Projects

The Secret Detective Http Project

Explore how web servers respond to HTTP requests. Learn to read headers, status codes, and analyze cache behavior using only browser tools and online services—no coding required.

Pentesting Web Reconnaissance Project - The Lovers

In this project, students will perform the web reconnaissance phase on the vulnerable machine The Lovers. The goal is to explore the initial web page, identify the login form, and use tools like Gobuster or Dirb with SecLists to enumerate hidden directories and files. No exploitation will be performed yet; the results will serve as input for later phases.

Metadata Investigation: The Secret of the Mona Lisa

A Linux system has been compromised. Your mission is to investigate a suspicious image, track the attacker, and uncover hidden persistence tasks. Only by cleaning the system correctly will you be able to reconstruct the final flag.

Malware Analysis: Suspicious

You’ve received a suspicious executable. Your task is to decompile it, identify the malicious behavior, and clean the binary. Only by successfully removing the malicious activity will the program execute fully and reveal a message that contains the flag.

SQLite Forensics Recovery

A critical database backup was found damaged. As an analyst, your task is to recover usable data and find the flag.

Detect the XSS Vulnerability

Analyze a vulnerable form in a fictional licensing site, identify the XSS vulnerability, and validate your finding with a script.

Blue Code - Sabotaged Password Recovery

Analyze and repair a Python script sabotaged by an internal attacker to recover the original password. Once fixed, validate it and decode a flag using CyberChef.

Building Project Requirements With AI

Pentesting Reconnaissance Project - The Lovers

This project introduces students to the reconnaissance phase on the vulnerable machine The Lovers. Students will discover the target's IP address, scan open ports and services with Nmap, identify the operating system, and confirm the existence of an HTTP service as preparation for further enumeration and exploitation phases.

HTTP Traffic Forensics: Red Flag

Analyze a .pcap file containing a suspicious HTTP transaction, find a Base64-encoded string, and decode the flag.

OSINT Tracing: Where Was This Photo Taken?

Analyze a seemingly anonymous photo to determine the city and country where it was taken. Use OSINT techniques to validate the flag.

Reverse Shell Cleanup

A Linux server has been compromised and multiple hidden reverse shells were planted. Your job as an analyst is to detect and remove them.

Pwned! - Find the Backdoor

Investigate a compromised website to detect a hidden reverse shell. Find the backdoor and validate your discovery.

Criminal Name - Hunt and Decode

Analyze a suspicious script, deduce the criminal's name from clues, and decode a flag using CyberChef.

Pentesting Exploitation Project - The Lovers

In this project, students will perform the exploitation phase on the vulnerable machine The Lovers. The goal is to use the reconnaissance findings to gain access, explore the system, and escalate privileges to full control. Students must include evidence of the exploitation, obtained credentials, exploration findings, escalation techniques, and the discovered flags in their final report.

Final Boss II - Forensic Analysis and Reverse Engineering

An AI startup was compromised overnight. As a forensic analyst, you must reconstruct the incident from collected evidence and recover a hidden password inside a suspicious executable.

Classic Cryptography: Holy Riddle

You’ve recovered a suspicious string. Your goal is to decrypt it using a classic cipher method called Atbash and validate your result using a script. Only if you decrypt it correctly will you receive the final reward.

OSINT Tracing: The John Click Case

A user known as johnclick1337 posted a threat before disappearing. Use OSINT techniques to uncover his email and validate the flag.

Insider Threats: The Impostor

Face an internal sabotage that has taken down the main web service. Investigate, escalate privileges, and unmask the imposter to restore operability.

OSINT Tracing: The Police

A police officer went missing while investigating a trafficking network in Eastern Europe. It is believed he managed to leave a hidden clue on a web server. Your mission is to trace his exact location using analytical thinking, logical deduction, and OSINT techniques. If you identify the correct city, you will be rewarded with a flag.