Are you ready to uncover clues and examine suspicious applications to enhance your DFIR skills?

Check out our newest Sherlock addition to Dedicated Labs — Jingle Bell — and get the chance to:

• Explore insider threat scenarios and learn key techniques for uncovering hidden data leaks.
• Analyze digital footprints to piece together the story behind the incident.
• Develop a strategic approach to incident response and forensic analysis.

Have you ever wondered how to uncover hidden bugs and security vulnerabilities lurking in your code?

Our latest Module on Binary Fuzzing will take you on an exciting journey through the history, theory, and practical applications of this powerful software testing technique.

Learn how to test your applications with unexpected and malformed inputs to reveal critical issues that might otherwise go unnoticed. Don't let hidden vulnerabilities compromise your software's security!

Baxdoorz is an beginner-friendly Linux Machine that will show you how attackers can leverage a backdoor in xz-utils (CVE-2024-3094) to execute arbitrary commands on an infected Machine running the sshd daemon.

By completing this exclusive Machine, you will:

• Understand how this backdoor vulnerability works and why it poses a serious risk to Linux systems.
• Learn how attackers can exploit this vulnerability to execute harmful commands.

We're revamping our tutoring system! Say goodbye to Discord tutoring and hello to Academy Solutions – a step-by-step guide for every module question directly on our platform.

This is only available for Gold & Silver Annual Subscribers.

Why using Academy Solutions? It will help you overcome learning blockers and conquer complex concepts with ease. Upgrade to annual now and accelerate your cybersecurity journey!

Have you noticed our new certificate design for Professional Labs and Cloud Labs?

After extensive research and feedback from major professional associations and training organizations like ISACA, we've crafted a certificate that ticks all the boxes. Now, you can earn CPEs from any organization you belong to, simply by submitting your certificates of completion.

Here's what our new certification design includes ↓

• CPE credits: Get rewarded for your hard work with CPE credits.
• Length in hours: Easily track the duration of your learning journey.
• Subject areas covered: Know exactly what topics you've mastered.
• Location: Show off your achievements no matter where you are!

Get ready to showcase your expertise and level up your professional development like never before!

Have you been enjoying Sherlocks? Well, here’s your opportunity to bake-up your own.

We are now opening submissions for Sherlocks!

You’ve probably got questions:

• What are we looking for in a Sherlock?
• How much can you be paid?

Check it out all these answers on our blog!

The payment options for Machines and Challenges content submissions have been updated!

For content providers in US/UK/EU: You can now choose between regular bank transfer or a Wise/PayPal transfer/balance.

For content providers elsewhere: You can use Wise/PayPal transfer or balance for payments.

Plus, we've increased the payment amounts and made the process smoother, so you get more for your submissions and in only one payment! 💸

If you’re a fan of creating these challenges or would like to learn more, please visit here for Machine information and here for Challenge.

Ready to take on real-life attack scenarios?

Then prepare for battle ⚔️ The CTF competition for corporate teams you can't afford to miss is back!

WHY JOIN?

🎩 Top-quality hacking content: Access exclusive challenges featuring only the latest attacks and real-world hacking techniques.

🎮 Free gamified upskilling: Forget static experiences. Be part of an interactive storyline and learn while hacking. For FREE!

🎓 Certify your attendance: Reserve your spot, climb the charts, brag to your friends, and get CPEs and certificates.

🏆 Your prizes await: Get the chance to win $50,000+, swag, advanced services, our hearts, and so much more.

Sharpen your skills in Web Application exploits with the two (2) exclusive Machines released in April 2024.

Flipper

Explore and exploit two significant vulnerabilities with this Windows Machine: a remote command execution vulnerability in pgAdmin (CVE-2024-3116) and a double-free vulnerability in the nf_tables subsystem of the Linux kernel (CVE-2024-1086). Gain practical experience in exploiting recently disclosed vulnerabilities and understanding the steps involved in a cross-platform attack.

Better

This Linux Machine allows you to understand HTTP Parameter Pollution, identify and exploit SQL Injection vulnerability, recognize Password Reuse Risks, and leverage classic sudo permissions for Privilege Escalation.

Combine theory and hands-on practice to become proficient in attacking and mitigating Active Directory Trust Attacks.

This new Module gives you the essential knowledge and skills to:

• Understand Active Directory (AD): Learn about identity and access management, centralized domain administration, and authentication.
• Attack Domain Trusts: Identify vulnerabilities and execute offensive tactics in both intra-forest and cross-forest Trusts.
• Mitigate risks with hardening practices: Discover methods to reduce the risks of introducing Trusts into a working environment.
• Navigate Advanced AD Pentesting: Explore sophisticated pentesting techniques to identify potential threats within complex Active Directory environments.