How a session goes
Sign in
Auth0 handles the sign in. The first time you sign in you claim a handle, which becomes the URL of your public profile.
Pick a lab
Open the labs catalog. Filter by status, search by CVE ID, or just scroll. Each card shows the CVE, severity, and how much XP it is worth.
Launch the sandbox
One click. A private container boots in roughly a minute. You get a URL that only you can reach.
Work the five steps
Brief, locate, reproduce, patch, harden. Each step has its own multiple choice question. You can move between steps freely.
Who this is for
If you are learning offensive or defensive security and you are tired of reading writeups without ever touching the code, this is for you. Researchers use it to keep a finger on classes of bugs they do not see every day. Hiring managers point new engineers at it during onboarding. You do not need to install anything. A browser is enough.Next
Open the app
Sign in and start a lab.
Quickstart
Finish your first lab in about ten minutes.
How labs work
A tour through the five step flow.
Read the blog
Vulnerability writeups and platform notes.

