118 labs
Easy βœ“ Free
πŸš€ Zero to Hacker

Kali Environment Setup

Set up your Kali VM, configure tools, and prepare your hacking lab environment.

Start Lab β†’
Easy βœ“ Free
πŸš€ Zero to Hacker

Network Scanning with Nmap

Host discovery, port scanning, service detection, OS fingerprinting, and NSE scripts.

Start Lab β†’
Easy βœ“ Free
πŸš€ Zero to Hacker

Traffic Analysis with Wireshark

Capture, filter, and dissect network traffic to understand protocols.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

Netcat Fundamentals

Netcat as a network Swiss army knife β€” listeners, file transfer, reverse shells.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

Python Scripting Lab

Socket programming, subprocess, file I/O, and building basic automation tools.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

DNS Enumeration with Python

Build a DNS reconnaissance tool from scratch in Python.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

File Transfers

Move files between machines using HTTP, FTP, SCP, SMB, and base64 encoding.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

OSINT Reconnaissance

End-to-end passive recon on a target: DNS, WHOIS, Shodan, theHarvester.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

Service Footprinting

Banner grabbing and service enumeration across FTP, SSH, SMTP, SMB, and HTTP.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

Hydra Brute Force

Online password attacks against SSH, FTP, HTTP forms, and RDP with Hydra.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

Password Cracking

Crack NTLM, SHA1, and bcrypt hashes offline using hashcat and John the Ripper.

Start Lab β†’
Easy πŸ”’ Members
πŸš€ Zero to Hacker

Metasploit Basics

msfconsole, searching modules, setting options, running exploits, and Meterpreter.

Start Lab β†’
Intermediate πŸ”’ Members
πŸš€ Zero to Hacker

Reverse Shells

Bash, Python, PHP, PowerShell, and Meterpreter reverse shells with netcat handlers.

Start Lab β†’
Intermediate πŸ”’ Members
πŸš€ Zero to Hacker

Privilege Escalation

Linux and Windows privesc fundamentals using linpeas, winpeas, and manual methods.

Start Lab β†’
Intermediate πŸ”’ Members
πŸš€ Zero to Hacker

Password Attacks

Pass-the-Hash, credential dumping with Mimikatz, and password spray techniques.

Start Lab β†’
Easy βœ“ Free
πŸ•ΈοΈ Web Security

Burp Suite Basics

Intercept, modify, and replay HTTP requests using Burp Suite Community Edition.

Start Lab β†’
Easy βœ“ Free
πŸ•ΈοΈ Web Security

Web Reconnaissance

Directory busting, technology fingerprinting, and web attack surface mapping.

Start Lab β†’
Easy πŸ”’ Members
πŸ•ΈοΈ Web Security

Web Fuzzing with ffuf

Fast directory, parameter, and vhost fuzzing with ffuf and SecLists.

Start Lab β†’
Easy πŸ”’ Members
πŸ•ΈοΈ Web Security

SQL Injection

Error-based, union-based, and basic SQLi with manual exploitation.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Advanced SQL Injection

Second-order SQLi, stored procedures, and WAF bypass techniques.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Blind SQL Injection

Boolean-based and time-based blind SQLi with sqlmap and manual methods.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

NoSQL Injection

MongoDB operator injection, authentication bypass, and data extraction.

Start Lab β†’
Easy πŸ”’ Members
πŸ•ΈοΈ Web Security

Command Injection

OS command injection via semicolons, pipes, and backticks with filter bypass.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

XPath & LDAP Injection

Exploit XML XPath and LDAP directory injection vulnerabilities.

Start Lab β†’
Easy πŸ”’ Members
πŸ•ΈοΈ Web Security

Cross-Site Scripting (XSS)

Reflected, stored, and DOM-based XSS with cookie theft and keylogger payloads.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Advanced XSS & CSRF

XSS chaining, CSP bypass, CSRF token theft, and SameSite attribute bypass.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Broken Authentication & Sessions

Session fixation, prediction, and authentication logic flaws.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Attacking Authentication

2FA bypass, brute force protection bypass, and credential stuffing.

