Practice on intentionally vulnerable targets in fully isolated, AI-supervised training environments — legal, authorized, and controlled.
Use these skills only on systems you own or are explicitly authorized to test. Unauthorized access, scanning, exploitation, disruption, credential collection, or data acquisition may be illegal. CyberForge Academy practical exercises are restricted to controlled training environments.
Spin up a fully provisioned environment from your browser in seconds — no setup, no VMs to manage.
A real shell in your browser tab. No installs, no local risk to your machine.
Every session runs in its own segmented network that cannot reach the internet or other students.
Fresh, per-session credentials are generated at launch and destroyed at teardown.
Per-student flags and randomized conditions make answer-sharing pointless.
Warden watches every command, blocks anything targeting outside the lab, and can end abusive sessions.
Idle and expired labs are torn down automatically to keep environments clean and costs contained.
Every command and alert is recorded to an immutable audit trail for review and grading.
Our AI Laboratory Supervisor guides you with progressive hints and grades your work — while blocking any command aimed outside the lab network. Offensive practice stays strictly inside the sandbox, always paired with detection and defense.
All trainers here are AI assistants, not humans. Responses may contain errors — verify critical professional decisions.
A preview of guided lab scenarios. Launch them from your student dashboard.
Objective: Access another user’s object by ID, then add per-object authorization.
Est. 45 min
Objective: Identify the path to Domain Admin, then recommend and apply the hardening.
Est. 60 min
Objective: Discover the escalation path, then rewrite the policy with least privilege.
Est. 55 min
Objective: Find the misconfiguration, escalate to root, capture the flag, then harden it.
Est. 50 min
Objective: Find the suspicious process and extract the indicator, then document custody.
Est. 50 min
Objective: Identify the beaconing pattern and propose the detection.
Est. 40 min
Objective: Correctly triage the queue and write one new detection.
Est. 50 min
Objective: Extract the admin flag via SQLi, then patch the endpoint with a parameterized query.
Est. 45 min
Objective: Remediate the flagged vulnerabilities and pass the security tests.
Est. 45 min
Objective: Trigger stored XSS, then apply output encoding and a CSP to stop it.
Est. 40 min
Create an account to launch supervised labs and track your progress.