VOLT TYPHOONCVE-2021-44228WIZARD SPIDERPROMPT INJECTIONAPT29 / NOBELIUMDNS TUNNELINGHARVEST·NOW·DECRYPT·LATEROilRig/APT34ML-KEMLOCKBIT 3.0SCATTERED SPIDERDGA DETECTIONLOG4SHELLZERO-DAY

811 Stages · AI · Post-Quantum · Nation-State CTF

Defend the Future.
Start Here.

AI attacks. Quantum decryption. Nation-state DNS ops.

The threats have changed — train on the same exploits behind Equifax, the NHS breach, and VOLT TYPHOON's ERCOT grid campaign, then step into AI prompt injection and post-quantum cryptography. Every domain. All in your browser.

Start Training — Free →View 811 Stages

🔴 VOLT TYPHOON — Critical Infrastructure Pre-positioning🟡 Emotet DGA — NHS London, 2024🔴 WIZARD SPIDER — Log4Shell Campaign🟠 OilRig DNSpionage — DNS Tunneling via iodine/dnscat2🔴 NOBELIUM — SolarWinds Supply Chain Compromise🟡 LockBit 3.0 — Wildcard DNS Policy Bypass🔴 Scattered Spider — Social Engineering + DNS-layer Evasion🔴 HARVEST NOW DECRYPT LATER — Post-Quantum Threat Active🟠 CVE-2023-20198 — IOS XE Privilege Escalation🔴 Godlua Trojan — DoH Evasion via 1.1.1.1:443🔴 VOLT TYPHOON — Critical Infrastructure Pre-positioning🟡 Emotet DGA — NHS London, 2024🔴 WIZARD SPIDER — Log4Shell Campaign🟠 OilRig DNSpionage — DNS Tunneling via iodine/dnscat2🔴 NOBELIUM — SolarWinds Supply Chain Compromise🟡 LockBit 3.0 — Wildcard DNS Policy Bypass🔴 Scattered Spider — Social Engineering + DNS-layer Evasion🔴 HARVEST NOW DECRYPT LATER — Post-Quantum Threat Active🟠 CVE-2023-20198 — IOS XE Privilege Escalation🔴 Godlua Trojan — DoH Evasion via 1.1.1.1:443

811

Stages

Epochs

13+

Domains

3.5M

Open Jobs

EVERY DOMAIN · ONE PLATFORM

Way more than cybersecurity

From classic CVEs to the deep tech defining the future — hack satellites, electric vehicles, and robots, learn how GPU & quantum chips are made, and build real-world skills from debate to flag football.

🏛️

Core Security

Foundations, landmark CVEs & exploits

📋

Tech Audit

Governance, cloud, agentic monitoring

🎯

Threat Frameworks

ATT&CK, Diamond, kill chains, STIX/TAXII

🧠

AI & LLM Security

Prompt injection, ATLAS, OWASP LLM

⚛️

Quantum Era

PQC, QKD, harvest-now-decrypt-later

🌐

Defend the Enterprise

Physics of hacking — side channels & fault injection

NEW

💠

Silicon: Sand to Superchips

How GPU & quantum chips are made

NEW

🚀

Race Through Space

Satellite & spacecraft hacking (CTF)

NEW

🚗

EV & Vehicle Security

CAN bus, keyless, the Jeep hack (CTF)

NEW

🦾

Robotics & Robots

ROS, drones, industrial arms (CTF)

NEW

🏭

Operational Technology

ICS, SCADA, PLCs & the grid (CTF)

NEW

🏈

Flag Football

Foundations → high-school mastery

🎓

STEM & More

Baseball, debate, driving, travel, crafts

Browse all 80 epochs →

Real exploit environments

Every stage is a live terminal.

Not a quiz. Not a video. You get a simulated network, real commands, and a hidden flag buried inside the vulnerable environment. Read the full briefing and attack diagram before you drop in — then use ARIA for guided coaching if you get stuck.

🔎Investigate with real forensic commands

💥Exploit the actual vulnerability mechanics

🏁Submit the flag to unlock the next stage

🤖ARIA AI hints on demand — never reveals the flag

Open a Terminal →

kryptos-cronos — try me

Kryptós CronOS — live demo shell

You've breached a staging server. Capture the flag.

Type 'help' or 'hint' — or tap a suggestion below.

agent@kryptos:~$

try:

Six curriculum tracks

A complete security education

From SQL injection to post-quantum cryptography. Every track is hands-on CTF.

View stage map →

🏛️

Core Security

75 stages

Ancient exploits to modern CVEs — the canon every defender must know.

SQL InjectionXSSHeartbleedLog4Shell+2

📋

Tech Audit

48 stages

Enterprise IT governance, cloud configuration, and AI agent risk management.

