TryHackMe — Rooms
Catalog: 989 rooms indexed from TryHackMe (of which 584 are free; the rest require a VIP subscription). Each room links to the official lab.Info (30)
| Room | Type | Access | Skills | Official |
|---|---|---|---|---|
| AWS: Cloud 101 | Walkthrough | 🟢 Free | AWS: Cloud 101 An introduction to AWS and how cloud has changed computing. I am… | Open |
| Baron Samedit | Walkthrough | 🟢 Free | Baron Samedit A tutorial room exploring CVE-2021-3156 in the Unix Sudo Program.… | Open |
| Becoming a First Responder | Walkthrough | 🔵 VIP | Becoming a First Responder Explaining how first responders work and what to do… | Open |
| Bypass Disable Functions | Challenge | 🟢 Free | Bypass Disable Functions Practice bypassing disabled dangerous features that… | Open |
| Careers in Cyber | Walkthrough | 🟢 Free | Careers in Cyber Learn about the different careers in cyber security. | Open |
| Container Vulnerabilities | — | 🔵 VIP | Container Vulnerabilities | Open |
| Cyber Scotland 2021 | — | 🔵 VIP | Cyber Scotland 2021 | Open |
| Defensive Security Intro | Walkthrough | 🟢 Free | Defensive Security Intro Introducing defensive security, where you will protect… | Open |
| Dirty Pipe: CVE-2022-0847 | Walkthrough | 🟢 Free | SUID binaries | Open |
| Extending Your Network | Walkthrough | 🔵 VIP | Extending Your Network Learn about some of the technologies used to extend… | Open |
| Hack2Win: How you can grab extra tickets | Walkthrough | 🟢 Free | Hack2Win: How you can grab extra tickets Hack and win! Complete rooms, earn… | Open |
| History of Malware | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) · Remote Code Execution (RCE) | Open |
| Intro to LAN | Walkthrough | 🔵 VIP | Intro to LAN Learn about some of the technologies and designs that power… | Open |
| Learn and win prizes | Walkthrough | 🟢 Free | Learn and win prizes Complete rooms, win tickets. Get 3 of the same tickets and… | Open |
| Linux Fundamentals Part 1 | Walkthrough | 🟢 Free | Linux Fundamentals Part 1 Embark on the journey of learning the fundamentals of… | Open |
| Linux Fundamentals Part 2 | Walkthrough | 🔵 VIP | Linux Fundamentals Part 2 Continue your learning Linux journey with part two.… | Open |
| Linux Fundamentals Part 3 | Walkthrough | 🔵 VIP | Linux Fundamentals Part 3 Power-up your Linux skills and get hands-on with some… | Open |
| Operation Slither | — | 🔵 VIP | Operation Slither | Open |
| OverlayFS - CVE-2021-3493 | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Packets & Frames | Walkthrough | 🔵 VIP | Packets & Frames Understand how data is divided into smaller pieces and… | Open |
| Polkit: CVE-2021-3560 | Walkthrough | 🟢 Free | Polkit: CVE-2021-3560 Walkthrough room for CVE-2021-3560 Click the green “Start… | Open |
| Pwnkit: CVE-2021-4034 | Walkthrough | 🟢 Free | Pwnkit: CVE-2021-4034 Interactive lab for exploiting and remediating Pwnkit… | Open |
| REmux The Tmux | Walkthrough | 🟢 Free | REmux The Tmux Updated, how to use tmux guide. Defaults and customize your… | Open |
| Security Awareness | Walkthrough | 🟢 Free | Security Awareness An introduction to security awareness; why its important,… | Open |
| Sudo Buffer Overflow | Walkthrough | 🟢 Free | Buffer Overflow (BoF / ROP) | Open |
| Sudo Security Bypass | Walkthrough | 🟢 Free | Sudo Security Bypass A tutorial room exploring CVE-2019-14287 in the Unix Sudo… | Open |
| Training Impact on Teams | Walkthrough | 🟢 Free | Training Impact on Teams Discover the impact of training on teams and… | Open |
| What is Networking? | Walkthrough | 🟢 Free | What is Networking? Begin learning the fundamentals of computer networking in… | Open |
| Windows Fundamentals 1 | Walkthrough | 🟢 Free | Windows Fundamentals 1 In part 1 of the Windows Fundamentals module, we’ll… | Open |
| Windows Fundamentals 3 | Walkthrough | 🟢 Free | Windows Fundamentals 3 In part 3 of the Windows Fundamentals module, learn… | Open |
Easy (447)
| Room | Type | Access | Skills | Official |
|---|---|---|---|---|
| 0x41haz | Challenge | 🟢 Free | 0x41haz Simple Reversing Challenge What is the password? THM{} | Open |
| 25 Days of Cyber Security | Walkthrough | 🟢 Free | Default credentials · Race Conditions · File Upload Vulnerabilities · Directory fuzzing · SMB (139/445) · SQL Injection · SUID binaries · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | Open |
| A Bucket of Phish | Challenge | 🔵 VIP | A Bucket of Phish From the Hackfinity Battle CTF event. | Open |
| Active Reconnaissance | Walkthrough | 🟢 Free | Active Reconnaissance Learn how to use simple tools such as traceroute, ping,… | Open |
| AD: Basic Enumeration | Walkthrough | 🟢 Free | Active Directory · SMB (139/445) | Open |
| Advent of Cyber 1 [2019] | Walkthrough | 🟢 Free | SUID binaries · Directory fuzzing · Remote Code Execution (RCE) | Open |
| Advent of Cyber 2 [2020] | Walkthrough | 🟢 Free | Default credentials · Race Conditions · File Upload Vulnerabilities · Directory fuzzing · SMB (139/445) · SQL Injection · SUID binaries · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | Open |
| Advent of Cyber 2022 | Walkthrough | 🟢 Free | OS Command Injection · Active Directory · Cracking Hashes (hashcat / John) · File Upload Vulnerabilities · USB forensics · SMB (139/445) · SQL Injection · Access Control / IDOR · Remote Code Execution (RCE) | Open |
| Advent of Cyber 2023 | Walkthrough | 🟢 Free | Active Directory · Buffer Overflow (BoF / ROP) · USB forensics · Sudo abuse · Server-Side Request Forgery · Local File Inclusion (LFI) · Remote Code Execution (RCE) | Open |
| Advent of Cyber 2024 | Walkthrough | 🟢 Free | Active Directory · LLM Attacks (Prompt Injection) · Cracking Hashes (hashcat / John) · Race Conditions · Remote Code Execution (RCE) · XML External Entity | Open |
| Advent of Cyber 3 (2021) | Walkthrough | 🟢 Free | Remote Code Execution (RCE) · Authentication Vulnerabilities · Default credentials · Directory / Path Traversal · SQL Injection · AS-REP Roasting · Directory fuzzing · Access Control / IDOR · Local File Inclusion (LFI) | Open |
| Agent T | Challenge | 🟢 Free | Agent T Something seems a little off with the server. What is the flag? Look… | Open |
| Alfred | Walkthrough | 🔵 VIP | Alfred Exploit Jenkins to gain an initial shell, then escalate your privileges… | Open |
| All in One | Challenge | 🟢 Free | All in One This is a fun box where you will get to exploit the system in… | Open |
| Android Analysis | Walkthrough | 🔵 VIP | USB forensics | Open |
| Android Malware Analysis | Walkthrough | 🟢 Free | Android Malware Analysis Android malware analysis with Pithus (static and… | Open |
| Anonforce | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| Anthem | Challenge | 🟢 Free | Anthem Exploit a Windows machine in this beginner level challenge. | Open |
| Archangel | Challenge | 🟢 Free | Local File Inclusion (LFI) | Open |
| Atlas | Walkthrough | 🟢 Free | Atlas Hack the Atlas server in this beginner room covering Windows attack… | Open |
| Atlassian CVE-2022-26134 | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| AttackerKB | Walkthrough | 🟢 Free | AttackerKB Learn how to leverage AttackerKB and learn about exploits in your… | Open |
| Attacking ICS Plant #1 | Walkthrough | 🟢 Free | Attacking ICS Plant #1 Learn how to discover and attack ICS plants using modbus… | Open |
| Attacking Kerberos | Walkthrough | 🔵 VIP | Attacking Kerberos Learn how to abuse the Kerberos Ticket Granting Service… | Open |
| Auditing and Monitoring | Walkthrough | 🔵 VIP | Auditing and Monitoring Learn about auditing, monitoring, logging, and SIEM. | Open |
| Authentication Bypass | Walkthrough | 🔵 VIP | Authentication Vulnerabilities | Open |
| Autopsy | Walkthrough | 🔵 VIP | Autopsy Learn how to use Autopsy to investigate artefacts from a disk image.… | Open |
| Avengers Blog | Walkthrough | 🔵 VIP | OS Command Injection · SQL Injection | Open |
| AWS Basic Concepts | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| AWS Security - S3cret Santa | Walkthrough | 🟢 Free | AWS Security - S3cret Santa Learn the basics of AWS enumeration. Run aws sts… | Open |
| b3dr0ck | Challenge | 🟢 Free | b3dr0ck Server trouble in Bedrock. What is the barney.txt flag? Explore the… | Open |
| Badbyte | Walkthrough | 🟢 Free | Remote Code Execution (RCE) · Directory / Path Traversal | Open |
| BankGPT | Challenge | 🟢 Free | BankGPT A customer service assistant used by a banking system. What is the… | Open |
| Bash Scripting | Walkthrough | 🟢 Free | Bash Scripting A Walkthrough room to teach you the basics of bash scripting… | Open |
| Basic Pentesting | Challenge | 🟢 Free | Cracking Hashes (hashcat / John) · linPEAS · Directory fuzzing · SMB (139/445) · Remote Code Execution (RCE) | Open |
| Bebop | Walkthrough | 🔵 VIP | Bebop Who thought making a flying shell was a good idea? | Open |
| Become a Defender | Walkthrough | 🔵 VIP | Become a Defender Explore defensive security, cyber infrastructure, and how to… | Open |
| Become a Hacker | Walkthrough | 🔵 VIP | Become a Hacker Explore offensive security, the hacker mindset, and hack a web… | Open |
| Become a Hacker | Walkthrough | 🟢 Free | Become a Hacker Learn how TryHackMe can help you become a hacker. Which of the… | Open |
| Billing | Challenge | 🟢 Free | Billing Some mistakes can be costly. What is user.txt? What is root.txt? | Open |
| Blaster | Walkthrough | 🟢 Free | Directory fuzzing | Open |
| Blue | Walkthrough | 🟢 Free | MS08-067 (NetAPI) | Open |
| Blueprint | Challenge | 🟢 Free | Blueprint Hack into this Windows machine and escalate your privileges to… | Open |
| Bolt | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Break Out The Cage | Challenge | 🟢 Free | Break Out The Cage Help Cage bring back his acting career and investigate the… | Open |
| Breaking Crypto the Simple Way | Walkthrough | 🟢 Free | Breaking Crypto the Simple Way Exploiting common cryptographic mistakes. I have… | Open |
| Broken Access Control | Walkthrough | 🟢 Free | Access Control / IDOR · Remote Code Execution (RCE) | Open |
| Brooklyn Nine Nine | Challenge | 🟢 Free | Brooklyn Nine Nine This room is aimed for beginner level hackers but anyone can… | Open |
| Brute It | Challenge | 🟢 Free | Cracking Hashes (hashcat / John) · Directory fuzzing | Open |
| Buffer Overflows | Walkthrough | 🔵 VIP | Buffer Overflow (BoF / ROP) | Open |
| Bugged | Challenge | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Bulletproof Penguin | Walkthrough | 🔵 VIP | SNMP Enumeration | Open |
| Burp Suite: Extensions | Walkthrough | 🔵 VIP | Burp Suite: Extensions Learn how to use Extensions to broaden the functionality… | Open |
| Bypass Really Simple Security | Walkthrough | 🟢 Free | WordPress Exploitation | Open |
| c4ptur3-th3-fl4g | Challenge | 🟢 Free | c4ptur3-th3-fl4g A beginner level CTF challenge | Open |
| CAPA: The Basics | Walkthrough | 🔵 VIP | CAPA: The Basics Learn to use CAPA to identify malicious capabilities. | Open |
| Capture! | Challenge | 🟢 Free | Capture! Can you bypass the login form? | Open |
| Cat Pictures | Challenge | 🟢 Free | Cat Pictures I made a forum where you can post cute cat pictures! | Open |
| Cat Pictures 2 | Challenge | 🟢 Free | Cat Pictures 2 Now with more Cat Pictures! | Open |
| Cheese CTF | Challenge | 🟢 Free | Cheese CTF Inspired by the great cheese talk of THM! Start the VM. What is the… | Open |
| Chill Hack | Challenge | 🟢 Free | Chill Hack User Flag Root Flag | Open |
| Chocolate Factory | Challenge | 🟢 Free | Chocolate Factory A Charlie And The Chocolate Factory themed room, revisit… | Open |
| Cipher’s Secret Message | Challenge | 🔵 VIP | Cipher’s Secret Message Sharpen your cryptography skills by analyzing code to… | Open |
| Client-Server Basics | Walkthrough | 🔵 VIP | Client-Server Basics This room teaches the basics of the Client-Server model. | Open |
| Cloud Computing Fundamentals | Walkthrough | 🟢 Free | Cloud Computing Fundamentals Discover how cloud computing helps businesses move… | Open |
| Cloud Security Pitfalls | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| ColddBox: Easy | Challenge | 🟢 Free | ColddBox: Easy An easy level machine with multiple ways to escalate privileges.… | Open |
| Command Injection | Walkthrough | 🔵 VIP | OS Command Injection | Open |
| Committed | Challenge | 🔵 VIP | Committed One of our developers accidentally committed some sensitive code to… | Open |
| Common Attacks | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Common Linux Privesc | Walkthrough | 🔵 VIP | Common Linux Privesc A room explaining common Linux privilege escalation | Open |
| Compromised Windows Analysis | Walkthrough | 🟢 Free | Compromised Windows Analysis Learn about some key forensic artifacts and solve… | Open |
| Computer Types | Walkthrough | 🟢 Free | Computer Types Explore the different types of computers, from laptops to the… | Open |
| Confluence CVE-2023-22515 | Walkthrough | 🟢 Free | Confluence CVE-2023-22515 Exploit CVE-2023-22515 to get admin access to… | Open |
| Core Windows Processes | Walkthrough | 🔵 VIP | Core Windows Processes Explore the core processes within a Windows operating… | Open |
| Corp | Walkthrough | 🔵 VIP | Kerberoasting | Open |
| Corridor | Challenge | 🟢 Free | Access Control / IDOR | Open |
| Crack the hash | Challenge | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Creative | Challenge | 🟢 Free | Creative Exploit a vulnerable web application and some misconfigurations to… | Open |
| Cryptography Basics | Walkthrough | 🟢 Free | Cryptography Basics Learn the basics of cryptography and symmetric encryption.… | Open |
| Cryptography Concepts | Walkthrough | 🟢 Free | Cryptography Concepts This room provides an understanding of cryptography in… | Open |
| Cryptosystem | Challenge | 🔵 VIP | Cryptosystem Learn public-key cryptography concepts by analyzing data. | Open |
| CTF collection Vol.1 | Challenge | 🟢 Free | Steganography (Stego) | Open |
| CupidBot | Challenge | 🟢 Free | LLM Attacks (Prompt Injection) | Open |
| Custom Alert Rules in Wazuh | Walkthrough | 🔵 VIP | Custom Alert Rules in Wazuh Learn how to create rules in Wazuh for your… | Open |
