Seven domains. Fifteen challenges. One scoreboard.
Break things, learn how they really break, and capture the graxo{...} flags.
🎯
Ethical Hacking
Recon, scanning, and the rules of engagement that make it legal.
📡
VAPT
Find the low-hanging fruit, then prove the impact.
🕸
Web App Security
SQLi, broken access control, SSRF, auth bypass — OWASP Top 10 in practice.
🔎
Source Code Review
Read the code, find the secrets a scanner never will.
⚙
Configuration Review
The app can be perfect and the config still sinks you.
🛡
System Hardening
Flip to blue team — every misconfig is a finding and a fix.
📝
Assessment & Reporting
Severity, CVSS, and writing findings a client can act on.
Copyright Sabih Qureshi
Play fair, attack only the lab targets, and have fun.
Play fair, attack only the lab targets, and have fun.