Learn security. Play it.
No walls of text. No generic videos. An interactive cyber range that grows with every new CVE — real terminals, real attacks, real defense, in your language.
Pick your path. Every track is a story.
Each track is a sequence of missions — not lessons. You play a Defender. You ship the fix.
Foundations
Zero to Defender I.
Homelab, first server, anyone who says 'I'll do security someday.'
- ▸Understand security headers
- ▸Set up TLS/HTTPS correctly
- ▸Firewall fundamentals (UFW)
- ▸Read a security check
- ▸Fix the 3 most common misconfigs
Stack Hardening
DevOps-grade defense across your entire stack.
DevOps teams and solo-ops who self-host and want to know they're doing it right.
- ▸Docker security — container isolation
- ▸Nginx hardening — headers + rate limiting
- ▸Secrets management with Vault
- ▸RBAC — who can do what
- ▸Incident response — when it burns
- + 2 more
AI Agent Security
Ship AI agents that can't be hijacked.
Security engineers and AI builders deploying agents in production.
- ▸Prompt injection — how attackers hijack agents
- ▸LLM gateway hardening
- ▸AI agent sandboxing
- ▸Threat modeling for AI systems
- ▸OWASP Top 10 for LLMs
- + 1 more
Auth & Identity
OAuth, JWT, SSO, Zero-Trust — built right the first time.
Anyone who owns the login surface of a production system.
- ▸OAuth 2.1 + PKCE the right way
- ▸JWT pitfalls — alg:none, key confusion, replay
- ▸Session design — cookies vs. tokens in 2026
- ▸SSO with SAML + OIDC
- ▸MFA / WebAuthn / passkeys
- + 5 more
Incident Response
Detect. Contain. Recover. Without panic.
Ops and SOC — anyone who could be woken at 03:00.
- ▸Detection basics — what a real alert looks like
- ▸Triage under pressure
- ▸Containment playbooks
- ▸Forensics without nuking evidence
- ▸Recovery + root cause
- + 5 more
Compliance
NIS2, DORA, EU AI Act, GDPR — the technical side only.
Technical leads who have to translate legal text to engineering work.
- ▸NIS2 mapped to engineering controls
- ▸DORA — ICT risk + testing regimes
- ▸EU AI Act technical obligations
- ▸GDPR Art. 32 — what 'state of the art' really means
- ▸Evidence collection at scale
- + 3 more
Adversarial Defense
Play against a live AI attacker. Beat it. Level it up.
Anyone ready to defend under real pressure.
- ▸Introduction to adversarial thinking
- ▸Pattern recognition under fire
- ▸Supply chain attack defense
- ▸Social engineering defense
- ▸Ransomware kill-chain interruption
- + 5 more
The Hodlberg Campaign
Twelve acts. One company. You decide if it survives.
Everyone who wants to learn through narrative instead of drill.
- ▸Act I — The Seed Round breach
- ▸Act II — First hire, first mistake
- ▸Act III — Going multi-tenant
- ▸Act IV — The AI product launch
- ▸Act V — Auditor visit
- + 7 more
Play the Hodlberg Campaign.
You are the only security engineer at a fictional fintech. From seed-stage to IPO. Every track you complete reshapes their story — and yours.
Enter the Campaign →Rather have our team harden your stack directly?
Fixed-fee engagements from €5,000. Book a Strategy Call.
Book Strategy CallWeekly Security Report
Critical CVEs, fix guides, and hardening tips — free, every week.