| Custom Tooling Using Python | Walkthrough | 🟢 Free | Prototype Pollution · SQL Injection · CSRF (Cross-Site Request Forgery) · Cross-Site Scripting (XSS) | Open |
| CVE-2022-26923 | Walkthrough | 🟢 Free | CVE-2022-26923 Walkthrough on the exploitation of CVE-2022-26923, a… | Open |
| Cyber Crisis Management | Walkthrough | 🔵 VIP | Cyber Crisis Management An introduction into cyber crisis management and how a… | Open |
| Cyber Kill Chain | Walkthrough | 🟢 Free | Cyber Kill Chain The Cyber Kill Chain framework is designed for identification… | Open |
| CyberChef: The Basics | Walkthrough | 🟢 Free | CyberChef: The Basics This room is an introduction to CyberChef, the Swiss Army… | Open |
| CyberLens | Challenge | 🟢 Free | CyberLens Can you exploit the CyberLens web server and discover the hidden… | Open |
| Cyborg | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| DarkMatter | Challenge | 🔵 VIP | DarkMatter Practice how to exploit a weak RSA implementation to recover the… | Open |
| Data Encoding | Walkthrough | 🟢 Free | Data Encoding Learn how computer encodes characters, from ASCII to Unicode’s… | Open |
| Data Representation | Walkthrough | 🟢 Free | Data Representation Learn about how computers represent numbers and colors. | Open |
| Database SQL Basics | Walkthrough | 🔵 VIP | Database SQL Basics Learn the basics of databases and SQL by writing simple… | Open |
| Dav | Challenge | 🟢 Free | Dav boot2root machine for FIT and bsides guatemala CTF user.txt root.txt | Open |
| Dear QA | Challenge | 🟢 Free | Dear QA Are you able to solve this challenge involving reverse engineering and… | Open |
| Deja Vu | Walkthrough | 🟢 Free | Deja Vu Exploit a recent code injection vulnerability to take over a website… | Open |
| Detecting Web Attacks | Walkthrough | 🟢 Free | Detecting Web Attacks Explore web attacks and detection methods through log and… | Open |
| Detecting Web DDoS | Walkthrough | 🔵 VIP | Detecting Web DDoS Explore denial-of-service attacks, detection techniques, and… | Open |
| Detecting Web Shells | Walkthrough | 🔵 VIP | Detecting Web Shells Explore web shell detection by analyzing logs, file… | Open |
| Dev Diaries | Challenge | 🟢 Free | Dev Diaries Hunt through online development traces to uncover what was left… | Open |
| DFIR: An Introduction | Walkthrough | 🟢 Free | USB forensics | Open |
| Diamond Model | Walkthrough | 🔵 VIP | Diamond Model Learn about the four core features of the Diamond Model of… | Open |
| Dig Dug | Challenge | 🟢 Free | Dig Dug Turns out this machine is a DNS server - it’s time to get your shovels… | Open |
| Digital Footprint | Challenge | 🟢 Free | Digital Footprint Beginner friendly OSINT Challenge | Open |
| Digital Forensics Fundamentals | Walkthrough | 🔵 VIP | USB forensics | Open |
| Django: CVE-2025-64459 | Walkthrough | 🟢 Free | SMB (139/445) | Open |
| DNS in Detail | Walkthrough | 🟢 Free | DNS in Detail Learn how DNS works and how it helps you access internet… | Open |
| DOM-Based Attacks | Walkthrough | 🔵 VIP | DOM-Based Attacks Learn about DOM-based vulnerabilities that can be leveraged… | Open |
| Dreaming | Challenge | 🟢 Free | Dreaming Solve the riddle that dreams have woven. What is the Lucien Flag? What… | Open |
| DVWA | Walkthrough | 🟢 Free | DVWA Basic room for testing exploits against the Damn Vulnerable Web… | Open |
| Easy Peasy | Challenge | 🟢 Free | Directory fuzzing · Cracking Hashes (hashcat / John) | Open |
| Empire | Walkthrough | 🟢 Free | Empire Learn how to use Empire and it’s GUI Starkiller, a powerful… | Open |
| Enumeration | Walkthrough | 🔵 VIP | Enumeration This room is an introduction to enumeration when approaching an… | Open |
| Enumeration & Brute Force | Walkthrough | 🟢 Free | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Epoch | Challenge | 🔵 VIP | Epoch Be honest, you have always wanted an online tool that could help you… | Open |
| Eradication & Remediation | Walkthrough | 🔵 VIP | Eradication & Remediation A look into the fourth phase of the Incident Response… | Open |
| Erit Securus I | Walkthrough | 🔵 VIP | Erit Securus I Learn to exploit the BoltCMS software by researching exploit-db. | Open |
| Erlang/OTP SSH: CVE-2025-32433 | Walkthrough | 🟢 Free | Erlang/OTP SSH: CVE-2025-32433 Learn about and exploit Erlang/OTP SSH… | Open |
| Eviction | Walkthrough | 🔵 VIP | Eviction Unearth the monster from under your bed. | Open |
| Evil-GPT | Challenge | 🔵 VIP | Evil-GPT Practice your LLM hacking skills. | Open |
| Evil-GPT v2 | Challenge | 🔵 VIP | Evil-GPT v2 Put your LLM hacking skills to the test one more time. | Open |
| Exploit Vulnerabilities | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Expose | Challenge | 🔵 VIP | Expose Use your red teaming knowledge to pwn a Linux machine. | Open |
| ffuf | Walkthrough | 🟢 Free | Directory fuzzing | Open |
| File and Hash Threat Intel | Walkthrough | 🟢 Free | File and Hash Threat Intel This room seeks to teach on enriching file and hash… | Open |
| Firewall Fundamentals | Walkthrough | 🔵 VIP | Firewall Fundamentals Learn about firewalls and get hands-on with Windows and… | Open |
| Flag Vault | Challenge | 🔵 VIP | Buffer Overflow (BoF / ROP) | Open |
| Flag Vault 2 | Challenge | 🔵 VIP | Flag Vault 2 Exploit a simple format string vulnerability. | Open |
| FlareVM: Arsenal of Tools | Walkthrough | 🔵 VIP | FlareVM: Arsenal of Tools Learn the arsenal of investigative tools in FlareVM. | Open |
| Flatline | Challenge | 🟢 Free | Flatline How low are your morals? | Open |
| Flip | Challenge | 🟢 Free | Flip Hey, do a flip! | Open |
| Forensic Imaging | Walkthrough | 🟢 Free | Forensic Imaging Learn the basic concepts of forensic imaging. | Open |
| Fowsniff CTF | Challenge | 🟢 Free | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Gallery | Challenge | 🟢 Free | Gallery Try to exploit our image gallery system | Open |
| Game Zone | Walkthrough | 🔵 VIP | Game Zone Learn to hack into this machine. Understand how to use SQLMap, crack… | Open |
| GamingServer | Challenge | 🟢 Free | GamingServer An Easy Boot2Root box for beginners | Open |
| Geolocating Images | Walkthrough | 🟢 Free | Geolocating Images Room to understand how to geolocate images | Open |
| Getting Started | Walkthrough | 🟢 Free | Getting Started Get started with TryHackMe by hacking a fake social media… | Open |
| GLITCH | Challenge | 🟢 Free | GLITCH Challenge showcasing a web app and simple privilege escalation. Can you… | Open |
| Gobuster: The Basics | Walkthrough | 🔵 VIP | Directory fuzzing | Open |
| Google Dorking | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Governance & Regulation | Walkthrough | 🟢 Free | Governance & Regulation Explore policies and frameworks vital for regulating… | Open |
| Grep | Challenge | 🔵 VIP | Grep A challenge that tests your reconnaissance and OSINT skills. | Open |
| h4cked | Challenge | 🟢 Free | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Hacker vs. Hacker | Challenge | 🟢 Free | Hacker vs. Hacker Someone has compromised this server already! Can you get in… | Open |
| Hacking with PowerShell | Walkthrough | 🔵 VIP | Hacking with PowerShell Learn the basics of PowerShell and PowerShell Scripting | Open |
| Hardening Basics Part 1 | Walkthrough | 🔵 VIP | Hardening Basics Part 1 Learn how to harden an Ubuntu Server! Covers a wide… | Open |
| Hardening Basics Part 2 | Walkthrough | 🔵 VIP | Hardening Basics Part 2 Continue learning about hardening | Open |
| Hashing Basics | Walkthrough | 🔵 VIP | Hashing Basics Learn about hashing functions and their uses in password… | Open |
| HealthGPT | Challenge | 🔵 VIP | HealthGPT A safety-compliant AI assistant that has strict rules against… | Open |
| HeartBleed | Challenge | 🔵 VIP | HeartBleed SSL issues are still lurking in the wild! Can you exploit this web… | Open |
| Hide and Seek | Challenge | 🔵 VIP | Hide and Seek Conduct a live system analysis to uncover post-compromise… | Open |
| Hijack | Challenge | 🟢 Free | Hijack Misconfigs conquered, identities claimed. What is the user flag? What is… | Open |
| Hosted Hypervisors | Walkthrough | 🟢 Free | Hosted Hypervisors Learn about Hosted Hypervisors, how to investigate them,… | Open |
| How to use TryHackMe | Walkthrough | 🟢 Free | How to use TryHackMe Start and access your first machine! Start the machine by… | Open |
| How Websites Work | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| HTTP in Detail | Walkthrough | 🟢 Free | HTTP in Detail Learn about how you request content from a web server using the… | Open |
| HTTP Request Smuggling | Walkthrough | 🟢 Free | HTTP Request Smuggling | Open |
| Humans as Attack Vectors | Walkthrough | 🔵 VIP | Humans as Attack Vectors Understand why and how people are targeted in cyber… | Open |
| Hydra | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Ice | Walkthrough | 🟢 Free | Remote Code Execution (RCE) · USB forensics | Open |
| IDE | Challenge | 🟢 Free | IDE An easy box to polish your enumeration skills! user.txt root.txt | Open |
| Identity and Access Management | Walkthrough | 🔵 VIP | Identity and Access Management Learn about identification, authentication,… | Open |
| IDOR | Walkthrough | 🔵 VIP | Access Control / IDOR | Open |
| Incident Response Fundamentals | Walkthrough | 🔵 VIP | Incident Response Fundamentals Learn how to perform Incident Response in cyber… | Open |
| Infinity Shell | Challenge | 🔵 VIP | Infinity Shell Investigate and analyse the traces of an attack from an… | Open |
| Insekube | Walkthrough | 🟢 Free | Local File Inclusion (LFI) | Open |
| Inside a Computer System | Walkthrough | 🟢 Free | Inside a Computer System This room covers the basic components of a computer… | Open |
| Intermediate Nmap | Challenge | 🔵 VIP | Intermediate Nmap Can you combine your great nmap skills with other tools to… | Open |
| Intro PoC Scripting | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Intro to Cloud Security | Walkthrough | 🔵 VIP | Intro to Cloud Security Learn fundamental concepts regarding securing a cloud… | Open |
| Intro to Cold System Forensics | Walkthrough | 🟢 Free | USB forensics | Open |
| Intro to Containerisation | Walkthrough | 🟢 Free | Intro to Containerisation Learn about the technologies and benefits of… | Open |
| Intro to Cross-site Scripting | Walkthrough | 🔵 VIP | Cross-Site Scripting (XSS) | Open |
| Intro to Detection Engineering | Walkthrough | 🟢 Free | Intro to Detection Engineering Introduce the concept of detection engineering… | Open |
| Intro to Digital Forensics | Walkthrough | 🟢 Free | USB forensics | Open |
| Intro to Docker | Walkthrough | 🟢 Free | Intro to Docker Learn to create, build and deploy Docker containers! | Open |
| Intro to Endpoint Security | Walkthrough | 🟢 Free | Intro to Endpoint Security Learn about fundamentals, methodology, and tooling… | Open |
| Intro to GraphQL Hacking | Walkthrough | 🔵 VIP | GraphQL Vulnerabilities | Open |
| Intro to IoT Pentesting | Walkthrough | 🟢 Free | Intro to IoT Pentesting A beginner friendly walkthrough for internet of things… | Open |
| Intro to IR and IM | Walkthrough | 🔵 VIP | Intro to IR and IM An introduction to Incident Response and Incident Management. | Open |
| Intro to Kubernetes | Walkthrough | 🔵 VIP | Intro to Kubernetes An introduction to Kubernetes covering the basics of… | Open |
| Intro to Log Analysis | Walkthrough | 🟢 Free | Intro to Log Analysis An intro to log analysis, best practices, and essential… | Open |
| Intro to Logs | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Intro To Pwntools | Walkthrough | 🟢 Free | Buffer Overflow (BoF / ROP) | Open |
| Intro to SSRF | Walkthrough | 🔵 VIP | Server-Side Request Forgery · Remote Code Execution (RCE) | Open |
| Introduction to Antivirus | Walkthrough | 🟢 Free | Introduction to Antivirus Understand how antivirus software works and what… | Open |
| Introduction to AWS IAM | Walkthrough | 🟢 Free | Introduction to AWS IAM A Brief introduction to the importance of IAM and the… | Open |
| Introduction to CryptOps | Walkthrough | 🟢 Free | Access Control / IDOR · Remote Code Execution (RCE) | Open |
| Introduction to Django | Walkthrough | 🟢 Free | Introduction to Django How it works and why should I learn it? Read the above… | Open |
| Introduction to Flask | Walkthrough | 🟢 Free | Introduction to Flask How it works and how can I exploit it? | Open |
| Introduction to OWASP ZAP | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Introduction to SIEM | Walkthrough | 🟢 Free | Introduction to SIEM Learn the fundamentals of SIEM and explore its features… | Open |
| Introduction to Windows API | Walkthrough | 🟢 Free | Introduction to Windows API Learn how to interact with the win32 API and… | Open |
| Introductory Networking | Walkthrough | 🟢 Free | Introductory Networking An introduction to networking theory and basic… | Open |
| Introductory Researching | Walkthrough | 🟢 Free | Introductory Researching A brief introduction to research skills for pentesting. | Open |
| Investigating Windows | Challenge | 🟢 Free | Investigating Windows A windows machine has been hacked, its your job to go… | Open |
| Invite Only | Challenge | 🔵 VIP | Invite Only Extract insight from a set of flagged artefacts, and distil the… | Open |
| iOS Analysis | Walkthrough | 🔵 VIP | iOS Analysis Discover the forensic artefacts present within iOS. | Open |
| iOS Forensics | Walkthrough | 🔵 VIP | USB forensics | Open |
| IR Philosophy and Ethics | Walkthrough | 🟢 Free | IR Philosophy and Ethics Addressing the Incident Response philosophy. DFIR… | Open |
| IR Playbooks | Walkthrough | 🟢 Free | IR Playbooks Learn the basics of creating and using IR playbooks. I have… | Open |
| Jack-of-All-Trades | Challenge | 🟢 Free | Jack-of-All-Trades Boot-to-root originally designed for Securi-Tay 2020 User… | Open |
| John the Ripper: The Basics | Walkthrough | 🔵 VIP | Cracking Hashes (hashcat / John) | Open |
| JPGChat | Challenge | 🟢 Free | Sudo abuse · Remote Code Execution (RCE) | Open |
| Junior Security Analyst Intro | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Jupyter 101 | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Kali Machine | Walkthrough | 🔵 VIP | Kali Machine Access your own Kali Machine | Open |
| Kenobi | Walkthrough | 🟢 Free | SMB (139/445) · SUID binaries | Open |