Start Lab β†’
Easy πŸ”’ Members
πŸ•ΈοΈ Web Security

Insecure Direct Object References

IDOR via predictable IDs, GUIDs, and horizontal vs vertical privilege escalation.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

File Upload Vulnerabilities

Bypass extension filters, MIME type checks, and upload webshells.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

LFI & RFI

Path traversal, null byte injection, PHP wrappers, and remote file inclusion.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

OAuth & JWT Attacks

alg:none bypass, RS256β†’HS256 confusion, JWT cracking, and OAuth code theft.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

SSRF Attacks

Internal service access, cloud metadata exploitation, and SSRF filter bypasses.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Server-Side Template Injection (SSTI)

Detect and exploit Jinja2, Twig, and Freemarker SSTI for RCE.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

HTTP Request Smuggling

CL.TE and TE.CL desync attacks to bypass front-end security controls.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

Insecure Deserialization

Java, PHP, and Python deserialization gadget chains for RCE.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

HTTP Misconfiguration Abuse

CORS, caching, host header injection, and HTTP/2 downgrade attacks.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

Server-Side Attacks

Advanced SSRF chains, XXE, and server-side prototype pollution.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

IDOR & XXE Attacks

XXE external entity injection, blind XXE via OOB, and mass IDOR testing.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

Subdomain Takeover

Enumerate dangling DNS, claim GitHub Pages and S3 buckets, exploit cookie scope.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

API & Web Service Attacks

REST API enumeration, BOLA, mass assignment, and API-specific fuzzing.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

Attacking GraphQL

Introspection abuse, batching attacks, and GraphQL injection.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

JavaScript Deobfuscation

Unpack obfuscated JS, extract hidden endpoints, and reverse client-side logic.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

Modern Web Exploitation

Prototype pollution, web cache poisoning, and client-side path traversal.

Start Lab β†’
Advanced πŸ”’ Members
πŸ•ΈοΈ Web Security

Whitebox Web RCE

Code review-driven RCE finding in PHP, Python, and Java web applications.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ•ΈοΈ Web Security

WordPress Exploitation

WPScan, plugin CVEs, theme RCE, XML-RPC abuse, and brute force.

Start Lab β†’
Easy πŸ”’ Members
🏰 Infrastructure & AD

SMB Enumeration

Enumerate SMB shares, null sessions, and users with enum4linux and smbclient.

Start Lab β†’
Easy πŸ”’ Members
🏰 Infrastructure & AD

Active Directory Basics

AD enumeration with net commands, PowerShell, and LDAP queries.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

AD LDAP Enumeration

ldapsearch, windapsearch, and manual LDAP queries to map AD structure.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

AD Enumeration with PowerView

PowerView functions for enumerating users, groups, ACLs, and SPNs.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

BloodHound AD Mapping

SharpHound collection, BloodHound graph analysis, and finding attack paths.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

Kerberos Attacks

Kerberoasting, ASREPRoasting, Pass-the-Ticket, and Golden/Silver tickets.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

NTLM Relay Attacks

Responder, NTLMrelayx, and relay chains for credential capture and relay.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

Windows Privilege Escalation

Services, tokens, registry, DLL hijacking, and AlwaysInstallElevated.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

AD Trust Attacks

SID history injection, foreign principal abuse, and cross-forest attacks.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

DACL Abuse Attacks

GenericAll, WriteDACL, GenericWrite, and AddMember for privesc.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

ADCS Certificate Attacks

ESC1–ESC8 ADCS misconfigurations for certificate-based domain compromise.

