Lessons
The following lessons explain different programming concepts and have been published by our members. Search for a particular lesson using the filters
Discover why prompt engineering is crucial and what you'll learn in this foundational module. A glimpse to the future.
Get ready to dive into the world of Prompt Engineering and discover how to communicate effectively with AI
This article immerses you in an Ubuntu server where nothing is as it seems. Your mission is to identify a malicious user acting from within, manipulating scheduled tasks and leaving traces in the system. You'll learn to navigate the file system, inspect processes, review firewall rules, and analyze cron jobs for suspicious activity. An experience that challenges both your technical knowledge and your deductive skills.
This article immerses you in a cyber defense challenge with a deeply human focus: rescuing a lost agent through clues hidden in code. You'll learn to deduce geographic information with Python, generate custom dictionaries, use Hydra to automate controlled attacks, and decode base64 messages. More than a technical exercise, it's a lesson in how cybersecurity also involves empathy, ingenuity, and commitment to those who trust us to protect them.
A letter to remind you that you are not alone in this transformation. Today you are right in the middle of this challenge, and I want you
Face the course's most complex challenge. Learn to identify exposed backups, access with Evil-WinRM, abuse scheduled tasks to escalate privileges in Windows, and decode the final flag in Base64. This challenge tests your observation, creativity, and everything learned in previous days.
Windows may seem solid, but beneath its surface lie misconfigured services, vulnerable scheduled tasks, and forgotten credentials waiting to be exploited. This lesson teaches you how to escalate privileges in a corporate environment, using techniques like service abuse, unprotected binaries, and specialized tools such as WinPEAS and PowerUp.
Understanding the different categories of AI models and when to use each one. Learn some technical terms related to AI
John Click made a mistake: he talked too much, left traces… and now it's your turn to find them. In this OSINT challenge, you'll use real tools to track a username across multiple platforms. Your goal is clear: obtain John's personal email and close the digital loop of his identity. This challenge will teach you to think like an investigator and act like an analyst.
In this challenge, you'll put your analytical skills and keen eye to the test to detect hidden threats. You'll explore a seemingly innocent PHP site that conceals a reverse shell payload. Your mission: discover its exact location and understand how this technique is used by attackers to gain covert remote access.
This article takes you on a digital hunting mission where there is no malware or clear alerts, only subtle clues hidden in the data. You will learn to use Python to filter names, identify patterns, and apply conditional logic like a true forensic analyst. The goal: find an impostor among a list of identities, and decode a hidden base64 message. A lesson on how defense can also be an active search for the truth.
Learn how a vulnerable WordPress installation with the RevSlider plugin can be the perfect entry point for a reverse shell. This challenge explores the use of Metasploit, exploiting outdated plugin versions, and the offensive mindset that turns an innocent blog into an opportunity.
This exercise is not just about tools, but about observation and deduction. Learn to exploit services like WordPress and SMB using lateral thinking. Discover how public information can become an attack dictionary, and how enum4linux can help you open hidden doors.
Gaining access to a system is just the beginning. The real conquest starts with privilege escalation. In this lesson, you'll learn to identify misconfigurations, abuse SUID binaries and poorly configured sudo, and how to move laterally between users to dominate the system.
Understand what Applied AI is and how you can use it in your work. Explore the most common AI concepts
This challenge puts you face to face with one of the most painful scenarios in cybersecurity: database corruption. You'll learn practical techniques to recover information from damaged SQLite files using command-line tools, Python scripts, and forensic approaches. Here, it's not just about data, but about resilience and analysis under adverse conditions. A first step toward recovering what seemed lost.
In this article, you will explore the world of Cross-Site Scripting (XSS), a vulnerability that turns the browser into an attack field without the user noticing. You will learn how JavaScript can be used both to create rich experiences and to inject malicious code. You will discover practical examples, understand the types of XSS, and develop a critical eye to identify vulnerable code. Because in web defense, the enemy often hides in what seems innocent.
In this article, you dive into the art of reading code as a tool for cyber defense. It's not just about finding errors, but about detecting subtle alterations that could indicate an attack. You will learn the fundamentals of Python, understand how attackers manipulate scripts, and train your mind to restore the original intent of the code. This is an exercise in analysis, logic, and active listening: code also speaks, if you know how to read it.
This lesson introduces you to the art of intercepting and analyzing data in transit. Learn to use Burp Suite to capture HTTP requests, identify encoded information, decode it with CyberChef, and apply cracking techniques to reveal passwords and secrets hidden in plain sight.
Learn how a simple, poorly protected file upload function can open the door to a reverse shell. This lesson explores common PHP vulnerabilities, from arbitrary uploads to remote code execution, and shows you how to establish reverse shells from compromised servers.