| kiba | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| KoTH Food CTF | Challenge | 🟢 Free | KoTH Food CTF Practice Food KoTH alone, to get familiar with KoTH! Get all 8… | Open |
| L2 MAC Flooding & ARP Spoofing | Walkthrough | 🟢 Free | Web Cache Attacks (Poisoning / Deception) | Open |
| Lateral Movement and Pivoting | Walkthrough | 🔵 VIP | Port Forwarding / Pivoting | Open |
| LDAP Injection | Walkthrough | 🔵 VIP | LDAP Injection Exploiting Lightweight Directory Access Protocol. | Open |
| Learn Rust | Walkthrough | 🟢 Free | Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | Open |
| Learning Cyber Security | Walkthrough | 🟢 Free | Learning Cyber Security Get a short introduction to a few of the security… | Open |
| Lessons Learned | Walkthrough | 🔵 VIP | Lessons Learned A look into the fifth phase of the Incident Response framework:… | Open |
| Lian_Yu | Challenge | 🟢 Free | Lian_Yu A beginner level security challenge Deploy the VM and Start the… | Open |
| Library | Challenge | 🟢 Free | Library boot2root machine for FIT and bsides guatemala CTF | Open |
| Light | Challenge | 🟢 Free | Light Welcome to the Light database application! What is the admin username?… | Open |
| Linux Backdoors | Walkthrough | 🟢 Free | Linux Backdoors Learn all the different techniques used to backdoor a linux… | Open |
| Linux CLI - Shells Bells | Walkthrough | 🟢 Free | Linux CLI - Shells Bells Explore the Linux command-line interface and use it to… | Open |
| Linux CLI Basics | Walkthrough | 🔵 VIP | Linux CLI Basics Get comfortable navigating through the Linux CLI. | Open |
| Linux File System Analysis | Walkthrough | 🟢 Free | Linux File System Analysis Perform real-time file system analysis on a Linux… | Open |
| Linux Incident Surface | Walkthrough | 🟢 Free | Linux Incident Surface Explore various areas of Incident Surface in Linux and… | Open |
| Linux Logging for SOC | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Linux Modules | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Linux Process Analysis | Walkthrough | 🟢 Free | Linux Process Analysis Perform thorough process and application analysis to… | Open |
| Linux Shells | Walkthrough | 🔵 VIP | Linux Shells Learn about scripting and the different types of Linux shells. | Open |
| Linux Strength Training | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Linux: Local Enumeration | Walkthrough | 🔵 VIP | Linux: Local Enumeration Learn to efficiently enumerate a linux machine and… | Open |
| Living Off the Land Attacks | Walkthrough | 🔵 VIP | Living Off the Land Attacks Learn to detect and analyse Living Off the Land… | Open |
| LLM Output Handling and Privacy Risks | Walkthrough | 🔵 VIP | LLM Output Handling and Privacy Risks Learn how LLMs handle their output and… | Open |
| Log Operations | Walkthrough | 🟢 Free | Log Operations Learn the operation process details. | Open |
| Logs Fundamentals | Walkthrough | 🔵 VIP | Logs Fundamentals Learn what logs are and how to analyze them for effective… | Open |
| Lookback | Challenge | 🔵 VIP | Lookback You’ve been asked to run a vulnerability test on a production… | Open |
| Lookup | Challenge | 🟢 Free | Lookup Test your enumeration skills on this boot-to-root machine. | Open |
| Love Letter Locker | Challenge | 🟢 Free | Love Letter Locker Use your skills to access other users’ letters. What is the… | Open |
| macOS Forensics: The Basics | Walkthrough | 🟢 Free | USB forensics | Open |
| Madness | Challenge | 🟢 Free | Madness Will you be consumed by Madness? | Open |
| magician | Challenge | 🟢 Free | magician This magical website lets you convert image file formats user.txt… | Open |
| MAL: Malware Introductory | Walkthrough | 🟢 Free | EternalBlue (MS17-010) | Open |
| MAL: REMnux - The Redux | Walkthrough | 🔵 VIP | USB forensics | Open |
| MAL: Researching | Walkthrough | 🟢 Free | MAL: Researching Understanding checksums, how to generate them and their use… | Open |
| MAL: Strings | Walkthrough | 🔵 VIP | MAL: Strings Investigating “strings” within an application and why these values… | Open |
| Malware Analysis - Malhare.exe | Walkthrough | 🟢 Free | USB forensics | Open |
| Malware Classification | Walkthrough | 🟢 Free | Malware Classification Learn how to identify, classify, and understand common… | Open |
| Man-in-the-Middle Detection | Walkthrough | 🔵 VIP | Man-in-the-Middle Detection Learn what MITM attack is, and how to identify the… | Open |
| Memory Acquisition | Walkthrough | 🔵 VIP | Memory Acquisition Learn the techniques and best practices to acquire digitally… | Open |
| Memory Analysis Introduction | Walkthrough | 🟢 Free | USB forensics | Open |
| Memory Forensics | Challenge | 🟢 Free | USB forensics · Cracking Hashes (hashcat / John) | Open |
| Metasploit: Exploitation | Walkthrough | 🔵 VIP | Metasploit: Exploitation Using Metasploit for scanning, vulnerability… | Open |
| Metasploit: Introduction | Walkthrough | 🟢 Free | Metasploit: Introduction An introduction to the main components of the… | Open |
| Metasploit: Meterpreter | Walkthrough | 🔵 VIP | Metasploit: Meterpreter Take a deep dive into Meterpreter, and see how… | Open |
| Microservices Architectures | Walkthrough | 🟢 Free | Microservices Architectures Explore the problems associated with building a… | Open |
| Microsoft Windows Hardening | Walkthrough | 🔵 VIP | Microsoft Windows Hardening To learn key attack vectors used by hackers and how… | Open |
| mKingdom | Challenge | 🟢 Free | mKingdom Beginner-friendly box inspired by a certain mustache man. What is… | Open |
| Mobile Acquisition | Walkthrough | 🟢 Free | Mobile Acquisition Prepare for mobile acquisition with the challenges and… | Open |
| Mobile Malware Analysis | Walkthrough | 🟢 Free | AS-REP Roasting | Open |
| Monday Monitor | Challenge | 🔵 VIP | Monday Monitor Ready to test Swiftspend’s endpoint monitoring? | Open |
| Moniker Link (CVE-2024-21413) | Walkthrough | 🟢 Free | Moniker Link (CVE-2024-21413) Leak user’s credentials using CVE-2024-21413 to… | Open |
| Mother’s Secret | Challenge | 🔵 VIP | Mother’s Secret Exploit flaws found in Mother’s code to reveal its secrets. | Open |
| Mouse Trap | Walkthrough | 🔵 VIP | Mouse Trap Follow Jom and Terry on their purple teaming adventures, emulating… | Open |
| Mr. Phisher | Challenge | 🔵 VIP | Mr. Phisher I received a suspicious email with a very weird looking attachment.… | Open |
| MS Sentinel: Deploy | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| MS Sentinel: Detect | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| MS Sentinel: Ingest Data | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| MS Sentinel: Just Looking | Challenge | 🔵 VIP | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Multi-Factor Authentication | Walkthrough | 🔵 VIP | Multi-Factor Authentication Exploiting Multi-Factor Authentication. | Open |
| Mustacchio | Challenge | 🟢 Free | Mustacchio Easy boot2root Machine | Open |
| n8n: CVE-2025-68613 | Walkthrough | 🔵 VIP | n8n: CVE-2025-68613 Learn how adversaries can exploit the CVE-2025-68613… | Open |
| Neighbour | Challenge | 🟢 Free | Neighbour Check out our new cloud service, Authentication Anywhere. Can you… | Open |
| Network Discovery - Scan-ta Clause | Walkthrough | 🟢 Free | Network Discovery - Scan-ta Clause Discover how to scan network ports and… | Open |
| Network Security | Walkthrough | 🔵 VIP | Network Security Learn about network security, understand attack methodology,… | Open |
| Network Security Essentials | Walkthrough | 🟢 Free | SMB (139/445) · Remote Code Execution (RCE) | Open |
| Network Services | Walkthrough | 🟢 Free | Anonymous FTP · SMB (139/445) | Open |
| Network Services 2 | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) · SUID binaries | Open |
| Network Traffic Basics | Walkthrough | 🟢 Free | SMB (139/445) | Open |
| Networking Concepts | Walkthrough | 🟢 Free | Networking Concepts Learn about the ISO OSI model and the TCP/IP protocol… | Open |
| Networking Core Protocols | Walkthrough | 🔵 VIP | Networking Core Protocols Learn about the core TCP/IP protocols. | Open |
| Networking Essentials | Walkthrough | 🔵 VIP | Networking Essentials Explore networking protocols from automatic configuration… | Open |
| Networking Secure Protocols | Walkthrough | 🔵 VIP | Networking Secure Protocols Learn how TLS, SSH, and VPN can secure your network… | Open |
| NetworkMiner | Walkthrough | 🔵 VIP | USB forensics | Open |
| Next.js: CVE-2025-29927 | Walkthrough | 🟢 Free | Next.js: CVE-2025-29927 Explore an authorisation bypass vulnerability in… | Open |
| Ninja Skills | Challenge | 🟢 Free | Ninja Skills Practise your Linux skills and complete the challenges. Which of… | Open |
| NIS - Linux Part I | Walkthrough | 🔵 VIP | NIS - Linux Part I Enhance your Linux knowledge with this beginner friendly… | Open |
| Nmap Basic Port Scans | Walkthrough | 🔵 VIP | Nmap Basic Port Scans Learn in-depth how nmap TCP connect scan, TCP SYN port… | Open |
| Nmap: The Basics | Walkthrough | 🔵 VIP | Nmap: The Basics Learn how to use Nmap to discover live hosts, find open ports,… | Open |
| NoSQL Injection | Walkthrough | 🟢 Free | SQL Injection · Cracking Hashes (hashcat / John) | Open |
| OhSINT | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| Opacity | Challenge | 🟢 Free | Opacity Opacity is a Boot2Root made for pentesters and cybersecurity… | Open |
| OpenVAS | Walkthrough | 🟢 Free | OpenVAS Learn the basics of threat and vulnerability management using Open… | Open |
| OpenVPN | Walkthrough | 🟢 Free | OpenVPN A guide to connecting to our network using OpenVPN. | Open |
| Operating Systems: Introduction | Walkthrough | 🟢 Free | Operating Systems: Introduction Explore the basics of operating systems and the… | Open |
| Oracle 9 | Challenge | 🟢 Free | Oracle 9 My designation is Oracle 9, I carry with me a sealed transmission. | Open |
| Order | Challenge | 🔵 VIP | Order Perform a known-plaintext attack to recover a repeating-key XOR key and… | Open |
| Osquery: The Basics | Walkthrough | 🔵 VIP | Osquery: The Basics Let’s cover the basics of Osquery. | Open |
| Outlook NTLM Leak | Walkthrough | 🟢 Free | Outlook NTLM Leak Leak password hashes from a user by sending them an email by… | Open |
| Overpass | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| Overpass 2 - Hacked | Walkthrough | 🔵 VIP | Overpass 2 - Hacked Overpass has been hacked! Can you analyse the attacker’s… | Open |
| OWASP Juice Shop | Walkthrough | 🟢 Free | SQL Injection · AS-REP Roasting · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | Open |
| OWASP Mutillidae II | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| OWASP Top 10 2025: Application Design Flaws | Walkthrough | 🟢 Free | OWASP Top 10 2025: Application Design Flaws Learn about A02, A03, A06, and A10… | Open |
| OWASP Top 10 2025: IAAA Failures | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| OWASP Top 10 2025: Insecure Data Handling | Walkthrough | 🟢 Free | SSTI (Server-Side Template Injection) | Open |
| PassCode | Challenge | 🔵 VIP | PassCode From the Hackfinity Battle CTF event. | Open |
| Pentesting Fundamentals | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Phishing Analysis Fundamentals | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Phishing Analysis Tools | Walkthrough | 🔵 VIP | Phishing Analysis Tools Learn the tools used to aid an analyst to investigate… | Open |
| Phishing Emails in Action | Walkthrough | 🟢 Free | Phishing Emails in Action Learn the different indicators of phishing attempts… | Open |
| Phishing Prevention | Walkthrough | 🔵 VIP | Phishing Prevention Learn how to defend against phishing emails. | Open |
| Physical Security Intro | Walkthrough | 🟢 Free | Physical Security Intro This room is an introduction to physical security… | Open |
| Pickle Rick | Challenge | 🟢 Free | Pickle Rick A Rick and Morty CTF. Help turn Rick back into a human! What is the… | Open |
| Post-Exploitation Basics | Walkthrough | 🟢 Free | Kerberoasting · BloodHound | Open |
| Poster | Challenge | 🟢 Free | Poster The sys admin set up a rdbms in a safe way. What is the rdbms installed… | Open |
| Printer Hacking 101 | Walkthrough | 🟢 Free | Printer Hacking 101 Learn about (and get hands on with) printer hacking and… | Open |
| PrintNightmare, again! | Challenge | 🔵 VIP | PrintNightmare, again! Search the artifacts on the endpoint to determine if the… | Open |
| Probe | Walkthrough | 🔵 VIP | Probe Use your baseline scanning skills to enumerate a secure network. | Open |
| Protocols and Servers | Walkthrough | 🔵 VIP | Protocols and Servers Learn about common protocols such as HTTP, FTP, POP3,… | Open |
| Psycho Break | Walkthrough | 🟢 Free | Psycho Break Help Sebastian and his team of investigators to withstand the… | Open |
| Public Key Cryptography Basics | Walkthrough | 🔵 VIP | Public Key Cryptography Basics Discover how public key ciphers such as RSA work… | Open |
| Publisher | Challenge | 🟢 Free | Publisher Test your enumeration skills on this boot-to-root machine. | Open |
| Putting it all together | Walkthrough | 🟢 Free | Putting it all together Learn how all the individual components of the web work… | Open |
| Pyramid Of Pain | Walkthrough | 🟢 Free | Pyramid Of Pain Learn what the Pyramid of Pain is and how it ranks indicators… | Open |
| Pyrat | Challenge | 🟢 Free | Pyrat Test your enumeration skills on this boot-to-root machine. | Open |
| Python Basics | Walkthrough | 🟢 Free | Python Basics Using a web-based code editor, learn the basics of Python and put… | Open |
| Python for Pentesters | Walkthrough | 🔵 VIP | Python for Pentesters Python is probably the most widely used and most… | Open |
| Python: Simple Demo | Walkthrough | 🔵 VIP | Python: Simple Demo Explore what a basic Python program looks like. | Open |
| Race Conditions - Toy to The World | Walkthrough | 🟢 Free | Race Conditions | Open |
| React2Shell: CVE-2025-55182 | Walkthrough | 🟢 Free | React2Shell: CVE-2025-55182 Explore the CVE-2025-55182 vulnerability in React… | Open |
| Red | Challenge | 🟢 Free | Red A classic battle for the ages. What is the first flag? What is the second… | Open |
