Pick a scenario, customize your strategy, and launch the battle
NGINX web server with a backend API. Red Team probes for injection, traversal, and misconfig. Blue Team monitors logs and hardens config.
REST + GraphQL API behind an API gateway. Red Team attempts auth bypass, rate limit abuse, and data exfiltration. Blue Team applies WAF rules.
Backend for a mobile banking app with OAuth2, push notifications, and a CDN. Red Team targets token theft, API abuse, and session hijacking.
Full-stack e-commerce platform with payment processing, inventory management, and customer data. Red Team targets payment flows and PII.
Simulated enterprise network with Active Directory, file shares, and email. Red Team attempts lateral movement. Blue Team monitors and segments.
Remote access VPN with split tunneling, MFA, and certificate-based auth. Red Team attempts credential theft and tunnel hijacking.
Authoritative DNS servers with zone transfers, DNSSEC, and recursive resolvers. Red Team targets DNS poisoning, amplification, and tunneling.
Enterprise mail infrastructure with SMTP, IMAP, spam filtering, and DLP. Red Team crafts phishing campaigns and attempts mail relay abuse.
AWS-style cloud environment with S3 buckets, EC2 instances, and IAM roles. Red Team hunts for misconfigurations. Blue Team enforces least privilege.
Kubernetes cluster with multiple microservices. Red Team escapes containers and pivots. Blue Team enforces network policies and RBAC.
Continuous integration pipeline with source control, build agents, and artifact registries. Red Team targets supply chain and secret leakage.
Serverless functions with API gateways, event queues, and managed databases. Red Team exploits cold start timing, injection, and IAM over-privilege.
Industrial control systems with PLCs, SCADA, and sensor networks. Red Team targets OT protocols. Blue Team monitors anomalies.
Building management system with HVAC, access control, cameras, and BACnet. Red Team targets physical-cyber convergence points.
Hospital network with EHR, PACS imaging, HL7 interfaces, and medical devices. Red Team targets patient data and life-critical systems.
Core banking platform with SWIFT messaging, transaction processing, and fraud detection. Red Team targets wire transfers and account manipulation.
Modern REST/GraphQL API with broken object-level authorization, mass assignment, SSRF, and excessive data exposure. Tests OWASP API Security Top 10.
Full-stack web application vulnerable to injection, broken authentication, XSS, insecure deserialization, and security misconfiguration.
OAuth 2.0 and OpenID Connect identity platform. Red Team exploits token theft, redirect manipulation, scope abuse, and consent bypass.
GraphQL API with introspection, nested queries, batch operations, and subscriptions. Red Team exploits query depth, field suggestions, and DoS vectors.
Service mesh with sidecar proxies, mTLS, and distributed tracing. Red Team bypasses service-to-service auth and exploits secret sprawl.
Mobile application with certificate pinning, local storage, biometric auth, and backend API. Red Team performs reverse engineering and API abuse.
Machine learning pipeline with model serving, training data, and inference APIs. Red Team targets model poisoning, adversarial inputs, and data pipeline attacks.
Zero trust network with identity-aware proxy, micro-segmentation, and continuous verification. Red Team tests identity-based attacks and policy bypass.
SCADA/ICS environment with Purdue model segmentation, RTUs, and OT/IT convergence points. Red Team targets industrial protocols and safety systems.
Smart contract platform with DeFi protocols, cross-chain bridges, and wallet infrastructure. Red Team targets contract vulnerabilities and flash loans.
Fast, noisy scanning to map the entire attack surface quickly
Low and slow advanced persistent threat simulation
Focus on OWASP Top 10 web vulnerabilities
Gather intel through OSINT and social engineering vectors
Target cloud misconfigurations across AWS, Azure, and GCP environments
Discover and develop novel exploit chains through research and fuzzing
Simulate the full ransomware attack lifecycle from access to encryption
Compromise software supply chain through dependencies and build systems
Target industrial control systems, SCADA, and IoT device networks
Coordinate a multi-vector red team campaign with objective-based planning
Scope-aware, methodical testing with report-quality documentation
Simulate a malicious insider abusing legitimate access and trust
Standard SOC monitoring and incident response
Proactive hardening before attacks begin
Proactive threat hunting using hypothesis-driven investigation
Coordinate incident response with structured playbooks
Executive-level risk management and strategic defense prioritization
Digital forensics with evidence preservation and timeline analysis
Secure cloud-native infrastructure with zero-trust and IaC controls
Deploy honeypots, honeytokens, and deception networks to detect intruders
Ensure regulatory compliance during and after security incidents
Bridge red and blue teams to validate controls and close detection gaps
Reverse engineer malware samples to extract IOCs and understand capabilities
Fast triage and containment with minimal time from detection to eradication
Select a scenario to begin