Vuln Hosts

The lab is composed of custom vulnerable web applications and systems as well as ready-made systems like DVWA and VulnHub machines.

Custom Targets​

Carefully crafted systems which parallel actual systems and scenarios encountered on real life penetration tests.


Pivoting is a crucial technique to master for offensive security specialists. The lab provides multiple networks to hone your skills.

What is it?

The Dark Labs are meant to provide a safe, fun, and challenging environment for security enthusiasts of all levels to learn and sharpen their skills.

The goal is to help more people learn the skills necessary to have fun with cyber security as fast and as fun as possible. Included with access to the labs is educational material which will supplement the hands-on learning experience of attempting to hack in to a system.

Users of the lab will be able to walk away with knowledge of the most common (and not so common) vulnerability and attack patterns. They will have the opportunity to exploit these issues, and in the process will gain all the necessary rudiments of networking, programming, and systems (Windows/Linux)

Who is it for?

The labs will be a fun and educational experience for people of all skill levels including complete newcomers to security.

  1. Blue teamers. This is a great place to get a true understanding of what you’re defending against.

  2. Red teamers. come get exposure to new attack patterns that you will be able to apply in real world engagements.

  3. OSCP Preparation. For those looking to get the OSCP certification this experience will help build the skills needed to earn it.

  4. Although total newbies are encouraged to check out the labs, we do recommend at least some experience with virtual machines, command line, Linux, and networking fundamentals.

How do I connect?

Once access to the labs has been purchased access to the web portal will be granted. From there an OpenVPN config is will be available for download which can be used to connect and start hacking.

The network is divided into 3 sections, Humans, Lab1, and Lab2.

  1. Humans is where everyone will land when first connecting to the VPN, there are no targets in this network, only other members.

  2. Lab1 is the only other network accessible upon first connecting.

  3. Lab2 can be access only by pivoting after compromising certain machines in Lab1.

What’s in it?

Inside Lab1 and Lab2 a variety of target systems await. Some of the most interesting systems from VulnHub, along with industry standard practice targets like Metasploitable and DVWA, have been combined with our own custom-built vulnerable systems and applications in a live Active Directory domain.

Each system will challenge different skill sets. In the process of compromising these systems students will become proficient in the following bug classes and exploitation methodolidies:

  • SQL injection
  • LDAP injection
  • File inclusion
  • XML External Entities injection (XXE)
  • Object deserialization in (Java, PHP, Python, and more)
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Insecure Direct Object References (IDOR)
  • Session management issues
  • Buffer overflows
  • Windows and Linux privilege escalation
  • Domain privilege escalation (due to Active Directory misconfiguration)

The lab parallels a real life corporate network. New systems and challenges are being added constantly.

What’s Needed?

  • Computer with stable internet access.

  • Kali Linux as base OS or running as a virtual machine.

  • At least 1gb of ram and 20gb of disk for the Kali system.

  • Willingness to learn.

  • Basic command line and networking knowledge.


While we encourage hacking lab systems by any means possible, other user’s systems are absolutely off limits. This kind of activity will lead to an immediate expulsion from the labs.

Despite the rules that are in place, the labs (just like Starbucks Wi-Fi) should be considered a hostile network filled with other hackers. Don’t connect any important systems to this network and beware of what services you are exposing i.e. don’t leave SSH running with default creds (root:toor on Kali)

What’s included?

Included with access to the lab are the following resources:

  • Text and video training material (coming soon).

  • Web portal to manage progress and reset lab systems if needed.