| Red Team Engagements | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Red Team Fundamentals | Walkthrough | 🟢 Free | Red Team Fundamentals Learn about the basics of a red engagement, the main… | Open |
| Registry Persistence Detection | Walkthrough | 🟢 Free | Registry Persistence Detection Learn to use the AutoRuns PowerShell module to… | Open |
| REMnux: Getting Started | Walkthrough | 🔵 VIP | REMnux: Getting Started Learn how you can use the tools inside the REMnux VM. | Open |
| Res | Challenge | 🔵 VIP | Res Hack into a vulnerable database server with an in-memory data-structure in… | Open |
| Retracted | Walkthrough | 🔵 VIP | Retracted Investigate the case of the missing ransomware. | Open |
| Reversing ELF | Challenge | 🟢 Free | Reversing ELF Room for beginner Reverse Engineering CTF players What is the… | Open |
| Risk Management | Walkthrough | 🔵 VIP | Risk Management Learn about framing, assessing, responding, and monitoring risk. | Open |
| RustScan | Walkthrough | 🟢 Free | RustScan Learn how to use RustScan. Deploy the machine! Go to RustScan Repo .… | Open |
| Search Skills | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Searchlight - IMINT | Challenge | 🟢 Free | Searchlight - IMINT OSINT challenges in the imagery intelligence category Did… | Open |
| Secure GitOps | Walkthrough | 🔵 VIP | Secure GitOps Learn how to secure the GitOps framework. | Open |
| Security Operations | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Session Management | Walkthrough | 🔵 VIP | Session Management Learn about session management and the different attacks… | Open |
| Shadow Trace | Challenge | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Shells Overview | Walkthrough | 🔵 VIP | Shells Overview Learn about the different types of shells. | Open |
| Shodan.io | Walkthrough | 🟢 Free | Shodan.io Learn about Shodan.io and how to use it for devices enumeration - is… | Open |
| Silver Platter | Challenge | 🟢 Free | Silver Platter Can you breach the server? | Open |
| Simple CTF | Challenge | 🟢 Free | SQL Injection | Open |
| SimpleHelp: CVE-2024-57727 | Walkthrough | 🔵 VIP | SimpleHelp: CVE-2024-57727 Learn how attackers can exploit CVE-2024-57727 and… | Open |
| Skynet | Challenge | 🔵 VIP | Skynet A vulnerable Terminator themed Linux machine. | Open |
| Slingshot | Walkthrough | 🔵 VIP | Slingshot Can you retrace an attacker’s steps after they enumerate and… | Open |
| Smag Grotto | Challenge | 🟢 Free | Smag Grotto Follow the yellow brick road. | Open |
| Snapped Phish-ing Line | Challenge | 🔵 VIP | Snapped Phish-ing Line Apply learned skills to probe malicious emails and URLs,… | Open |
| Sneaky Patch | Challenge | 🔵 VIP | Sneaky Patch Investigate the potential kernel backdoor implanted within the… | Open |
| Snyk Code | Walkthrough | 🟢 Free | Snyk Code Securing code with Snyk - a junior application security engineer’s… | Open |
| Snyk Open Source | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| SOC L1 Alert Triage | Walkthrough | 🟢 Free | SOC L1 Alert Triage Learn more about SOC alerts and build a systematic approach… | Open |
| SOC Metrics and Objectives | Walkthrough | 🔵 VIP | SOC Metrics and Objectives Explore key metrics driving SOC effectiveness and… | Open |
| SOC Role in Blue Team | Walkthrough | 🟢 Free | SOC Role in Blue Team Discover security roles and learn how to advance your SOC… | Open |
| SOC Workbooks and Lookups | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Source | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| Speed Chatting | Challenge | 🟢 Free | Speed Chatting Can you hack as fast as you can chat? What is the flag? | Open |
| Splunk: Dashboards and Reports | Walkthrough | 🔵 VIP | Splunk: Dashboards and Reports Explore reports, alerts, and dashboards with… | Open |
| SQL Fundamentals | Walkthrough | 🔵 VIP | SQL Fundamentals Learn how to perform basic SQL queries to retrieve and manage… | Open |
| SQLMAP | Walkthrough | 🟢 Free | Directory fuzzing | Open |
| SQLMap: The Basics | Walkthrough | 🔵 VIP | SQL Injection | Open |
| Starting Out In Cyber Sec | Walkthrough | 🟢 Free | Starting Out In Cyber Sec Learn about the different career paths in Cyber… | Open |
| Startup | Challenge | 🟢 Free | Startup Abuse traditional vulnerabilities via untraditional means. What is the… | Open |
| Steel Mountain | Walkthrough | 🔵 VIP | Steel Mountain Hack into a Mr. Robot themed Windows machine. Use metasploit for… | Open |
| Stolen Mount | Challenge | 🔵 VIP | Stolen Mount Analyse network traffic related to an unauthenticated file share… | Open |
| Supply Chain Attack: Lottie | Walkthrough | 🟢 Free | Supply Chain Attack: Lottie Learn about supply chain attacks and their various… | Open |
| Surfer | Challenge | 🔵 VIP | Surfer Surf some internal webpages to find the flag! | Open |
| Sysinternals | Walkthrough | 🔵 VIP | Sysinternals Learn to use the Sysinternals tools to analyze Windows systems or… | Open |
| Systems as Attack Vectors | Walkthrough | 🔵 VIP | Systems as Attack Vectors Learn how attackers exploit vulnerable and… | Open |
| TakeOver | Challenge | 🟢 Free | Subdomain Enumeration | Open |
| Tcpdump: The Basics | Walkthrough | 🔵 VIP | Tcpdump: The Basics Learn how to use Tcpdump to save, filter, and display… | Open |
| Team | Challenge | 🟢 Free | Team Beginner friendly boot2root machine Deployed user.txt As the “dev” site is… | Open |
| Tech_Supp0rt: 1 | Challenge | 🟢 Free | Tech_Supp0rt: 1 Hack into the scammer’s under-development website to foil their… | Open |
| The Case: Seven Minutes on the Seine | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| The CIA Triad | Walkthrough | 🟢 Free | The CIA Triad Understand the CIA Triad and how it shapes cyber security… | Open |
| The Game | Challenge | 🔵 VIP | The Game Practice your Game Hacking skills. | Open |
| The Game v2 | Challenge | 🔵 VIP | The Game v2 Practice your Game Hacking skills. | Open |
| The Greenholt Phish | Challenge | 🔵 VIP | The Greenholt Phish Use the knowledge attained to analyze a malicious email. | Open |
| The Hacker Methodology | Walkthrough | 🟢 Free | The Hacker Methodology Introduction to the Hacker Methodology What is the first… | Open |
| The Lay of the Land | Walkthrough | 🔵 VIP | The Lay of the Land Learn about and get hands-on with common technologies and… | Open |
| The Phishing Pond | Challenge | 🟢 Free | The Phishing Pond Catch the phish before the phish catches you. What is the… | Open |
| The Sticker Shop | Challenge | 🟢 Free | The Sticker Shop Can you exploit the sticker shop in order to capture the flag?… | Open |
| The Witch’s Cauldron | Walkthrough | 🔵 VIP | The Witch’s Cauldron Can you share Bob’s secret recipe with Alice without Eve… | Open |
| Thompson | Challenge | 🟢 Free | Thompson boot2root machine for FIT and bsides guatemala CTF | Open |
| Threat Hunting: Introduction | Walkthrough | 🟢 Free | Threat Hunting: Introduction Behind the scenes of Threat Hunting - mindset,… | Open |
| Threat Intelligence Tools | Walkthrough | 🟢 Free | Threat Intelligence Tools Explore different OSINT tools used to conduct… | Open |
| tmux | Walkthrough | 🟢 Free | tmux Learn to use tmux, one of the most powerful multi-tasking tools on linux!… | Open |
| Tomcat: CVE-2024-50379 | Walkthrough | 🔵 VIP | Tomcat: CVE-2024-50379 Explore and learn about the Tomcat CVE-2024-50379… | Open |
| tomghost | Challenge | 🟢 Free | tomghost Identify recent vulnerabilities to try exploit the system or read… | Open |
| Tony the Tiger | Challenge | 🟢 Free | Tony the Tiger Learn how to use a Java Serialisation attack in this boot-to-root | Open |
| Toolbox: Vim | Walkthrough | 🟢 Free | Toolbox: Vim Learn vim, a universal text editor that can be incredibly… | Open |
| Tooling via Browser Automation | Walkthrough | 🔵 VIP | Tooling via Browser Automation Creating custom tooling for application testing… | Open |
| ToolsRus | Challenge | 🔵 VIP | Directory fuzzing | Open |
| Tor | Walkthrough | 🟢 Free | Tor A beginner orienteered guide on using the Tor network | Open |
| Traverse | Walkthrough | 🔵 VIP | Traverse Challenge your secure coding skills to restore a compromised website. | Open |
| Trooper | Walkthrough | 🔵 VIP | Trooper Use Cyber Threat Intelligence knowledge and skills to identify a threat… | Open |
| TryHack3M: Bricks Heist | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| TryHeartMe | Challenge | 🟢 Free | TryHeartMe Access the hidden item in this Valentine’s gift shop. What is the… | Open |
| TShark Challenge I: Teamwork | Challenge | 🔵 VIP | TShark Challenge I: Teamwork Put your TShark skills into practice and analyse… | Open |
| TShark Challenge II: Directory | Challenge | 🔵 VIP | TShark Challenge II: Directory Put your TShark skills into practice and analyse… | Open |
| TShark: The Basics | Walkthrough | 🔵 VIP | TShark: The Basics Learn the basics of TShark and take your protocol and PCAP… | Open |
| Tutorial | Walkthrough | 🟢 Free | Tutorial Learn how to use a TryHackMe room to start your upskilling in cyber… | Open |
| U.A. High School | Challenge | 🟢 Free | U.A. High School Welcome to the web application of U.A., the Superhero Academy. | Open |
| Unified Kill Chain | Walkthrough | 🟢 Free | Unified Kill Chain The Unified Kill Chain is a framework which establishes the… | Open |
| Upload Vulnerabilities | Walkthrough | 🔵 VIP | Upload Vulnerabilities Tutorial room exploring some basic file-upload… | Open |
| Virtualization and Containers | Walkthrough | 🔵 VIP | Virtualization and Containers Introduction to common virtualization… | Open |
| Vulnerabilities 101 | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Vulnerability Scanner Overview | Walkthrough | 🔵 VIP | Vulnerability Scanner Overview Learn about vulnerability scanners and how they… | Open |
| VulnNet: Internal | Challenge | 🟢 Free | VulnNet: Internal VulnNet Entertainment learns from its mistakes, and now they… | Open |
| VulnNet: Roasted | Challenge | 🟢 Free | VulnNet: Roasted VulnNet Entertainment quickly deployed another management… | Open |
| Vulnversity | Walkthrough | 🟢 Free | Directory fuzzing · SUID binaries | Open |
| WAF: Introduction | Walkthrough | 🟢 Free | SQL Injection · Remote Code Execution (RCE) | Open |
| Walking An Application | Walkthrough | 🔵 VIP | Walking An Application Manually review a web application for security issues… | Open |
| Web Application Basics | Walkthrough | 🟢 Free | Local File Inclusion (LFI) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) | Open |
| Web Application Security | Walkthrough | 🟢 Free | Web Application Security Learn about web applications and explore some of their… | Open |
| Web Enumeration | Walkthrough | 🔵 VIP | Directory fuzzing · WordPress Exploitation | Open |
| Web Security Essentials | Walkthrough | 🟢 Free | WordPress Exploitation | Open |
| WebGOAT | Walkthrough | 🟢 Free | WebGOAT Simple testing room for beating on WebGOAT Deploy WebGOAT and have fun! | Open |
| Welcome | Walkthrough | 🟢 Free | Welcome Learn how to use a TryHackMe room to start your upskilling in cyber… | Open |
| Wgel CTF | Challenge | 🟢 Free | Wgel CTF Can you exfiltrate the root flag? User flag Root flag | Open |
| What the Shell? | Walkthrough | 🔵 VIP | What the Shell? An introduction to sending and receiving (reverse/bind) shells… | Open |
| Whiterose | Challenge | 🟢 Free | Whiterose Yet another Mr. Robot themed challenge. What’s Tyrell Wellick’s phone… | Open |
| Wifi Hacking 101 | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Windows CLI Basics | Walkthrough | 🔵 VIP | Windows CLI Basics Explore what Windows CLI is, how to navigate, and interact… | Open |
| Windows Logging for SOC | Walkthrough | 🟢 Free | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Windows Network Analysis | Walkthrough | 🔵 VIP | Windows Network Analysis Discover networking artefacts using internal tooling… | Open |
| Windows PowerShell | Walkthrough | 🔵 VIP | Windows PowerShell Discover the “Power” in PowerShell and learn the basics. | Open |
| Wireshark 101 | Walkthrough | 🔵 VIP | Wireshark 101 Learn the basics of Wireshark and how to analyze various… | Open |
| Wireshark: Packet Operations | Walkthrough | 🔵 VIP | Wireshark: Packet Operations Learn the fundamentals of packet analysis with… | Open |
| Wireshark: The Basics | Walkthrough | 🔵 VIP | Wireshark: The Basics Learn the basics of Wireshark and how to analyse… | Open |
| Wordpress: CVE-2021-29447 | Challenge | 🟢 Free | WordPress Exploitation · Server-Side Request Forgery · Cracking Hashes (hashcat / John) | Open |
| Wreath | Walkthrough | 🔵 VIP | Wreath Learn how to pivot through a network by compromising a public facing web… | Open |
| Writing Pentest Reports | Walkthrough | 🟢 Free | Writing Pentest Reports Learn how to write professional pentesting reports that… | Open |
| x86 Architecture Overview | Walkthrough | 🟢 Free | x86 Architecture Overview A crash course in x86 architecture to enable us in… | Open |
| XSS | Walkthrough | 🟢 Free | Cross-Site Scripting (XSS) | Open |
| XSS - Merry XSSMas | Walkthrough | 🟢 Free | Cross-Site Scripting (XSS) | Open |
| Yara | Walkthrough | 🔵 VIP | USB forensics | Open |
Medium (412)
| Room | Type | Access | Skills | Official |
|---|---|---|---|---|
| 0day | Challenge | 🟢 Free | 0day Exploit Ubuntu, like a Turtle in a Hurricane user.txt Hint’s in the… | Open |
| Active Directory Hardening | Walkthrough | 🔵 VIP | Active Directory | Open |
| AD Certificate Templates | Walkthrough | 🟢 Free | AD Certificate Templates Walkthrough on the exploitation of misconfigured AD… | Open |
| AD: Authenticated Enumeration | Walkthrough | 🔵 VIP | Active Directory | Open |
| AD: BadSuccessor | Walkthrough | 🔵 VIP | Active Directory | Open |
| Advanced SQL Injection | Walkthrough | 🟢 Free | SQL Injection | Open |
| Advanced Static Analysis | Walkthrough | 🔵 VIP | Advanced Static Analysis Learn how to identify code constructs and examine the… | Open |
| AI Forensics | Walkthrough | 🟢 Free | USB forensics · Remote Code Execution (RCE) | Open |
| Airplane | Challenge | 🟢 Free | Airplane Are you ready to fly? What is user.txt What is root.txt | Open |
| Alert Triage With Elastic | Walkthrough | 🔵 VIP | Alert Triage With Elastic Investigate alerts with Elastic by analyzing logs and… | Open |
