Roadmap

What just dropped and what's on the way - fresh labs, daily challenges, and new chapters.

418 XP up for grabs

Just dropped

Daily Hacks 3
Free
Daily Hack
Difficulty Medium OSINT 10 XP Jul 13
Pro
Daily Hack
Difficulty Easy Digital Forensics & IR 1 XP Jul 12
Pro
Daily Hack
Difficulty Hard Cryptocurrency & Blockchain Security 1 XP Jul 11
Labs 1
Free

Reverse engineer a Linux license binary, recover a hidden flag, and write a keygen to forge the admin key. Read the ARM64 disassembly with objdump and GDB to beat the activation check. A hands-on crackme: can you own it?

Medium 400 XP 1 Jul 2026, 16:00 UTC
Chapters 4
Pro
SOC Analyst

Reading raw events one by one never finds the attacker. Filtering then aggregating does. You'll write the SPL and Elastic queries that turn a wall of noise into a ranked lead, the move that names the threat before it finishes. 🛡️

40 min 1 XP Jul 13
Pro
SOC Analyst

You cannot detect what you never collected. Stand up a real SIEM, enroll an agent, and watch a failed login land on the dashboard in seconds. The free tool that gets you hired, before the per-gigabyte bill buries the team. 🛡️

35 min 1 XP Jul 12
Pro
SOC Analyst

Most breaches set off alarms nobody answers. You'll run the triage loop a SOC analyst works every shift: read the alert, judge real versus noise, escalate before the attacker finishes. The skill that turns a wall of dashboards into stopped attacks. 🛡️

25 min 1 XP Jul 11
Pro
Linux Terminal Basics

Attackers automate everything. Defenders who can't script are always one step behind. You'll build a port checker and a log analyzer from scratch, the same tools SOC analysts rely on daily. 🔧

35 min 1 XP Jul 10

Coming up

Daily Hacks 1
Daily Hack

Pivot three hops to the vault

Difficulty Insane Network & Infrastructure 10 XP Jul 14
Labs 1
Free

SSRF Attack: Steal Cloud Metadata Credentials

Exploit a real SSRF attack in a link-preview SaaS to reach the cloud metadata service (IMDS), steal the instance's temporary IAM credentials, and abuse an over-permissive role to read an internal secret. Run the full SSRF-to-cloud chain hands-on in the Attack Terminal.

Medium 400 XP 1 Aug 2026, 16:00 UTC
Chapters 8
Pro
SOC Analyst

Windows telemetry detection

Macros still launch PowerShell, and that process chain sits in your Windows logs if you collect the right event. Deploy Sysmon, read event 4688, and hunt the winword to powershell pair that precedes ransomware. Catch it before the files lock. 🛡️

40 min 1 XP Jul 14
Pro
SOC Analyst

Network detection

Encrypted payloads hide the content, never the pattern. Run Suricata on a real capture, read the alerts, then catch a DNS-tunneling exfil channel hiding in plain sight and the C2 beacon ticking on a fixed interval. Detection on the wire. 🛡️

40 min 1 XP Jul 15
Pro
SOC Analyst

MITRE ATT&CK mapping

You cannot defend what you cannot name. You'll tag real alerts with their MITRE ATT&CK technique IDs, then colour a Navigator layer into a coverage heatmap that exposes exactly where you are blind, before an attacker finds it for you. 🛡️

30 min 1 XP Jul 16
Pro
SOC Analyst

Detection engineering with Sigma

Write one Sigma rule and deploy it to Splunk, Elastic, and Wazuh at once. You will catch encoded PowerShell, convert the rule with sigma-cli, then tune it until the false positives stop. The write-once detection multiplier real engineers live on. 🛡️

45 min 1 XP Jul 17
Pro
SOC Analyst

Threat hunting

No alert fired, yet they are inside. You'll stop waiting and go hunting: stack process data across the fleet, find the one certutil that downloaded a payload, and sweep every host with Velociraptor. The skill that catches what signatures never will. 🛡️

40 min 1 XP Jul 18
Pro
SOC Analyst

Threat intelligence

Most intel feeds drown you in hashes and IPs an attacker swaps for free. You'll enrich real indicators in MISP and rank them on the Pyramid of Pain, so you build detections on the behaviour they cannot change, not the disposable junk. 🛡️

35 min 1 XP Jul 19
Pro
SOC Analyst

SOC operations and metrics

Dashboards full of green do not mean a thing if attackers dwell for weeks. You'll run an incident through a real triage playbook, automate the noise with SOAR, and calculate the two numbers that run every SOC floor: detection and response time. 🛡️

35 min 1 XP Jul 20
Pro
Steganography

Steganography foundations

Encryption makes a message look scrambled. Steganography hides it so nothing looks wrong at all. You'll run the first-response sweep analysts use on any suspect file: file, strings, exiftool, binwalk, then pull out data hiding past the last pixel. 🔍

30 min 1 XP Jul 25
15,000+ Hackers 100+ Labs & Courses Free
Start Hacking Free