Every challenge is built from a real incident that made headlines. Same vulnerability. Same environment. You exploit it yourself — not a simulation, not a walkthrough. Proof of work.
Real breaches. Real labs. Real CPE.
Every challenge is built from a real incident that made headlines. Same vulnerability. Same environment. You exploit it yourself — not a simulation, not a walkthrough. Proof of work.
After the hack, flip sides. The evidence is in the logs — find it. Query the SIEM, trace the kill chain, identify every indicator of compromise. This is what defenders actually do.
Patch the vulnerable code. Write the detection rule. Harden the configuration. The breach already happened — now make sure it can't happen again on your watch.
The technical fix is never the whole answer. Policy failed. Architecture was wrong. Incentives pointed the wrong way. Argue it out with security professionals who were in the room.
Every phase earns verifiable CPE. Recognized by ISC2. Based on proof of work not attendance. Your certificate links to everything you did — permanent, public, defensible.
Lived through an incident? Ran a red team? Built a detection that actually worked? Publish it as a challenge. Keep 90%. Your experience has monetary value here — even if you built it somewhere else first.
Loading today's security news…