| Alert Triage With Splunk | Walkthrough | 🔵 VIP | Alert Triage With Splunk Use Splunk to triage alerts and investigate malicious… | Open |
| AllSignsPoint2Pwnage | Challenge | 🔵 VIP | AllSignsPoint2Pwnage A room that contains a rushed Windows based Digital Sign… | Open |
| Amazon EC2 - Attack & Defense | Walkthrough | 🟢 Free | Amazon EC2 - Attack & Defense Learn about EC2 and how to compromise an EC2… | Open |
| Analysing Volatile Memory | Walkthrough | 🔵 VIP | Analysing Volatile Memory Learn how the Windows OS manages volatile data in… | Open |
| Android Hacking 101 | Walkthrough | 🟢 Free | Android Hacking 101 Android Mobile Application Penetration Testing | Open |
| Annie | Challenge | 🟢 Free | Annie Remote access comes in different flavors. | Open |
| Anonymous | Challenge | 🟢 Free | Anonymous Not the hacking group | Open |
| Anti-Reverse Engineering | Walkthrough | 🔵 VIP | Anti-Reverse Engineering Learn the techniques used by malware authors to bypass… | Open |
| APIWizards Breach | Walkthrough | 🟢 Free | APIWizards Breach Investigate a security breach at APIWizards Inc. | Open |
| AppSec IR | Walkthrough | 🟢 Free | AppSec IR An introduction into the overlapping worlds of AppSec and IR. | Open |
| APT28 in the Snare | Walkthrough | 🔵 VIP | APT28 in the Snare Engage in a hands-on investigation tracing Fancy Bear’s… | Open |
| APT28 Inception Theory | Walkthrough | 🟢 Free | APT28 Inception Theory Dive into the world of Fancy Bear, a Russian cyber… | Open |
| Aster | Challenge | 🟢 Free | Aster Hack my server dedicated for building communications applications. | Open |
| Athena | Challenge | 🟢 Free | Athena Break all security and compromise the machine. What is the user flag?… | Open |
| Atomic Bird Goes Purple #1 | Walkthrough | 🔵 VIP | Atomic Bird Goes Purple #1 Time to simulate hunting and detecting activities to… | Open |
| Atomic Bird Goes Purple #2 | Walkthrough | 🔵 VIP | Atomic Bird Goes Purple #2 Time to simulate hunting and detecting activities to… | Open |
| Attacking ICS Plant #2 | Challenge | 🟢 Free | Attacking ICS Plant #2 Discover and attack ICS plants using modbus protocol… | Open |
| Attacktive Directory | Challenge | 🟢 Free | Attacktive Directory 99% of Corporate networks run off of AD. But can you… | Open |
| Aurora EDR | Walkthrough | 🔵 VIP | Aurora EDR Familiarise with the use of a Sigma-based EDR tool, Aurora. | Open |
| AV Evasion: Shellcode | Walkthrough | 🔵 VIP | AV Evasion: Shellcode Learn shellcode encoding, packing, binders, and crypters. | Open |
| AVenger | Challenge | 🔵 VIP | AVenger You’ve been asked to exploit all the vulnerabilities present. | Open |
| AWS API Gateway | Walkthrough | 🟢 Free | WebSockets Vulnerabilities | Open |
| AWS IAM Enumeration | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) · Remote Code Execution (RCE) | Open |
| AWS IAM Initial Access | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| AWS Lambda | Walkthrough | 🟢 Free | AWS Lambda Learn the security aspects of Amazon’s serverless service I’m ready… | Open |
| AWS S3 - Attack and Defense | Walkthrough | 🟢 Free | Remote Code Execution (RCE) · WordPress Exploitation | Open |
| AWS Security Logging | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| AWS VPC - Attack and Defense | Challenge | 🟢 Free | AWS VPC - Attack and Defense Learn the basics of AWS Virtual Private Cloud. | Open |
| AWS VPC - Data Exfiltration | Challenge | 🟢 Free | AWS VPC - Data Exfiltration Exercise on compromising an existing VPC. Let’s get… | Open |
| Azure DevSecOps | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Azure: Can you GA? | Walkthrough | 🔵 VIP | Azure: Can you GA? Azure challenge for cloud pentesters: find the attack path… | Open |
| Azure: Eyes Wide Shut | Challenge | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Azure: Hoppity Hop | Challenge | 🔵 VIP | Azure: Hoppity Hop Azure challenge for cloud pentesters: Can you find the… | Open |
| Backtrack | Challenge | 🟢 Free | Backtrack Daring to set foot where no one has. What is the content of… | Open |
| Baselines and Anomalies | Walkthrough | 🔵 VIP | Baselines and Anomalies Identify normal activity and hunt for anomalies. | Open |
| Basic Dynamic Analysis | Walkthrough | 🔵 VIP | Basic Dynamic Analysis Learn how to analyze malware Dynamically by running them… | Open |
| Basic Malware RE | Challenge | 🟢 Free | Basic Malware RE This room aims towards helping everyone learn about the basics… | Open |
| Basic Static Analysis | Walkthrough | 🔵 VIP | Basic Static Analysis Learn basic malware analysis techniques without running… | Open |
| battery | Challenge | 🟢 Free | battery CTF designed by CTF lover for CTF lovers Base Flag : User Flag : Root… | Open |
| Benign | Challenge | 🔵 VIP | Benign Challenge room to investigate a compromised host. | Open |
| Biblioteca | Challenge | 🔵 VIP | Biblioteca Shhh. Be very very quiet, no shouting inside the biblioteca. | Open |
| Binary Heaven | Challenge | 🟢 Free | Binary Heaven Let us enjoy the heaven of binaries I’ve deployed the VM! What is… | Open |
| Biohazard | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| biteme | Challenge | 🟢 Free | biteme Stay out of my server! What is the user flag? What is the root flag? | Open |
| Blizzard | Walkthrough | 🔵 VIP | Blizzard A critical alert was triggered from a sensitive server. You are tasked… | Open |
| Block | Challenge | 🟢 Free | Block Encryption? What encryption? What is the username of the first person who… | Open |
| Blog | Challenge | 🟢 Free | WordPress Exploitation | Open |
| Boiler CTF | Challenge | 🟢 Free | Boiler CTF Intermediate level CTF File extension after anon login What is on… | Open |
| Boogeyman 2 | Challenge | 🔵 VIP | Boogeyman 2 The Boogeyman is back. Are you still afraid of the Boogeyman? | Open |
| Boogeyman 3 | Challenge | 🔵 VIP | Boogeyman 3 The Boogeyman emerges from the darkness again. | Open |
| Bookstore | Challenge | 🟢 Free | Directory fuzzing | Open |
| Brainstorm | Challenge | 🔵 VIP | Brainstorm Reverse engineer a chat program and write a script to exploit a… | Open |
| Breaching Active Directory | Walkthrough | 🔵 VIP | Active Directory | Open |
| Break it | Challenge | 🟢 Free | Break it Can you break the code? [Super easy] MVQXG6K7MJQXGZJTGI====== [Easy]… | Open |
| Breaking RSA | Challenge | 🟢 Free | Breaking RSA Hop in and break poorly implemented RSA using Fermat’s… | Open |
| Breakme | Challenge | 🟢 Free | Breakme Break this secure system and get the flags, if you can. What is the… | Open |
| Brim | Walkthrough | 🔵 VIP | Brim Learn and practice log investigation, pcap analysis and threat hunting… | Open |
| broker | Challenge | 🟢 Free | broker Paul and Max use a rather unconventional way to chat. They do not seem… | Open |
| Brute | Challenge | 🔵 VIP | Brute You as well, Brutus? | Open |
| Burp Suite: Intruder | Walkthrough | 🔵 VIP | Burp Suite: Intruder Learn how to use Intruder to automate requests in Burp… | Open |
| Bypassing UAC | Walkthrough | 🟢 Free | Bypassing UAC Learn common ways to bypass User Account Control (UAC) in Windows… | Open |
| C2 Detection - Command & Carol | Walkthrough | 🟢 Free | C2 Detection - Command & Carol Explore how to analyze a large PCAP and extract… | Open |
| Cactus | Walkthrough | 🟢 Free | Cactus Bypass authentication and execute commands remotely on Cacti using… | Open |
| CAPTCHApocalypse | Challenge | 🔵 VIP | CAPTCHApocalypse When crypto interferes, automate. | Open |
| Carnage | Challenge | 🟢 Free | Carnage Apply your analytical skills to analyze the malicious network traffic… | Open |
| Chronicle | Challenge | 🟢 Free | Chronicle Part of Incognito CTF user.txt root.txt | Open |
| CI/CD and Build Security | Challenge | 🔵 VIP | CI/CD and Build Security Learn about CI/CD and build principles to safeguard… | Open |
| Classic Passwd | Challenge | 🟢 Free | Classic Passwd Practice your skills in reversing and get the flag bypassing the… | Open |
| Clocky | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| Cloud-based IaC | Walkthrough | 🔵 VIP | Cloud-based IaC Learn about infrastructure as code (IaC) using tools for cloud… | Open |
| Cluster Hardening | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| CMesS | Challenge | 🟢 Free | Directory fuzzing | Open |
| CMSpit | Challenge | 🟢 Free | CMSpit This is a machine that allows you to practise web app hacking and… | Open |
| Cold VVars | Challenge | 🟢 Free | Cold VVars Part of Incognito CTF User.txt The PATH may sometimes make a cross.… | Open |
| ContainMe | Challenge | 🟢 Free | ContainMe Where am I ? Catch me Read me and move onto the next task for the… | Open |
| ContAInment | Challenge | 🟢 Free | ContAInment Can you help contain the ransomware threat with the help of AI? Can… | Open |
| Content Security Policy | Walkthrough | 🔵 VIP | Content Security Policy In this room you’ll learn what CSP is, what it’s used… | Open |
| Conti | Challenge | 🟢 Free | IIS (Microsoft Web Server) | Open |
| ConvertMyVideo | Challenge | 🟢 Free | ConvertMyVideo My Script to convert videos to MP3 is super secure What is the… | Open |
| Cooctus Stories | Challenge | 🟢 Free | Cooctus Stories This room is about the Cooctus Clan Paradox is nomming cookies… | Open |
| Corp Website | Challenge | 🟢 Free | Corp Website lafb2026-e7 What is the user flag? What is the root flag? | Open |
| Crack The Hash Level 2 | Challenge | 🟢 Free | Cracking Hashes (hashcat / John) · Directory fuzzing | Open |
| Credentials Harvesting | Walkthrough | 🔵 VIP | Credentials Harvesting Apply current authentication models employed in modern… | Open |
| Crylo | Walkthrough | 🟢 Free | Crylo Learn about the CryptoJS library and JavaScript-based client-side… | Open |
| Crypto Failures | Challenge | 🟢 Free | Crypto Failures Implementing your own military-grade encryption is usually not… | Open |
| CTF collection Vol.2 | Challenge | 🟢 Free | SQL Injection | Open |
| CVE-2023-38408 | Walkthrough | 🟢 Free | CVE-2023-38408 Learn how to move laterally abusing libraries’ side effects in… | Open |
| Cyber Kill Chain | Walkthrough | 🟢 Free | Cyber Kill Chain Explore the Cyber Kill Chain by Lockheed Martin. | Open |
| CyberCrafted | Challenge | 🟢 Free | CyberCrafted Pwn this pay-to-win Minecraft server! | Open |
| Data Integrity & Model Poisoning | Walkthrough | 🔵 VIP | Data Integrity & Model Poisoning Understand how supply chain and model… | Open |
| Debug | Challenge | 🟢 Free | Insecure Deserialization | Open |
| Decryptify | Challenge | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Defending Adversarial Attacks | Walkthrough | 🔵 VIP | Defending Adversarial Attacks Learn defence mechanisms to harden machine… | Open |
| Detecting AD Initial Access | Walkthrough | 🔵 VIP | IIS (Microsoft Web Server) | Open |
| Detecting AD Lateral Movement | Walkthrough | 🔵 VIP | SMB (139/445) | Open |
| Detecting Adversarial Attacks | Walkthrough | 🔵 VIP | Detecting Adversarial Attacks Learn how to identify and analyse adversarial… | Open |
| Develpy | Challenge | 🟢 Free | Develpy boot2root machine for FIT and bsides Guatemala CTF | Open |
| Devie | Challenge | 🔵 VIP | Devie A developer has asked you to do a vulnerability check on their system. | Open |
| Dissecting PE Headers | Walkthrough | 🟢 Free | Dissecting PE Headers Learn about Portable Executable files and how their… | Open |
| DLL HIJACKING | Walkthrough | 🟢 Free | DLL HIJACKING DLL HIJACKING with Invoke-PrintDemon Read the above Deploy DLL… | Open |
| DockMagic | Challenge | 🔵 VIP | DockMagic In a land of magic, a wizard escaped from his confinement and embarks… | Open |
| Dodge | Challenge | 🔵 VIP | Port Forwarding / Pivoting | Open |
| dogcat | Challenge | 🟢 Free | Local File Inclusion (LFI) | Open |
| Dumping Router Firmware | Walkthrough | 🟢 Free | Steganography (Stego) · SMB (139/445) | Open |
| Dunkle Materie | Challenge | 🟢 Free | Dunkle Materie Investigate the ransomware attack using ProcDOT. Provide the two… | Open |
| DX1: Liberty Island | Challenge | 🔵 VIP | DX1: Liberty Island Can you help the NSF get a foothold in UNATCO’s system? | Open |
| Dynamic Analysis: Debugging | Walkthrough | 🔵 VIP | Dynamic Analysis: Debugging Learn more advanced techniques of dynamic malware… | Open |
| Eavesdropper | Challenge | 🟢 Free | Eavesdropper Listen closely, you might hear a password! | Open |
| Elastic: Query Languages | Walkthrough | 🔵 VIP | Elastic: Query Languages Search large datasets efficiently with advanced… | Open |
| Empline | Challenge | 🟢 Free | Empline Are you good enough to apply for this job? | Open |
| Encryption - Crypto 101 | Walkthrough | 🟢 Free | Encryption - Crypto 101 An introduction to encryption, as part of a series on… | Open |
| Entra ID Monitoring | Walkthrough | 🟢 Free | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Enumerating Active Directory | Walkthrough | 🔵 VIP | Active Directory | Open |
| Evading Logging and Monitoring | Walkthrough | 🔵 VIP | Evading Logging and Monitoring Learn how to bypass common logging and system… | Open |
| ExfilNode | Challenge | 🔵 VIP | ExfilNode Continue hunting for the exfiltration footprints in the ex-employee’s… | Open |
| Exploiting Active Directory | Walkthrough | 🔵 VIP | Active Directory | Open |
| EXT Analysis | Walkthrough | 🔵 VIP | EXT Analysis Discover the forensic basics of the EXT file system. | Open |
| Extracted | Challenge | 🟢 Free | Extracted We need your help! What’s the initial part of the password? Find the… | Open |
| Farewell | Challenge | 🔵 VIP | Farewell Use red-teaming techniques to bypass the WAF and obtain admin access… | Open |
| File Carving | Walkthrough | 🔵 VIP | File Carving Learn about the forensic technique known as file carving. | Open |
| File Inclusion | Walkthrough | 🔵 VIP | Remote File Inclusion (RFI) · Local File Inclusion (LFI) · Directory / Path Traversal | Open |
| File Inclusion, Path Traversal | Walkthrough | 🔵 VIP | Directory / Path Traversal | Open |
| Fixit | Walkthrough | 🔵 VIP | Fixit Fix the log parsing issue and analyze the logs in Splunk. | Open |
| Forensics - Registry Furensics | Walkthrough | 🟢 Free | USB forensics | Open |
| Forgotten Implant | Challenge | 🟢 Free | Forgotten Implant With almost no attack surface, you must use a forgotten C2… | Open |