IT GovernanceCloud SecurityAI AgentsCompliance+1

🎯

Threat Frameworks

22 stages

Map real-world APT campaigns using MITRE ATT&CK and ATLAS AI threat framework.

MITRE ATT&CKMITRE ATLASAPT TacticsKill Chain+1

🤖

AI Security

40 stages

OWASP LLM Top 10 — attack and defend the language models powering modern software.

Prompt InjectionModel PoisoningData LeakageJailbreaking+1

⚛️

Quantum Era

70 stages

Nation-states are harvesting encrypted traffic today. Understand the post-quantum transition.

Harvest Now Decrypt LaterML-KEM / ML-DSAQKDPQC Migration+1

🌐

Defend the Enterprise

10 stages

Hardware & physical-layer attacks — side channels, fault injection, Rowhammer.

Side ChannelsRowhammerPower/EM AnalysisFault Injection+1

🚀

Race Through Space

20 stages

Satellite & spacecraft hacking (CTF)

GNSS SpoofingViasat / AcidRainCCSDS TelemetryGround Segment+2

🚗

Wired & Autonomous

20 stages

EV, connected & self-driving vehicle security (CTF)

CAN BusUDS Seed-KeyKeyless RelayOCPP / V2G+2

🦾

Robotics

20 stages

Robots, drones & autonomous machines (CTF)

ROS / DDSMAVLink DronesRobot ArmsAMR Fleets+2

🏭

Operational Technology

10 stages

ICS, SCADA & the physical world (CTF)

Modbus / DNP3PLCs & LadderSCADA / HMIStuxnet+2

How it works

Three steps from zero to defender

📖

Read the briefing

Each stage opens with a full breakdown — vulnerability mechanics, real-world incident, attack diagram, and attack timeline. Study the context before you engage.

💻

Run the exploit

Drop into a simulated terminal. Investigate, exploit, and capture the flag using real commands on the actual vulnerable environment.

🏆

Earn & rank up

Capture the flag, earn XP, unlock your badge, and climb the leaderboard. Daily streaks unlock milestone badges.

Built different

Not a video course. Not a quiz bank.

🎯

Real exploit environments

Every CTF challenge is modeled on the actual server, code, or config from the real incident — not a simulation of a simulation.

🤖

ARIA AI hint assistant

Stuck? ARIA (powered by Claude) gives contextual hints without revealing flags. Available on every stage, rate-limited to keep it fair.

📊

Gamified progression

XP, badges, daily streaks, and a live leaderboard. Linear stage gating keeps the difficulty curve honest.

3.5 million unfilled positions globally

Train for jobs that are hiring right now

Every stage maps to real skills employers list in job postings.

Role

🛡️ SOC Analyst

Avg salary

$70K – $100K

Skills you'll build

Threat detection & log analysis
Incident triage and response
CVE identification

Covered in

AI Threat DetectionWannaCry / EternalBlueLog4Shell

Role

🎯 Penetration Tester

Avg salary

$90K – $140K

Skills you'll build

Web application exploitation
Network vulnerability assessment
CTF-style attack simulation

Covered in

SQL InjectionXSSSSRFHeartbleed

Role

🤖 AI / LLM Security Engineer

Avg salary

$120K – $180K

Skills you'll build

LLM prompt injection testing
AI model threat modeling
OWASP LLM Top 10

Covered in

Prompt InjectionModel PoisoningRAG Attacks

Role

☁️ Cloud Security Engineer

Avg salary

$110K – $160K

Skills you'll build

IAM misconfigurations
Server-side request forgery
DNS-layer security

Covered in

SSRF / Capital OneDNS TunnelingDNS Filtering

Completions generate shareable certificates. Start earning them →

Simple pricing

Free to start. Built to scale.

Individual learners, security teams, and enterprise partners — one platform.

Free

$0forever

Full access to Our First Journey — 30 beginner CTF stages. No credit card required.

✓30+ beginner stages
✓ARIA AI hints
✓Live leaderboard
✓Streak & badge system

Start Free

Every domain. 811 stages.
All in your browser.

Free to start. No credit card. No setup.

Create Free Account →

Defend the Future.Start Here.

Way more than cybersecurity

Every stage is a live terminal.

A complete security education

How it works

Read the briefing

Run the exploit

Earn & rank up

Built different

Real exploit environments

ARIA AI hint assistant

Gamified progression

Train for jobs that are hiring right now

🛡️ SOC Analyst

🎯 Penetration Tester

🤖 AI / LLM Security Engineer

☁️ Cloud Security Engineer

Free to start. Built to scale.

Every domain. 811 stages.All in your browser.

Defend the Future.
Start Here.

Every domain. 811 stages.
All in your browser.