Proving Ground

Learn to identify, exploit, and patch classic SQL Injection vulnerabilities in a web application backend.

Investigate system registry files to discover evidence of user activity, program execution, and malware persistence.

Exploit misconfigured Identity and Access Management policies in AWS to escalate privileges to Administrator.

Perform Kerberoasting attacks against a simulated Active Directory domain to harvest and crack service account hashes.

Analyze security event logs in Splunk to trace down the initial access point and impact of a simulated breach.

Write a custom exploit buffer payload to hijack execution flow on a vulnerable 32-bit Linux binary.

Audit an organizational network layout and policy set against ISO/IEC 27001 compliance standards.

Manipulate kernel heap layout using heap feng-shui to exploit a Use-After-Free bug in a custom driver.