| Fortress | Challenge | 🟢 Free | Fortress Hack this machine and reclaim the fortress from the Evil Overlord! | Open |
| Frank & Herby make an app | Challenge | 🟢 Free | Frank & Herby make an app Learn how the misconfiguration of containers can lead… | Open |
| Frank and Herby try again… | Challenge | 🟢 Free | Frank and Herby try again… Frank and Herby still don’t know how to use… | Open |
| Friday Overtime | Challenge | 🔵 VIP | Friday Overtime Step into the shoes of a Cyber Threat Intelligence Analyst and… | Open |
| Gatekeeper | Challenge | 🟢 Free | Gatekeeper Can you get past the gate and through the fire? | Open |
| GeoServer: CVE-2025-58360 | Walkthrough | 🟢 Free | XML External Entity | Open |
| Ghizer | Challenge | 🟢 Free | Ghizer lucrecia has installed multiple web applications on the server. | Open |
| GitLab CVE-2023-7028 | Walkthrough | 🟢 Free | GitLab CVE-2023-7028 Learn to exploit a GitLab instance using CVE-2023-7028 and… | Open |
| GoldenEye | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| HA Joker CTF | Challenge | 🟢 Free | Brute Force / Rate-Limit Bypass · Directory fuzzing · Remote Code Execution (RCE) | Open |
| Hack Smarter Security | Challenge | 🟢 Free | Hack Smarter Security Can you hack the hackers? What is user.txt? Which… | Open |
| hackerNote | Walkthrough | 🟢 Free | hackerNote A custom webapp, introducing username enumeration, custom wordlists… | Open |
| HackPark | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Hamlet | Challenge | 🟢 Free | Hamlet A Shakespeare/Hamlet-inspired room in which you will explore an uncommon… | Open |
| Hammer | Challenge | 🔵 VIP | Remote Code Execution (RCE) | Open |
| harder | Challenge | 🟢 Free | harder Real pentest findings combined Hack the machine and obtain the user Flag… | Open |
| HaskHell | Challenge | 🟢 Free | HaskHell Teach your CS professor that his PhD isn’t in security. Get the flag… | Open |
| Heist | Challenge | 🔵 VIP | Heist From the Hackfinity Battle CTF event. | Open |
| Hip Flask | Walkthrough | 🟢 Free | DNS zone transfer · SSTI (Server-Side Template Injection) · Remote Code Execution (RCE) | Open |
| Hunt Me I: Payment Collectors | Walkthrough | 🔵 VIP | Hunt Me I: Payment Collectors A Finance Director was recently phished. Can you… | Open |
| Hunt Me II: Typo Squatters | Walkthrough | 🔵 VIP | Hunt Me II: Typo Squatters One of your software developers unknowingly… | Open |
| IAM Credentials | Challenge | 🟢 Free | IAM Credentials Learn how IAM handles credentials for authentication to AWS… | Open |
| IAM Permissions | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| IAM Principals | Walkthrough | 🟢 Free | IAM Principals An overview of the different types of actors in IAM Let’s get… | Open |
| Identification & Scoping | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Incident Handling With Splunk | Walkthrough | 🔵 VIP | Incident Handling With Splunk Learn to use Splunk for incident handling through… | Open |
| Incident Response Process | Walkthrough | 🟢 Free | Incident Response Process Practice the NIST Incident Response lifecycle steps… | Open |
| Include | Challenge | 🔵 VIP | Include Use your server exploitation skills to take control of a web app. | Open |
| Inferno | Challenge | 🟢 Free | Inferno Real Life machine + CTF. The machine is designed to be real-life (maybe… | Open |
| Injectics | Challenge | 🔵 VIP | Injectics Use your injection skills to take control of a web app. | Open |
| Insecure Deserialisation | Walkthrough | 🟢 Free | Insecure Deserialisation Get in-depth knowledge of the deserialisation process… | Open |
| Intranet | Challenge | 🔵 VIP | Intranet Welcome to the intranet! | Open |
| Intro to C2 | Walkthrough | 🔵 VIP | Intro to C2 Master C2 essentials to boost your Red Team skills and streamline… | Open |
| Intro to Credential Harvesting | Walkthrough | 🔵 VIP | Active Directory | Open |
| Intro to Malware Analysis | Walkthrough | 🔵 VIP | Intro to Malware Analysis What to do when you run into a suspected malware. | Open |
| Intro to Threat Emulation | Walkthrough | 🟢 Free | Intro to Threat Emulation A look into threat emulation practices as a means of… | Open |
| Introduction To Honeypots | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Introduction to SOAR | Walkthrough | 🔵 VIP | Introduction to SOAR Learn the concepts and methodology surrounding security… | Open |
| Intrusion Detection | Walkthrough | 🟢 Free | linPEAS | Open |
| Investigating Windows 2.0 | Challenge | 🟢 Free | Investigating Windows 2.0 In the previous challenge you performed a brief… | Open |
| Investigating Windows 3.x | Challenge | 🟢 Free | Investigating Windows 3.x Find the artifacts resident on the endpoint and sift… | Open |
| IP and Domain Threat Intel | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| IR Timeline Analysis | Walkthrough | 🟢 Free | USB forensics · Remote Code Execution (RCE) | Open |
| IronShade | Challenge | 🔵 VIP | IronShade Perform a compromise assessment on a Linux host and identify the… | Open |
| ItsyBitsy | Challenge | 🔵 VIP | ItsyBitsy Put your ELK knowledge together and investigate an incident. | Open |
| Jacob the Boss | Challenge | 🟢 Free | Jacob the Boss Find a way in and learn a little more. user.txt root.txt | Open |
| JavaScript: Simple Demo | Walkthrough | 🔵 VIP | JavaScript: Simple Demo Explore what a basic JavaScript program looks like. | Open |
| Joomify: CVE-2023-23752 | Walkthrough | 🟢 Free | Joomify: CVE-2023-23752 Learn how to exploit a Joomla CMS using CVE-2023-23752… | Open |
| Juicy | Challenge | 🔵 VIP | Juicy A friendly golden retriever who answers your questions. | Open |
| K8s Best Security Practices | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| K8s Runtime Security | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| KaffeeSec - SoMeSINT | Walkthrough | 🟢 Free | KaffeeSec - SoMeSINT An intro to SOCMINT (Social Media… | Open |
| KAPE | Walkthrough | 🟢 Free | USB forensics | Open |
| Keldagrim | Challenge | 🔵 VIP | Keldagrim The dwarves are hiding their gold! | Open |
| Kitty | Challenge | 🟢 Free | Kitty Map? Where we are going, we don’t need maps. What is the user flag? What… | Open |
| KoTH Hackers | Challenge | 🟢 Free | KoTH Hackers The Hackers KoTH box, to allow you to practice alone! Capture all… | Open |
| KQL (Kusto): Advanced Queries | Walkthrough | 🔵 VIP | KQL (Kusto): Advanced Queries Learn about advanced KQL queries and how to… | Open |
| Kubernetes for Everyone | Challenge | 🟢 Free | Kubernetes for Everyone A Kubernetes hacking challenge for DevOps/SRE… | Open |
| Lambda - Data Exfiltration | Walkthrough | 🟢 Free | Lambda - Data Exfiltration Try your hand and compromising Lambda functions to… | Open |
| Legal Considerations in DFIR | Walkthrough | 🟢 Free | USB forensics · IIS (Microsoft Web Server) | Open |
| Length Extension Attacks | Walkthrough | 🔵 VIP | Length Extension Attacks Learn how hash functions enable attackers to extend… | Open |
| Linux Agency | Walkthrough | 🟢 Free | Linux Agency This Room will help you to sharpen your Linux Skills and help you… | Open |
| Linux Forensics | Walkthrough | 🔵 VIP | USB forensics | Open |
| Linux Function Hooking | Walkthrough | 🟢 Free | Linux Function Hooking Learn about function hooking in Linux and have fun… | Open |
| Linux Live Analysis | Walkthrough | 🔵 VIP | USB forensics | Open |
| Linux Logs Investigations | Walkthrough | 🔵 VIP | Linux Logs Investigations Explore Linux system logs for effective incident… | Open |
| Linux Memory Analysis | Walkthrough | 🔵 VIP | Linux Memory Analysis Learn how to investigate and find the footprints of a… | Open |
| Linux PrivEsc | Walkthrough | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Linux PrivEsc Arena | Walkthrough | 🟢 Free | SUID binaries | Open |
| Linux Server Forensics | Walkthrough | 🟢 Free | USB forensics | Open |
| Linux System Hardening | Walkthrough | 🔵 VIP | Linux System Hardening Learn how to improve the security posture of your Linux… | Open |
| Linux Threat Detection 1 | Walkthrough | 🟢 Free | Linux Threat Detection 1 Explore how attackers break into Linux systems and how… | Open |
| Linux Threat Detection 3 | Walkthrough | 🔵 VIP | Linux Threat Detection 3 Cover the last stages of attacks on Linux and learn… | Open |
| LocalPotato | Walkthrough | 🟢 Free | LocalPotato Learn how to elevate your privileges on Windows using LocalPotato… | Open |
| Lockdown | Challenge | 🟢 Free | Lockdown Stay at 127.0.0.1. Wear a 255.255.255.0. | Open |
| Log Analysis with SIEM | Walkthrough | 🟢 Free | Log Analysis with SIEM Learn how SIEM solutions can be used to detect and… | Open |
| Logless Hunt | Walkthrough | 🔵 VIP | Logless Hunt Detect every attack step on a Windows machine even after threat… | Open |
| Looking Glass | Challenge | 🟢 Free | Looking Glass Step through the looking glass. A sequel to the Wonderland… | Open |
| Looney Tunables | Walkthrough | 🟢 Free | Looney Tunables CVE-2023-4911: That’s all Sec-Folks! | Open |
| Lumberjack Turtle | Challenge | 🟢 Free | Lumberjack Turtle No logs, no crime… so says the lumberjack. | Open |
| Lunizz CTF | Challenge | 🟢 Free | Lunizz CTF Lunizz CTF | Open |
| Madeye’s Castle | Challenge | 🟢 Free | Madeye’s Castle A boot2root box that is modified from a box used in CuCTF by… | Open |
| MalBuster | Walkthrough | 🔵 VIP | MalBuster You are tasked to analyse unknown malware samples detected by your… | Open |
| MalDoc: Static Analysis | Walkthrough | 🔵 VIP | MalDoc: Static Analysis Perform detailed Static Analysis on malicious documents. | Open |
| Masterminds | Challenge | 🟢 Free | Remote Code Execution (RCE) | Open |
| Message to Garcia | Challenge | 🔵 VIP | Message to Garcia Encryption and Key Management Challenge. | Open |
| Metamorphosis | Challenge | 🟢 Free | Metamorphosis Part of Incognito CTF user.txt root.txt | Open |
| Mindgames | Challenge | 🟢 Free | Mindgames Just a terrible idea… User flag. user.txt Root flag. /root/root.txt | Open |
| Minotaur’s Labyrinth | Challenge | 🟢 Free | Minotaur’s Labyrinth The Minotaur threw a fit and captured some people in the… | Open |
| MISP | Walkthrough | 🔵 VIP | MISP Walkthrough on the use of MISP as a Threat Sharing Platform | Open |
| MITRE | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Mnemonic | Challenge | 🟢 Free | Mnemonic I hope you have fun. How many open ports? what is the ssh port number?… | Open |
| Monitoring AWS Logins | Walkthrough | 🔵 VIP | Monitoring AWS Logins Explore AWS authentication, common IAM threats, and SIEM… | Open |
| Monitoring AWS Services | Walkthrough | 🔵 VIP | Monitoring AWS Services Discover common attacks on AWS services and learn how… | Open |
| Monitoring AWS Workloads | Walkthrough | 🔵 VIP | Monitoring AWS Workloads Learn how apps run in AWS and what you should know to… | Open |
| Mr Robot CTF | Challenge | 🟢 Free | Mr Robot CTF Based on the Mr. Robot show, can you root this box? | Open |
| NahamStore | Challenge | 🟢 Free | CSRF (Cross-Site Request Forgery) · Local File Inclusion (LFI) · Remote Code Execution (RCE) · Cross-Site Scripting (XSS) · XML External Entity | Open |
| NanoCherryCTF | Challenge | 🔵 VIP | NanoCherryCTF Explore a double-sided site and escalate to root! | Open |
| Napping | Challenge | 🔵 VIP | Napping Even Admins can fall asleep on the job | Open |
| NerdHerd | Challenge | 🟢 Free | NerdHerd Hack your way into this easy/medium level legendary TV series “Chuck”… | Open |
| Net Sec Challenge | Challenge | 🔵 VIP | Net Sec Challenge Practice the skills you have learned in the Network Security… | Open |
| Network Discovery Detection | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Network Security Protocols | Walkthrough | 🔵 VIP | Network Security Protocols Learn about secure network protocols at the… | Open |
| New Hire Old Artifacts | Challenge | 🔵 VIP | New Hire Old Artifacts Investigate the intrusion attack using Splunk. | Open |
| New York Flankees | Challenge | 🟢 Free | New York Flankees Can you, the rogue adventurer, break through Stefan’s… | Open |
| Nmap Advanced Port Scans | Walkthrough | 🔵 VIP | Nmap Advanced Port Scans Learn advanced techniques such as null, FIN, Xmas, and… | Open |
| Nmap Live Host Discovery | Walkthrough | 🟢 Free | Nmap Live Host Discovery Learn how to use Nmap to discover live hosts using ARP… | Open |
| NoNameCTF | Challenge | 🔵 VIP | SSTI (Server-Side Template Injection) · Buffer Overflow (BoF / ROP) | Open |
| NTFS Analysis | Walkthrough | 🔵 VIP | NTFS Analysis Explore the NTFS file system, its layout, and important… | Open |
| OAuth Vulnerabilities | Walkthrough | 🔵 VIP | OAuth Authentication Vulnerabilities | Open |
| Obfuscation - The Egg Shell File | Walkthrough | 🟢 Free | Obfuscation - The Egg Shell File McSkidy keeps her focus on a particular alert… | Open |
| Obscure | Challenge | 🟢 Free | Obscure A CTF room focused on web and binary exploitation. | Open |
| Oh My WebServer | Challenge | 🟢 Free | Oh My WebServer Can you root me? | Open |
| Ollie | Challenge | 🟢 Free | Ollie Meet the world’s most powerful hacker dog! | Open |
| Olympus | Challenge | 🟢 Free | Olympus My first CTF ! | Open |
| On-Premises IaC | Walkthrough | 🔵 VIP | On-Premises IaC This room provides security guidance for on-premises… | Open |
| One Piece | Challenge | 🟢 Free | One Piece A CTF room based on the wonderful manga One Piece. Can you become the… | Open |
| OpenCTI | Walkthrough | 🔵 VIP | OpenCTI Provide an understanding of the OpenCTI Project | Open |
| ORM Injection | Walkthrough | 🔵 VIP | ORM Injection Learn how to exploit injection vulnerabilities in an ORM-based… | Open |
| Overpass 3 - Hosting | Challenge | 🟢 Free | Overpass 3 - Hosting You know them, you love them, your favourite group of… | Open |
| OWASP API Security Top 10 - 1 | Walkthrough | 🔵 VIP | OWASP API Security Top 10 - 1 Learn the basic concepts for secure API… | Open |
| OWASP API Security Top 10 - 2 | Walkthrough | 🔵 VIP | OWASP API Security Top 10 - 2 Learn the basic concepts for secure API… | Open |
| Padding Oracles | Walkthrough | 🔵 VIP | Padding Oracles Learn how the padding works during encryption and master… | Open |
