Seven domains. Fifteen challenges. One scoreboard.
Break things, learn how they really break, and capture the graxo{...} flags.

🎯

Ethical Hacking

Recon, scanning, and the rules of engagement that make it legal.

📡

VAPT

Find the low-hanging fruit, then prove the impact.

🕸

Web App Security

SQLi, broken access control, SSRF, auth bypass — OWASP Top 10 in practice.

🔎

Source Code Review

Read the code, find the secrets a scanner never will.

Configuration Review

The app can be perfect and the config still sinks you.

🛡

System Hardening

Flip to blue team — every misconfig is a finding and a fix.

📝

Assessment & Reporting

Severity, CVSS, and writing findings a client can act on.

Copyright Sabih Qureshi
Play fair, attack only the lab targets, and have fun.