Capture The Flag is near and dear to our hearts
It's where we established our careers and learned what we know.
We've written papers, taught classes, led teams. All for Capture The Flags.

We Build Security Training

The best defense is a good offense. Capture The Flags have been training generations of hackers since before 1999. They can teach not only how attacks happen, but how to conduct offensive security.

We build every type of security challenge. Whether it's OWASP Top Ten, Forensics, Reverse Engineering, Exploitation, or something in between, we know how to make it fun and approachable.

Hacking Workshops

Web Hacking Workshops

Phubble is a broken web application riddled with vulnerabilities designed to simulate a real world photo sharing application.

Phubble features vulnerabilities including:

  • Cross Site Scripting (XSS)
  • SQL Injection
  • Cross Site Request Forgery (CSRF)
  • Command Injection
  • and many other bugs featured in the OWASP Top 10

Phubble provides students with the invaluable experience of attacking a live website, exfiltrating data, and slowly escalating privileges until they’re root.

Phubble serves as an excellent exercise for the end user to learn and practice their hacking skills. It can be be approached with or without source code and is designed to be fun for both newcomers and experts of web security.

Each student receives a personal live instance of Phubble, documentation describing various web vulnerabilities, and an instance of CTFd to track their progress and compete against other students.