| Padelify | Challenge | 🔵 VIP | Padelify Use red-teaming techniques to bypass the WAF and obtain admin access… | Open |
| PalsForLife | Challenge | 🟢 Free | PalsForLife Abuse a misconfigured Kubernetes cluster Flag 1 Must be hidden… | Open |
| Peak Hill | Challenge | 🟢 Free | Peak Hill Exercises in Python library abuse and some exploitation techniques… | Open |
| Persisting Active Directory | Walkthrough | 🔵 VIP | Active Directory | Open |
| Phishing | Walkthrough | 🔵 VIP | Phishing Learn what phishing is and why it’s important to a red team… | Open |
| Phishing - Phishmas Greetings | Walkthrough | 🟢 Free | Phishing - Phishmas Greetings Learn how to spot phishing emails from Malhare’s… | Open |
| PowerShell for Pentesters | Walkthrough | 🔵 VIP | PowerShell for Pentesters This room covers the principle uses of PowerShell in… | Open |
| Preparation | Walkthrough | 🟢 Free | Preparation A look into the Preparation phase of the Incident Response. | Open |
| Pressed | Challenge | 🔵 VIP | Pressed A full-scale intrusion was recently detected within the network,… | Open |
| PrintNightmare | Walkthrough | 🟢 Free | PrintNightmare Learn about the vulnerability known as PrintNightmare… | Open |
| PrintNightmare, thrice! | Challenge | 🔵 VIP | PrintNightmare, thrice! The nightmare continues.. Search the artifacts on the… | Open |
| Prioritise | Challenge | 🟢 Free | SQL Injection | Open |
| Protocols and Servers 2 | Walkthrough | 🔵 VIP | Protocols and Servers 2 Learn about attacks against passwords and cleartext… | Open |
| PS Eclipse | Challenge | 🔵 VIP | PS Eclipse Use Splunk to investigate the ransomware activity. | Open |
| Public Key Infrastructure | Walkthrough | 🔵 VIP | Public Key Infrastructure Learn about Public Key Infrastructure and why it’s… | Open |
| PWN101 | Challenge | 🟢 Free | PWN101 Intermediate level binary exploitation challenges. | Open |
| pyLon | Challenge | 🟢 Free | pyLon Can you penetrate the defenses and become root? | Open |
| Rabbit Store | Challenge | 🟢 Free | Rabbit Store Demonstrate your web application testing skills and the basics of… | Open |
| Race Conditions | Walkthrough | 🔵 VIP | Race Conditions | Open |
| Race Conditions Challenge | Challenge | 🟢 Free | Race Conditions | Open |
| RazorBlack | Challenge | 🟢 Free | RazorBlack These guys call themselves hackers. Can you show them who’s the boss… | Open |
| Recovering Active Directory | Walkthrough | 🔵 VIP | Active Directory | Open |
| Recovery | Challenge | 🟢 Free | Recovery Not your conventional CTF Flag 0 Flag 1 Flag 2 Flag 3 Flag 4 Flag 5 | Open |
| Red Stone One Carat | Challenge | 🟢 Free | Red Stone One Carat First room of the Red Stone series. Hack ruby using ruby.… | Open |
| Red Team OPSEC | Walkthrough | 🟢 Free | Red Team OPSEC Learn how to apply Operations Security (OPSEC) process for Red… | Open |
| Red Team Threat Intel | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Redline | Walkthrough | 🟢 Free | Redline Learn how to use Redline to perform memory analysis and to scan for… | Open |
| Regular Expressions | Walkthrough | 🟢 Free | Regular Expressions Learn and practise using regular expressions. | Open |
| Relevant | Challenge | 🟢 Free | Relevant Penetration Testing Challenge User Flag Root Flag | Open |
| Request Smuggling: WebSockets | Walkthrough | 🔵 VIP | HTTP Request Smuggling · WebSockets Vulnerabilities | Open |
| ret2libc | Walkthrough | 🟢 Free | Buffer Overflow (BoF / ROP) | Open |
| Revenge | Challenge | 🟢 Free | Revenge You’ve been hired by Billy Joel to get revenge on Ducky Inc…the… | Open |
| REvil Corp | Challenge | 🟢 Free | Cracking Hashes (hashcat / John) | Open |
| Road | Challenge | 🟢 Free | Road Inspired by a real-world pentesting engagement What is the user.txt flag?… | Open |
| SafeZone | Challenge | 🟢 Free | SafeZone CTF Designed by CTF lover for CTF lovers user flag root flag | Open |
| SAST | Walkthrough | 🔵 VIP | SAST Learn about Static Application Security Testing. | Open |
| Scripting | Challenge | 🔵 VIP | Scripting Learn basic scripting by solving some challenges! | Open |
| Secret Recipe | Walkthrough | 🔵 VIP | USB forensics | Open |
| Secure Network Architecture | Walkthrough | 🟢 Free | Secure Network Architecture Learn about and implement security best practices… | Open |
| Security Footage | Challenge | 🟢 Free | USB forensics | Open |
| SeeTwo | Challenge | 🔵 VIP | SeeTwo Can you see who is in command and control? | Open |
| Sequence | Challenge | 🔵 VIP | Sequence Chain multiple vulnerabilities to take control of a system. | Open |
| Server-side Template Injection | Walkthrough | 🔵 VIP | SSTI (Server-Side Template Injection) | Open |
| Services | Challenge | 🔵 VIP | Services At your service. | Open |
| Session Forensics | Walkthrough | 🟢 Free | USB forensics | Open |
| SigHunt | Challenge | 🔵 VIP | SigHunt You are tasked to create detection rules based on a new threat intel. | Open |
| Signature Evasion | Walkthrough | 🔵 VIP | Signature Evasion Learn how to break signatures and evade common AV, using… | Open |
| Signed Messages | Challenge | 🟢 Free | Signed Messages Their messages are secret, unless you find the key. | Open |
| Snort | Walkthrough | 🟢 Free | Snort Learn how to use Snort to detect real-time threats, analyse recorded… | Open |
| Snort Challenge - Live Attacks | Challenge | 🔵 VIP | Snort Challenge - Live Attacks Put your snort skills into practice and defend… | Open |
| Snort Challenge - The Basics | Challenge | 🔵 VIP | Snort Challenge - The Basics Put your snort skills into practice and write… | Open |
| SOC Alert Triaging - Tinsel Triage | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Solar, exploiting log4j | Walkthrough | 🟢 Free | Solar, exploiting log4j Explore CVE-2021-44228, a vulnerability in log4j… | Open |
| Source Code Security | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Splunk 2 | Walkthrough | 🔵 VIP | Splunk 2 Part of the Blue Primer series. This room is based on version 2 of the… | Open |
| Splunk 3 | Walkthrough | 🔵 VIP | Splunk 3 Part of the Blue Primer series. This room is based on version 3 of the… | Open |
| Splunk Basics - Did you SIEM? | Walkthrough | 🟢 Free | Directory / Path Traversal | Open |
| Splunk: Data Manipulation | Walkthrough | 🔵 VIP | Splunk: Data Manipulation Learn how to parse and manipulate data in Splunk. | Open |
| SQHell | Challenge | 🟢 Free | SQL Injection | Open |
| SQL Injection | Walkthrough | 🟢 Free | SQL Injection | Open |
| SSDLC | Walkthrough | 🔵 VIP | SSDLC This room focuses on the Secure Software Development Lifecycle (S-SDLC),… | Open |
| SSRF | Walkthrough | 🟢 Free | Server-Side Request Forgery | Open |
| SSTI | Walkthrough | 🟢 Free | SSTI (Server-Side Template Injection) | Open |
| Stealth | Challenge | 🔵 VIP | Stealth Use your evasion skills to pwn a Windows target with an updated defence… | Open |
| STS Credentials Lab | Walkthrough | 🟢 Free | STS Credentials Lab Learn how to assume roles and get temporary credentials. | Open |
| StuxCTF | Challenge | 🟢 Free | StuxCTF Crypto, serealization, priv scalation and more …! | Open |
| Super Secret TIp | Challenge | 🟢 Free | Super Secret TIp Are you only good at one thing? You better be a matrix! | Open |
| Super-Spam | Challenge | 🟢 Free | Super-Spam Defeat the evil Super-Spam, and save the day!! | Open |
| Supplemental Memory | Walkthrough | 🔵 VIP | Supplemental Memory Investigate lateral movement, credential theft, and… | Open |
| Sustah | Challenge | 🟢 Free | Sustah Play a game to gain access to a vulnerable CMS. Can you beat the odds?… | Open |
| Tactical Detection | Walkthrough | 🔵 VIP | Tactical Detection Establish a baseline knowledge of tactical detection,… | Open |
| Tardigrade | Walkthrough | 🔵 VIP | Tardigrade Can you find all the basic persistence mechanisms in this Linux… | Open |
| Tempest | Challenge | 🔵 VIP | Tempest You are tasked to conduct an investigation from a workstation affected… | Open |
| Templates | Challenge | 🔵 VIP | Templates Pug is my favorite templating engine! I made this super slick… | Open |
| That’s The Ticket | Challenge | 🟢 Free | That’s The Ticket IT Support are going to have a bad day, can you get into the… | Open |
| The Blob Blog | Challenge | 🟢 Free | The Blob Blog Successfully hack into bobloblaw’s computer User Flag Root Flag | Open |
| The Docker Rodeo | Walkthrough | 🔵 VIP | The Docker Rodeo Learn a wide variety of Docker vulnerabilities in this guided… | Open |
| The Impossible Challenge | Challenge | 🟢 Free | The Impossible Challenge Hmm… | Open |
| The London Bridge | Challenge | 🟢 Free | The London Bridge The London Bridge is falling down. What is the user flag?… | Open |
| The Marketplace | Challenge | 🟢 Free | The Marketplace Can you take over The Marketplace’s infrastructure? What is… | Open |
| The Quest for Least Privilege | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| The Server From Hell | Challenge | 🟢 Free | The Server From Hell Face a server that feels as if it was configured and… | Open |
| Threat Hunting With YARA | Walkthrough | 🟢 Free | Threat Hunting With YARA This room focuses on using YARA for threat hunting. | Open |
| Threat Hunting: Endgame | Walkthrough | 🔵 VIP | Threat Hunting: Endgame Learn how to hunt and discover suspicious activities… | Open |
| Threat Hunting: Foothold | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Threat Hunting: Pivoting | Walkthrough | 🔵 VIP | Port Forwarding / Pivoting | Open |
| toc2 | Challenge | 🟢 Free | toc2 It’s a setup… Can you get the flags in time? | Open |
| Tokyo Ghoul | Challenge | 🟢 Free | Tokyo Ghoul Help kaneki escape jason room | Open |
| TryHack3M: Sch3Ma D3Mon | Walkthrough | 🟢 Free | SQL Injection · Remote Code Execution (RCE) | Open |
| TryHack3M: Subscribe | Challenge | 🔵 VIP | TryHack3M: Subscribe Can you help Hack3M reach 3M subscribers? | Open |
| TryPwnMe One | Challenge | 🔵 VIP | TryPwnMe One A collection of Exploit Development challenges to practice the… | Open |
| TShark: CLI Wireshark Features | Walkthrough | 🔵 VIP | TShark: CLI Wireshark Features Take your TShark skills to the next level by… | Open |
| UltraTech | Challenge | 🟢 Free | UltraTech The basics of Penetration Testing, Enumeration, Privilege Escalation… | Open |
| Umbrella | Challenge | 🟢 Free | Umbrella Breach Umbrella Corp’s time-tracking server by exploiting… | Open |
| Unbaked Pie | Challenge | 🟢 Free | Unbaked Pie Don’t over-baked your pie! | Open |
| Undiscovered | Challenge | 🟢 Free | Undiscovered Discovery consists not in seeking new landscapes, but in having… | Open |
| Valenfind | Challenge | 🟢 Free | Valenfind Can you find vulnerabilities in this new dating app? What is the flag? | Open |
| Velociraptor | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Void Execution | Challenge | 🔵 VIP | Void Execution Learn how to bypass restrictions in Linux exploit development. | Open |
| Volatility Essentials | Walkthrough | 🟢 Free | USB forensics | Open |
| Volt Typhoon | Challenge | 🟢 Free | Volt Typhoon Investigate a suspected intrusion by the notorious APT group Volt… | Open |
| Voyage | Challenge | 🔵 VIP | Voyage Chain multiple vulnerabilities to gain control of a system. | Open |
| VulnNet | Challenge | 🟢 Free | VulnNet Can you take advantage of the misconfigurations made by VulnNet… | Open |
| VulnNet: Active | Challenge | 🟢 Free | VulnNet: Active VulnNet Entertainment just moved their entire infrastructure…… | Open |
| VulnNet: dotjar | Challenge | 🟢 Free | VulnNet: dotjar VulnNet Entertainment never gives up… are you ready? What is… | Open |
| VulnNet: dotpy | Challenge | 🟢 Free | VulnNet: dotpy VulnNet Entertainment is back with their brand new website…… | Open |
| VulnNet: Endgame | Challenge | 🟢 Free | VulnNet: Endgame Hack your way into this simulated vulnerable infrastructure.… | Open |
| WAF: Exploitation Techniques | Walkthrough | 🔵 VIP | WAF: Exploitation Techniques Learn to bypass Web Application Firewalls using… | Open |
| Warzone 1 | Challenge | 🔵 VIP | Warzone 1 You received an IDS/IPS alert. Time to triage the alert to determine… | Open |
| Warzone 2 | Challenge | 🔵 VIP | Warzone 2 You received another IDS/IPS alert. Time to triage the alert to… | Open |
| Watcher | Challenge | 🟢 Free | Watcher A boot2root Linux machine utilising web exploits along with some common… | Open |
| Wazuh | Walkthrough | 🟢 Free | Remote Code Execution (RCE) | Open |
| Weaponization | Walkthrough | 🔵 VIP | Weaponization Understand and explore common red teaming weaponization… | Open |
| Weaponizing Vulnerabilities | Walkthrough | 🔵 VIP | Remote Code Execution (RCE) | Open |
| Web Attack Forensics - Drone Alone | Walkthrough | 🟢 Free | OS Command Injection · USB forensics | Open |
| Wekor | Challenge | 🟢 Free | Subdomain Enumeration · WordPress Exploitation · Sudo abuse · SQL Injection | Open |
| When Hearts Collide | Challenge | 🟢 Free | When Hearts Collide Will you find your MD5 match? What is the flag obtained by… | Open |
| WhyHackMe | Challenge | 🟢 Free | WhyHackMe Dive into the depths of security and analysis with WhyHackMe. What is… | Open |
| Willow | Challenge | 🟢 Free | Willow What lies under the Willow Tree? User Flag:… | Open |
| Windows Applications Forensics | Walkthrough | 🔵 VIP | USB forensics | Open |
| Windows Event Logs | Walkthrough | 🔵 VIP | Windows Event Logs Introduction to Windows Event Logs and the tools to query… | Open |
| Windows Forensics 1 | Walkthrough | 🟢 Free | USB forensics · Remote Code Execution (RCE) | Open |
| Windows Forensics 2 | Walkthrough | 🔵 VIP | USB forensics | Open |
| Windows Incident Surface | Walkthrough | 🟢 Free | Windows Incident Surface Learn how to implement DFIR techniques to explore the… | Open |
| Windows Internals | Walkthrough | 🔵 VIP | Windows Internals Learn and understand the fundamentals of how Windows operates… | Open |
| Windows Local Persistence | Walkthrough | 🔵 VIP | Windows Local Persistence Learn the most common persistence techniques used on… | Open |
| Windows Memory & Network | Walkthrough | 🔵 VIP | Windows Memory & Network Identify C2 traffic & post-exploit activity in Windows… | Open |
| Windows Memory & Processes | Walkthrough | 🔵 VIP | Windows Memory & Processes Analyze a memory dump of a Windows host and uncover… | Open |
