Structured training modules for competitive CTF preparation
These are the gym's structured training modules—your internal curriculum. Use these modules to build your skills. Each module is organized by category and difficulty level, containing multiple challenges that progressively build your expertise. Access the training platform through the CTFd instance to work through these modules. Start with beginner modules to establish fundamentals, then advance through intermediate and advanced content as you develop your skills.
Learn to identify and exploit SQL injection vulnerabilities. Understand how database queries work and how to manipulate them to extract sensitive information. Covers basic injection techniques, union-based attacks, and blind SQL injection.
8 challenges, 12-15 hours
Master XSS attacks including reflected, stored, and DOM-based XSS. Learn to bypass filters, execute JavaScript in restricted contexts, and chain XSS with other vulnerabilities. Includes CSP bypass techniques and advanced payloads.
10 challenges, 15-18 hours
Exploit SSRF vulnerabilities to access internal resources, bypass firewalls, and interact with cloud metadata services. Learn protocol handlers, filter bypasses, and advanced SSRF techniques for cloud environments.
6 challenges, 18-20 hours
Understand stack layout, function calling conventions, and how buffer overflows occur. Learn to identify vulnerable functions, calculate offsets, and craft shellcode. Covers basic stack-based overflows and simple ROP chains.
10 challenges, 14-16 hours
Master ROP techniques to bypass DEP and ASLR protections. Learn to find gadgets, chain ROP sequences, and build complex exploits. Covers x86 and x64 architectures, and advanced ROP techniques like SROP.
8 challenges, 16-20 hours
Exploit heap-based vulnerabilities including use-after-free, double-free, and heap overflow. Understand glibc malloc internals, tcache poisoning, and advanced heap manipulation techniques for modern systems.
7 challenges, 20-24 hours
Learn substitution ciphers, transposition ciphers, and frequency analysis. Understand Caesar, Vigenère, and Playfair ciphers. Practice cryptanalysis techniques and learn to recognize cipher types from ciphertext.
12 challenges, 10-12 hours
Understand RSA encryption and common implementation flaws. Learn to exploit small public exponents, weak key generation, and padding oracle attacks. Covers Coppersmith's attack and other advanced RSA vulnerabilities.
9 challenges, 14-16 hours
Exploit timing attacks, power analysis, and fault injection to extract cryptographic keys. Learn differential power analysis, cache timing attacks, and advanced side-channel techniques for breaking cryptographic implementations.
6 challenges, 18-22 hours
Learn x86 and x64 assembly language basics. Understand registers, instructions, calling conventions, and control flow. Practice reading and analyzing assembly code to understand program behavior.
15 challenges, 12-14 hours
Master static and dynamic analysis techniques using tools like Ghidra, IDA Pro, and GDB. Learn to identify functions, analyze control flow, and understand program logic. Covers obfuscation and anti-debugging techniques.
10 challenges, 16-18 hours
Analyze real malware samples in controlled environments. Learn to identify malicious behavior, extract indicators of compromise, and understand advanced obfuscation techniques. Covers packers, crypters, and anti-analysis methods.
8 challenges, 20-24 hours
Learn to capture and analyze network traffic using Wireshark and tcpdump. Identify protocols, extract data from packets, and understand network communication patterns. Covers packet filtering and protocol dissection.
10 challenges, 12-14 hours
Master network scanning and enumeration techniques using Nmap, Masscan, and custom tools. Learn to identify services, detect operating systems, and map network topologies. Covers advanced scanning techniques and evasion methods.
8 challenges, 14-16 hours
Exploit vulnerabilities in network protocols including DNS, SNMP, and custom protocols. Learn protocol fuzzing, man-in-the-middle attacks, and advanced network exploitation techniques for industrial and enterprise environments.
7 challenges, 18-20 hours
Learn to detect and extract hidden data from images, audio files, and other media. Understand common steganography tools and techniques. Practice identifying steganographic methods and extracting concealed information.
12 challenges, 10-12 hours
Analyze file systems to recover deleted files, examine metadata, and understand file system structures. Learn to use forensic tools like Autopsy, Sleuth Kit, and Volatility. Covers NTFS, ext4, and FAT file systems.
9 challenges, 14-16 hours
Analyze memory dumps to extract processes, network connections, and artifacts. Learn to use Volatility Framework for advanced memory analysis. Covers kernel structures, process injection detection, and advanced memory artifacts.
7 challenges, 18-22 hours