Forest (created by egre55 & mrb3n8132) is an easy Windows Domain Controller machine featuring an Exchange Server setup. The domain allows anonymous LDAP binds, enabling enumeration of domain object...

Sightless is an easy Linux challenge where exploiting a vulnerable SQLPad instance leads to Docker access, cracking a password hash grants SSH entry, and leveraging a Blind XSS flaw in Froxlor to g...

Damn Vulnerable Web Application (DVWA) is a deliberately insecure PHP-based web application. It includes a wide range of common issues like SQL Injection, Cross-Site Scripting (XSS), File Inclusion...

A step-by-step guide to building a fully functional vulnerable Active Directory home lab using Windows Server 2025 for hands-on learning and security practice.