| Windows Memory & User Activity | Walkthrough | 🔵 VIP | Windows Memory & User Activity Trace user behavior, command execution, file… | Open |
| Windows PrivEsc | Walkthrough | 🟢 Free | Windows PrivEsc Practice your Windows Privilege Escalation skills on an… | Open |
| Windows PrivEsc Arena | Walkthrough | 🟢 Free | Windows PrivEsc Arena Students will learn how to escalate privileges using a… | Open |
| Windows Privilege Escalation | Walkthrough | 🔵 VIP | Windows Privilege Escalation Learn the fundamentals of Windows privilege… | Open |
| Windows Reversing Intro | Walkthrough | 🟢 Free | Windows Reversing Intro Introduction to reverse engineering x64 Windows… | Open |
| Windows Threat Detection 1 | Walkthrough | 🟢 Free | Brute Force / Rate-Limit Bypass · Remote Code Execution (RCE) | Open |
| Windows Threat Detection 2 | Walkthrough | 🔵 VIP | Windows Threat Detection 2 Discover how to detect and analyze the first steps… | Open |
| Windows Threat Detection 3 | Walkthrough | 🔵 VIP | Windows Threat Detection 3 Learn how threat actors manage to maintain access to… | Open |
| Windows User Account Forensics | Walkthrough | 🔵 VIP | USB forensics | Open |
| Windows User Activity Analysis | Walkthrough | 🔵 VIP | USB forensics | Open |
| Windows x64 Assembly | Walkthrough | 🟢 Free | Windows x64 Assembly Introduction to x64 Assembly on Windows. Now that you have… | Open |
| Wireshark: Traffic Analysis | Walkthrough | 🔵 VIP | Wireshark: Traffic Analysis Learn the basics of traffic analysis with Wireshark… | Open |
| Wonderland | Challenge | 🟢 Free | Wonderland Fall down the rabbit hole and enter wonderland. Obtain the flag in… | Open |
| WWBuddy | Challenge | 🟢 Free | WWBuddy Exploit this website still in development and root the room. Website… | Open |
| XDR: Credential Access | Walkthrough | 🔵 VIP | XDR: Credential Access Learn about techniques attackers use to steal account… | Open |
| XDR: Defense Evasion | Walkthrough | 🔵 VIP | USB forensics | Open |
| XDR: Execution | Walkthrough | 🔵 VIP | XDR: Execution Investigate and prevent techniques that run malicious code on… | Open |
| XDR: Introduction | Walkthrough | 🟢 Free | Access Control / IDOR | Open |
| XDR: Lateral Movement | Walkthrough | 🔵 VIP | Active Directory · Remote Code Execution (RCE) | Open |
| XDR: Privilege Escalation | Walkthrough | 🔵 VIP | XDR: Privilege Escalation Detect and investigate privilege escalation with… | Open |
| XXE Injection | Walkthrough | 🔵 VIP | XML External Entity | Open |
| YARA Rules - YARA mean one! | Walkthrough | 🟢 Free | YARA Rules - YARA mean one! Learn how YARA rules can be used to detect… | Open |
| You Got Mail | Challenge | 🔵 VIP | You Got Mail Test your recon and phishing skills in order to complete your… | Open |
| Zeek | Walkthrough | 🔵 VIP | Zeek Introduction to hands-on network monitoring and threat detection with Zeek… | Open |
| Zeek Exercises | Challenge | 🔵 VIP | Zeek Exercises Put your Zeek skills into practice and analyse network traffic. | Open |
| Zeno | Challenge | 🟢 Free | Zeno Do you have the same patience as the great stoic philosopher Zeno? Try it… | Open |
Hard (93)
| Room | Type | Access | Skills | Official |
|---|---|---|---|---|
| Abusing Windows Internals | Walkthrough | 🔵 VIP | Abusing Windows Internals Leverage windows internals components to evade common… | Open |
| Advent of Cyber ‘23 Side Quest | Challenge | 🟢 Free | Advent of Cyber ‘23 Side Quest Explore a series of advanced challenges… | Open |
| Advent of Cyber ‘24 Side Quest | Challenge | 🟢 Free | Advent of Cyber ‘24 Side Quest Explore a series of advanced challenges… | Open |
| Adventure Time | Challenge | 🟢 Free | Adventure Time A CTF based challenge to get your blood pumping… Content of… | Open |
| Anonymous Playground | Challenge | 🟢 Free | Anonymous Playground Want to become part of Anonymous? They have a challenge… | Open |
| Azure: Tapper | Challenge | 🔵 VIP | Azure: Tapper Azure challenge for cloud pentesters: Can you find the attack… | Open |
| Bandit | Challenge | 🔵 VIP | Bandit You’ve been asked to exploit all the vulnerabilities on multiple systems. | Open |
| Borderlands | Challenge | 🟢 Free | Borderlands Compromise a perimeter host and pivot through this network. What is… | Open |
| Brainpan 1 | Challenge | 🔵 VIP | Buffer Overflow (BoF / ROP) | Open |
| Capture Returns | Challenge | 🟢 Free | Capture Returns The developers have improved their login form since last time.… | Open |
| Carpe Diem 1 | Challenge | 🟢 Free | Carpe Diem 1 Recover your clients encrypted files before the ransomware timer… | Open |
| CherryBlossom | Challenge | 🟢 Free | CherryBlossom Boot-to-root with emphasis on crypto and password cracking.… | Open |
| Chrome | Challenge | 🟢 Free | Chrome Let us place all of our trust in a password manager. What is the first… | Open |
| Contrabando | Challenge | 🟢 Free | Contrabando Never tell me the odds. What is the first flag? What is the second… | Open |
| CRM Snatch | Challenge | 🔵 VIP | CRM Snatch Investigate the fourth, Disk part of the Honeynet Collapse! | Open |
| Custom Tooling using Burp | Walkthrough | 🔵 VIP | Custom Tooling using Burp Creating custom tooling for application testing using… | Open |
| Daily Bugle | Challenge | 🔵 VIP | Cracking Hashes (hashcat / John) · SQL Injection | Open |
| Dave’s Blog | Challenge | 🟢 Free | Dave’s Blog My friend Dave made his own blog! | Open |
| Dead End? | Challenge | 🔵 VIP | Dead End? You’re given a memory image and a disk image - help us find the flag! | Open |
| Different CTF | Challenge | 🟢 Free | Different CTF interesting room, you can shoot the sun How many ports are open ?… | Open |
| DiskFiltration | Challenge | 🔵 VIP | DiskFiltration Test your Windows investigation skills on a critical data… | Open |
| Diskrupt | Challenge | 🔵 VIP | Diskrupt Fix the damaged disk, analyse the filesystem, and recover the deleted… | Open |
| DX2: Hell’s Kitchen | Challenge | 🔵 VIP | DX2: Hell’s Kitchen Can you help compromise a civilian machine that we believe… | Open |
| El Bandito | Challenge | 🔵 VIP | El Bandito Can you help capture El Bandito before he leaves the galaxy? | Open |
| Enterprise | Challenge | 🟢 Free | Enterprise You just landed in an internal network. You scan the network and… | Open |
| EnterPrize | Challenge | 🟢 Free | EnterPrize Can you hack your way in? user.txt Something old will be your key.… | Open |
| envizon | Challenge | 🟢 Free | Access Control / IDOR · OS Command Injection · File Upload Vulnerabilities | Open |
| Event Horizon | Challenge | 🟢 Free | Event Horizon Unearth the secrets beyond the Event Horizon. The attacker was… | Open |
| Exfilibur | Challenge | 🔵 VIP | Exfilibur You’ve been asked to exploit all the vulnerabilities present. | Open |
| Extract | Challenge | 🔵 VIP | Extract Can you extract the secrets from the library? | Open |
| FAT32 Analysis | Walkthrough | 🟢 Free | FAT32 Analysis Examine the FAT32 filesystem from a forensic point of view. Are… | Open |
| For Business Reasons | Challenge | 🟢 Free | For Business Reasons In your network scan, you found an unknown VM… | Open |
| Forensics | Challenge | 🟢 Free | USB forensics | Open |
| Fusion Corp | Challenge | 🟢 Free | Fusion Corp Fusion Corp said they got everything patched… did they? | Open |
| GameBuzz | Challenge | 🟢 Free | GameBuzz Part of Incognito CTF | Open |
| Hack Back | Challenge | 🔵 VIP | Hack Back Can you get to the bottom of what’s wrong with the machine? | Open |
| Hacking Hadoop | Walkthrough | 🟢 Free | Access Control / IDOR · Remote Code Execution (RCE) | Open |
| hc0n Christmas CTF | Challenge | 🟢 Free | hc0n Christmas CTF hackt the planet What is the user flag? What is the root… | Open |
| Holo | Walkthrough | 🔵 VIP | Active Directory | Open |
| HTTP/2 Request Smuggling | Walkthrough | 🟢 Free | HTTP Request Smuggling | Open |
| Initial Access Pot | Challenge | 🔵 VIP | Initial Access Pot Investigate the first, Linux part of the Honeynet Collapse! | Open |
| Iron Corp | Challenge | 🟢 Free | Iron Corp Can you get access to Iron Corp’s system? user.txt root.txt | Open |
| Jack | Challenge | 🔵 VIP | WordPress Exploitation | Open |
| Jurassic Park | Challenge | 🔵 VIP | Jurassic Park A Jurassic Park CTF | Open |
| K2 | Challenge | 🔵 VIP | K2 Are you able to make your way through the mountain? | Open |
| Ledger | Challenge | 🔵 VIP | Active Directory | Open |
| Lost in RAMslation | Challenge | 🔵 VIP | USB forensics | Open |
| Love at First Breach 2026 - Advanced Track | Challenge | 🟢 Free | Love at First Breach 2026 - Advanced Track Go deeper into TryHeartMe’s web of… | Open |
| M4tr1x: Exit Denied | Challenge | 🟢 Free | M4tr1x: Exit Denied Free your mind. Exit from the M4tr1x… | Open |
| macOS Forensics: Applications | Walkthrough | 🔵 VIP | USB forensics | Open |
| macOS Forensics: Artefacts | Walkthrough | 🟢 Free | USB forensics | Open |
| Misguided Ghosts | Challenge | 🟢 Free | Misguided Ghosts Collaboration between Jake and Blob! What is the user flag?… | Open |
| Moebius | Challenge | 🟢 Free | Moebius A place where you start at some point, and you have to go back to it in… | Open |
| Motunui | Challenge | 🟢 Free | Motunui Hack the island of Motunui. | Open |
| Mountaineer | Challenge | 🟢 Free | Mountaineer Will you find the flags between all these mountains? | Open |
| Operation Endgame | Challenge | 🟢 Free | Active Directory | Open |
| Password Attacks | Walkthrough | 🔵 VIP | Password Attacks This room introduces the fundamental techniques to perform a… | Open |
| Plotted-EMR | Challenge | 🟢 Free | Plotted-EMR Everything here is plotted! Ready? What is flag 1? What is… | Open |
| Plotted-LMS | Challenge | 🟢 Free | Plotted-LMS Everything here is plotted! What is the user.txt flag? What is the… | Open |
| Precision | Challenge | 🔵 VIP | Precision Practice your advanced Linux Exploit Development skills. | Open |
| Python Playground | Challenge | 🟢 Free | Python Playground Be creative! | Open |
| Ra | Challenge | 🟢 Free | Ra You have found WindCorp’s internal network and their Domain Controller. Can… | Open |
| Ra 2 | Challenge | 🔵 VIP | Ra 2 Just when they thought their hashes were safe… Ra 2 - The sequel! | Open |
| Rabbit Hole | Challenge | 🟢 Free | Rabbit Hole It’s easy to fall into rabbit holes. | Open |
| Racetrack Bank | Challenge | 🟢 Free | Racetrack Bank It’s time for another heist. User flag What does the name of the… | Open |
| Red Team Capstone Challenge | Challenge | 🔵 VIP | Red Team Capstone Challenge This room is the capstone challenge for the red… | Open |
| REloaded | Challenge | 🟢 Free | Port Forwarding / Pivoting | Open |
| Reset | Challenge | 🔵 VIP | Active Directory | Open |
| Retro | Challenge | 🟢 Free | Directory fuzzing | Open |
| Robots | Challenge | 🟢 Free | Robots A (small) tribute to I. Asimov. What is the value of the user flag? What… | Open |
| Rocket | Challenge | 🟢 Free | Rocket Get ready for blast off! No answer needed What is contained within the… | Open |
| Royal Router | Challenge | 🔵 VIP | Royal Router You will learn how to compromise an IoT device. | Open |
| Runtime Detection Evasion | Walkthrough | 🔵 VIP | Runtime Detection Evasion Learn how to bypass common runtime detection… | Open |
| Sandbox Evasion | Walkthrough | 🔵 VIP | Sandbox Evasion Learn about active defense mechanisms Blue Teamers can deploy… | Open |
| Sea Surfer | Challenge | 🟢 Free | Sea Surfer Ride the Wave! What is user.txt? What is root.txt? | Open |
| Second | Challenge | 🔵 VIP | Second You Shall Fear The Second Order. | Open |
| Sequel Dump | Challenge | 🔵 VIP | SQL Injection | Open |
| Set | Challenge | 🔵 VIP | Set Once again you find yourself on the internal network of the Windcorp… | Open |
| Spring | Challenge | 🟢 Free | Spring Can you hack your way in to a Hello World application? What’s the flag… | Open |
| Temple | Challenge | 🔵 VIP | Temple Can you gain access to the temple? | Open |
| Tempus Fugit Durius | Challenge | 🔵 VIP | Tempus Fugit Durius The latin word Durius means “harder” | Open |
| The Bandit Surfer | Challenge | 🟢 Free | Remote File Inclusion (RFI) | Open |
| The Last Trial | Challenge | 🔵 VIP | The Last Trial Investigate the sixth, macOS part of the Honeynet Collapse! | Open |
| TryHack3M: Burg3r Bytes | Challenge | 🔵 VIP | TryHack3M: Burg3r Bytes They say these burgers are worth every penny. Can you… | Open |
| TryHack3M: TriCipher Summit | Challenge | 🔵 VIP | TryHack3M: TriCipher Summit Reach the apex of this triple-crypto challenge! | Open |
| TryPwnMe Two | Challenge | 🔵 VIP | TryPwnMe Two Test yourself with our Exploit Development challenges and practice… | Open |
| Uranium CTF | Challenge | 🟢 Free | Uranium CTF Uranium CTF What is the required password for the chat app? What is… | Open |
| Year of the Dog | Challenge | 🟢 Free | Year of the Dog Always so polite… | Open |
| Year of the Fox | Challenge | 🟢 Free | Year of the Fox Don’t underestimate the sly old fox… | Open |
| Year of the Jellyfish | Challenge | 🟢 Free | Year of the Jellyfish Some boxes sting… | Open |
| Year of the Owl | Challenge | 🟢 Free | Year of the Owl The foolish owl sits on his throne… | Open |
| Year of the Pig | Challenge | 🟢 Free | Year of the Pig Some pigs do fly… | Open |
| Zero Logon | Walkthrough | 🔵 VIP | Zero Logon Learn about and exploit the ZeroLogon vulnerability that allows an… | Open |
Insane (7)
| Room | Type | Access | Skills | Official |
|---|---|---|---|---|
| CCT2019 | Challenge | 🟢 Free | CCT2019 Legacy challenges from the US Navy Cyber Competition Team 2019… | Open |
| Crocc Crew | Challenge | 🟢 Free | Crocc Crew Crocc Crew has created a backdoor on a Cooctus Corp Domain… | Open |
| Frosteau Busy with Vim | Challenge | 🟢 Free | Frosteau Busy with Vim Stay frosty! | Open |
| Osiris | Challenge | 🔵 VIP | Osiris Can you Quack it? | Open |
| Snowy ARMageddon | Challenge | 🟢 Free | Snowy ARMageddon Assist the Yeti in breaching the cyber police perimeter! | Open |
| Theseus | Challenge | 🟢 Free | Theseus The first installment of the SuitGuy series of very hard challenges.… | Open |
| You’re in a cave | Challenge | 🟢 Free | You’re in a cave A room with some ctf elements inspired in text based RPGs… | Open |