Cybersecurity Lab

Welcome to the lab. You're here to learn what attackers know—network infiltration, Active Directory exploitation, and covert persistence. Every technique. Every vector. No simulations. Just cold, hard methodology.

OPSEC Warning: Educational lab environment only — stay legal

Completed

Progress

0h 0m

Time Spent

Total Modules

Phase 1:Network Attacks4 Modules

ARP Spoofing

Poison the network. Become the man in the middle. Intercept everything.

BeginnerStart →

Man-in-the-Middle

Ghost the wire. Read, modify, inject. They will never know you were there.

IntermediateStart →

DNS Spoofing

Control their DNS. Redirect traffic to your infrastructure. They click, you own them.

BeginnerStart →

IP Spoofing

Forge your identity. Spoof the source. Attack from shadows.

IntermediateStart →

Phase 2:Active Directory Attacks6 Modules

Kerberoasting

Request service tickets. Crack offline. Domain credentials are yours.

AdvancedStart →

AS-REP Roasting

No credentials needed. Target preauth-disabled accounts. Extract hashes anonymously.

AdvancedStart →

LLMNR Poisoning

Listen for broadcasts. Poison responses. Capture NTLMv2 hashes passively.

IntermediateStart →

Pass-the-Hash

Hash is all you need. No password required. Authenticate as anyone.

AdvancedStart →

Golden & Silver Ticket

Forge Kerberos tickets. Domain persistence for years. Total control.

AdvancedStart →

BloodHound

Map AD attack paths. Find shortest path to Domain Admin. Visualize ACL abuse opportunities.

AdvancedStart →

Phase 3:Password Cracking2 Modules

John the Ripper

Crack passwords offline. 500+ hash formats. Dictionary, brute-force, and hybrid attacks.

IntermediateStart →

Hashcat

GPU-accelerated cracking at 200 GH/s. Rules engine. Distributed cracking for massive wordlists.

AdvancedStart →

Phase 4:Wireless Attacks4 Modules

Wi-Fi Deauth Attacks

Disconnect clients from APs. Force handshake capture. Evil twin attacks. Denial of service.

IntermediateStart →

Aircrack-ng

Crack WPA/WPA2 passwords. Capture handshakes. Dictionary and brute-force attacks.

AdvancedStart →

Airodump-ng

Capture 802.11 frames. Monitor all channels. Identify targets and capture handshakes.

IntermediateStart →

WPS PIN Attacks

Brute force WPS PINs. Reaver and Bully. Bypass WPA2 through router misconfiguration.

AdvancedStart →

Phase 5:Exploitation Frameworks2 Modules

Metasploit Framework

Exploit database. msfconsole. Meterpreter shells. Post-exploitation and privilege escalation.

AdvancedStart →

PowerShell Empire

Pure PowerShell post-exploitation. Fileless attacks. Living off the land. Evade AV/EDR.

AdvancedStart →

Phase 6:Web Exploitation4 Modules

Coming Soon

SQL Injection

Manipulate database queries. Extract data. Execute commands. OWASP Top 10 #1.

Intermediate

Coming Soon

Cross-Site Scripting (XSS)

Inject malicious scripts. Steal sessions. Deface websites. Client-side code execution.

Intermediate

Coming Soon

CSRF (Cross-Site Request Forgery)

Force authenticated users to execute unwanted actions. State-changing attacks.

Intermediate

Coming Soon

File Upload Bypass

Upload malicious files. Bypass filters. Execute code. Web shells and backdoors.

Advanced

⚖️ OPSEC Protocol

You're learning real attack vectors. These techniques work. That's why they're strictly educational. All demonstrations are simulated—no live targets. Unauthorized access is a federal crime. Computer Fraud and Abuse Act. 18 U.S.C. § 1030. Don't be stupid.

Red team rules: Written authorization. Defined scope. Legal cover. Learn the tradecraft, stay white hat, and never cross the line.