthroughs and challenges by security category or difficulty. Whether you're a beginner or a seasoned pro, there's something for everyone!
Hands-on
Labs
Cyber Security
Challenges
1,528 results
Do you have what it takes to defeat me and claim your prize?
medium
Can you bypass the engine?
easy
1-2 hrs
Unlock
Exploit pedit COW, a copy-on-write flaw in the Linux kernel's packet-editing action.
Triage alerts, reassemble streams, extract files, and detect protocol abuse via Wireshark & TShark.
Explore how security analysts can use CTI in their daily operations.
Learn the foundational concepts, approaches, and techniques of threat hunting.
NoScope found an Alf.io RCE zero-day (CVE-2026-35482). Exploit it manually and watch AI solve it.
Explore the duties and exciting opportunities of a SOC Level 2 analyst.
A container without its own role inherits the host's. See how this is an issue of its own.
IMDSv1 turns any SSRF bug into credential theft. Find it, fix it, and build without it.
Patch debt accumulates silently. Learn to find, fix, and prevent it using Systems Manager.
An open management port is a standing invitation. Find it, close it, and build without it.
VPC Flow Logs were not enabled. The network was invisible.
Security groups protect instances. NACLs protect subnets. This one was forgotten.
The subnet is named private. The route table says otherwise. Find it, fix it, and build it right.
Sharing is caring, but sometimes oversharing is a security breach.
Learn how to ensure your Security Groups are well-scoped.
You have locked the bucket and encrypted the data, but there is a missing ingredient.
You cannot secure what you do not see. Understand why silent IAM changes can lead to security incidents.
Investigate how an over-permissive role can be leveraged to escalate permissions and compromise an infrastructure.
Learn to secure S3 data at rest by finding unencrypted buckets, fixing them, and building securely.
An IAM user has long-lived, unrotated access keys. See how to identify, remediate, and prevent this security misconfiguration.
Understand one of the most common S3 misconfigurations and learn how to remediate it.
We use cookies to ensure you get the best user experience. For more information see our cookie policy.