Projects

• HTTP

• status codes

• cache-control

The Secret Detective Http Project

Explore how web servers respond to HTTP requests. Learn to read headers, status codes, and analyze cache behavior using only browser tools and online services—no coding required.

• cybersecurity

• penetration testing

• gobuster

Pentesting Web Reconnaissance Project - The Lovers

In this project, students will perform the web reconnaissance phase on the vulnerable machine The Lovers. The goal is to explore the initial web page, identify the login form, and use tools like Gobuster or Dirb with SecLists to enumerate hidden directories and files. No exploitation will be performed yet; the results will serve as input for later phases.

• linux

• cybersecurity

• blue-team

Metadata Investigation: The Secret of the Mona Lisa

A Linux system has been compromised. Your mission is to investigate a suspicious image, track the attacker, and uncover hidden persistence tasks. Only by cleaning the system correctly will you be able to reconstruct the final flag.

• windows

• cybersecurity

• blue-team

Malware Analysis: Suspicious

You’ve received a suspicious executable. Your task is to decompile it, identify the malicious behavior, and clean the binary. Only by successfully removing the malicious activity will the program execute fully and reveal a message that contains the flag.

• linux

• cybersecurity

• blue-team

SQLite Forensics Recovery

A critical database backup was found damaged. As an analyst, your task is to recover usable data and find the flag.

• PHP

• HTML and CSS

• cybersecurity

Detect the XSS Vulnerability

Analyze a vulnerable form in a fictional licensing site, identify the XSS vulnerability, and validate your finding with a script.

• Python

• cybersecurity

• blue-team

Blue Code - Sabotaged Password Recovery

Analyze and repair a Python script sabotaged by an internal attacker to recover the original password. Once fixed, validate it and decode a flag using CyberChef.

Building Project Requirements With AI

• cybersecurity

• Nmap

• network-scanning

Pentesting Reconnaissance Project - The Lovers

This project introduces students to the reconnaissance phase on the vulnerable machine The Lovers. Students will discover the target's IP address, scan open ports and services with Nmap, identify the operating system, and confirm the existence of an HTTP service as preparation for further enumeration and exploitation phases.

• wireshark

• network analysis

• pcap

HTTP Traffic Forensics: Red Flag

Analyze a .pcap file containing a suspicious HTTP transaction, find a Base64-encoded string, and decode the flag.

• cybersecurity

• blue-team

• osint

OSINT Tracing: Where Was This Photo Taken?

Analyze a seemingly anonymous photo to determine the city and country where it was taken. Use OSINT techniques to validate the flag.

• reverse-shell

• post-exploitation

• linux

Reverse Shell Cleanup

A Linux server has been compromised and multiple hidden reverse shells were planted. Your job as an analyst is to detect and remove them.

• PHP

• cybersecurity

• blue-team

Pwned! - Find the Backdoor

Investigate a compromised website to detect a hidden reverse shell. Find the backdoor and validate your discovery.

• osint

• owasp-a05-security-misconfiguration

• Python

Criminal Name - Hunt and Decode

Analyze a suspicious script, deduce the criminal's name from clues, and decode a flag using CyberChef.

• cybersecurity

• penetration testing

• sql-injection

Pentesting Exploitation Project - The Lovers

In this project, students will perform the exploitation phase on the vulnerable machine The Lovers. The goal is to use the reconnaissance findings to gain access, explore the system, and escalate privileges to full control. Students must include evidence of the exploitation, obtained credentials, exploration findings, escalation techniques, and the discovered flags in their final report.

• windows

• engineering-reverse

• cybersecurity

Final Boss II - Forensic Analysis and Reverse Engineering

An AI startup was compromised overnight. As a forensic analyst, you must reconstruct the incident from collected evidence and recover a hidden password inside a suspicious executable.

• linux

• cybersecurity

• blue-team

Classic Cryptography: Holy Riddle

You’ve recovered a suspicious string. Your goal is to decrypt it using a classic cipher method called Atbash and validate your result using a script. Only if you decrypt it correctly will you receive the final reward.

• linux

• cybersecurity

• blue-team

OSINT Tracing: The John Click Case

A user known as johnclick1337 posted a threat before disappearing. Use OSINT techniques to uncover his email and validate the flag.

• linux

• cybersecurity

• blue-team

Insider Threats: The Impostor

Face an internal sabotage that has taken down the main web service. Investigate, escalate privileges, and unmask the imposter to restore operability.

• linux

• cybersecurity

• red team

OSINT Tracing: The Police

A police officer went missing while investigating a trafficking network in Eastern Europe. It is believed he managed to leave a hidden clue on a web server. Your mission is to trace his exact location using analytical thinking, logical deduction, and OSINT techniques. If you identify the correct city, you will be rewarded with a flag.