Start Lab β†’
Intermediate πŸ”’ Members
🏰 Infrastructure & AD

CrackMapExec

CME for SMB enumeration, credential testing, and lateral movement.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

Windows Lateral Movement

PSExec, WMI, WinRM, DCOM, and token impersonation for lateral movement.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

MSSQL/Exchange/SCCM Attacks

Linked server abuse, MSSQL xp_cmdshell, Exchange privilege escalation.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

WMI Tradecraft

WMI for persistence, lateral movement, and stealthy code execution.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

Attacking Enterprise Networks

Full attack chain from external foothold to domain admin in a lab network.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

C2 Framework: Sliver

Deploy and operate the Sliver C2 framework for red team engagements.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

Windows Evasion Techniques

AMSI bypass, PowerShell logging bypass, and process injection methods.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

AppLocker Bypass

AppLocker rule bypass via trusted paths, DLL side-loading, and COM objects.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

Pivoting & Tunneling

Proxychains, SSH tunneling, Chisel, and Ligolo for network pivoting.

Start Lab β†’
Advanced πŸ”’ Members
🏰 Infrastructure & AD

Supply Chain Attacks

Build process compromise, dependency confusion, and package hijacking.

Start Lab β†’
Easy πŸ”’ Members
πŸ›‘οΈ Defensive

SOC Alert Triage

Work a realistic alert queue: classify, investigate, and escalate findings.

Start Lab β†’
Easy πŸ”’ Members
πŸ›‘οΈ Defensive

Splunk Detection

Write SPL queries, build dashboards, and create detection rules in Splunk.

Start Lab β†’
Easy πŸ”’ Members
πŸ›‘οΈ Defensive

Windows Event Log Analysis

Key event IDs for logon, process creation, lateral movement, and privilege use.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

Threat Hunting with Elastic

Hypothesis-driven hunting in Elastic/Kibana using KQL and EQL.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

YARA & Sigma Rules

Write YARA malware signatures and Sigma detection rules for SIEM platforms.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

IDS/IPS Detection

Snort/Suricata rule writing, tuning, and evasion-aware detection.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

User Behavior Forensics

UEBA concepts, detecting insider threats, and anomalous account activity.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

Process Injection Detection

Detect DLL injection, process hollowing, and reflective injection in EDR logs.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

Linux Forensics

Disk acquisition, filesystem timeline, log analysis, and bash history forensics.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

Memory Forensics with Volatility

Analyse infected memory dumps: find malware, C2 IPs, injected code, and creds.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

Malicious Document Analysis

Analyse malicious Office documents, PDFs, and macros with olevba and remnux.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ›‘οΈ Defensive

Windows Attacks & Defense

Attack and detect common Windows attack patterns in a paired lab environment.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ’£ Exploit Dev

Buffer Overflow Basics

Classic stack overflow: control EIP/RIP, find bad chars, and deliver shellcode.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Windows Buffer Overflow x86

Full 32-bit Windows stack overflow with mona.py and custom shellcode.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

SEH Buffer Overflows

Structured Exception Handler overflow exploitation with POP/POP/RET chains.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Egghunter & Shellcoding

Egghunter technique for small buffer spaces and custom shellcode writing.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

WinDBG Dynamic Analysis

Dynamic binary analysis with WinDBG, setting breakpoints, and inspecting memory.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Return Oriented Programming (ROP)

Bypass NX/DEP with ROP gadget chains, ret2libc, and ASLR defeat via info leaks.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Windows Heap Exploitation

Heap spray, use-after-free, and Windows heap internals for exploitation.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Binary Fuzzing

AFL++, libFuzzer, and coverage-guided fuzzing to discover binary vulnerabilities.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Format String Vulnerabilities

Read stack memory, leak canaries, and perform arbitrary writes with %n.

Start Lab β†’
Advanced πŸ”’ Members
πŸ’£ Exploit Dev

Linux Process Injection

ptrace-based injection, LD_PRELOAD abuse, and /proc/mem manipulation.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“‘ Wireless

Aircrack-ng WiFi Attacks

Monitor mode, packet capture, deauth attacks, and WPA2 handshake cracking.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“‘ Wireless

WPA/WPA2 Cracking

Capture 4-way handshake and crack with hashcat GPU-accelerated wordlists.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“‘ Wireless

WEP Attacks

IV collection and statistical WEP key recovery with aircrack-ng.

Start Lab β†’
Advanced πŸ”’ Members
πŸ“‘ Wireless

WPA3 Attacks

Dragonblood side-channel attacks and WPA3 transition mode weaknesses.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“‘ Wireless

WPS Attacks

Reaver and Bully WPS PIN brute force against vulnerable routers.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“‘ Wireless

WiFi Evil Twin

hostapd-wpe captive portal, SSL strip, and credential capture via rogue AP.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“‘ Wireless

Captive Portal Bypass

MAC spoofing, DNS tunnelling, and other captive portal evasion techniques.

Start Lab β†’
Advanced πŸ”’ Members
πŸ“‘ Wireless

Hardware & Bluetooth Attacks

BLE scanning, GATT attribute enumeration, and Bluetooth relay attacks.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“± Mobile

Android Static Analysis

APK decompilation, manifest review, jadx, and secret extraction.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ“± Mobile

Android Dynamic Analysis

Frida hooking, SSL unpinning, and runtime method tracing on Android.

Start Lab β†’
Advanced πŸ”’ Members
πŸ“± Mobile

Android Malware Analysis

Analyse an Android malware sample: C2 extraction, permissions, and indicators.

Start Lab β†’
Intermediate πŸ”’ Members
☁️ Cloud

Cloud AWS Enumeration

Enumerate AWS with compromised keys: IAM, S3, EC2, Lambda, and Secrets Manager.

Start Lab β†’
Advanced πŸ”’ Members
☁️ Cloud

Docker Container Escape

Socket abuse, privileged mode, CAP_SYS_ADMIN cgroup escape, and runc CVE.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

CCNA Subnetting

IP addressing, CIDR notation, and subnet calculation practice.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

VLAN Configuration

Configure VLANs, trunk ports, and inter-VLAN routing on Cisco switches.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

Spanning Tree Protocol

STP operation, root bridge election, and port states.

Start Lab β†’
Intermediate πŸ”’ Members
🌐 Networking

EIGRP Routing

Configure and verify EIGRP routing including neighbour adjacency and metrics.

Start Lab β†’
Intermediate πŸ”’ Members
🌐 Networking

OSPF Routing

OSPF areas, DR/BDR election, and route summarisation.

Start Lab β†’
Intermediate πŸ”’ Members
🌐 Networking

Access Control Lists

Standard, extended, and named ACLs for network traffic filtering.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

NAT & PAT

Configure static NAT, dynamic NAT, and PAT overload.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

Static Routing

Static route configuration, floating routes, and troubleshooting.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

Port Security

Configure port security, sticky MAC addresses, and violation modes.

Start Lab β†’
Intermediate πŸ”’ Members
🌐 Networking

IPv6 Fundamentals

IPv6 addressing, EUI-64, SLAAC, and dual-stack configuration.

Start Lab β†’
Easy πŸ”’ Members
🌐 Networking

DHCP Configuration

Cisco IOS DHCP server and relay agent configuration.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ€– AI Security

Prompt Injection Attacks

Direct and indirect prompt injection to hijack LLM behaviour and extract data.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ€– AI Security

LLM Output Attacks

Jailbreaks, content filter bypass, and adversarial inputs against AI systems.

Start Lab β†’
Advanced πŸ”’ Members
πŸ€– AI Security

Adversarial AI Evasion

Craft adversarial examples to evade image classifiers and NLP security models.

Start Lab β†’
Intermediate πŸ”’ Members
πŸ€– AI Security

AI-Augmented Pentesting

Use LLMs to speed up recon, payload generation, and vulnerability analysis.

Start Lab β†’
Advanced πŸ”’ Members
πŸ€– AI Security

AI Data Poisoning Attacks

Backdoor injection in training data and model supply chain attacks.

Start Lab β†’