Streams

Pick your stream.
Red·Blue·Purple

One platform. Same ELO. Same skill vector. Same nightly REACTOR pipeline. Offence, defence, or the full-spectrum middle.

RED · OFFENSE

Break into things.

Offensive tradecraft. No quizzes, no simulations.

Find the bug. Chain the primitives. Capture the flag. Every challenge is a live app, a live binary, a live chain — something you exploit end-to-end.

challenge types

7

live challenges

—

stream

RED

toolkit

kali + burp + ghidra + foundry

Enter Red Stream →

Categories

OWASP Top 10 at speed. SQLi, XSS, SSRF, IDOR, auth-bypass chains.

Explore web →

RSA, AES, hashes — padding oracles, nonce reuse, length extension. Never "just run a tool".

Explore crypto →

Buffer overflows, format strings, heap feng shui. Leak, overwrite, escape the container.

Explore pwn / binary →

Smart Contracts

Reentrancy, integer overflow, broken access control. Hardhat sandboxes, real exploits.

Explore smart contracts →

Pivot from a handle to a hostname to a human. Web + social investigation puzzles.

Explore osint →

Broken auth, mass assignment, IDOR at the REST layer. Chain primitives, bag the flag.

Explore api security →

Prompt injection, jailbreaks, RAG poisoning. The attack surface nobody had in 2020.

Explore ai / llm →

BLUE · DEFENSE

Hunt the incident.

SOC tradecraft, on live captures.

Triage the SIEM alert. Correlate the evidence. Name the threat. Real PCAPs, real memory images, real logs — timed against a real analyst par.

challenge types

5

live challenges

—

stream

BLUE

toolkit

volatility + zeek + yara + velociraptor

Enter Blue Stream →

Categories

Live incidents. You get the ticket, the alerts, the box. Scope it, timeline it, hunt it.

Explore dfir →

Disk, memory, network. Recover the artifact, prove the story.

Explore forensics →

Static + behavioral. Unpack it, config-extract it, classify the family.

Explore malware →

Python, C, Go binaries. Ghidra + patience. Understand what it does, not what it looks like.

Explore reversing →

Defender-side OSINT: attribute the actor, map the infra, verify the report.

Explore osint →

PURPLE · BOTH

Red + Blue. Everything.

The hardest tier. Full-spectrum.

ELO-matched across the full offensive/defensive skill space. You'll exploit the app and then defend the same app's sibling — sometimes in the same challenge.

challenge types

12

live challenges

—

stream

PURPLE

toolkit

everything

Enter Purple Stream →

Categories

Exploit the SaaS, then triage the alert your exploit would have generated.

Explore web →

Recover key material from a captured session, decrypt, reconstruct the intent.

Explore crypto →

Write the implant, then reverse your own implant's twin.

Explore pwn / binary →

Smart Contracts

Exploit and defend in one scenario: reentrancy attack + the monitor that catches it.

Explore smart contracts →

Make the RAG assistant leak its system prompt. Then detect the attack.

Explore ai / llm →

Triage what your red colleagues just pulled off. Full-spectrum incident drill.

Explore dfir →

Disk, memory, pcap. Cross-discipline cases that need both offensive eyes and defensive rigour.

Explore forensics →

Write it, reverse it, detect it. Purple only.

Explore malware →

Understand the binary well enough to attack AND defend it.

Explore reversing →

Chain IDOR + BOLA + mass assignment. Then write the abuse detection rule.

Explore api security →

Attribution, recon, investigation — both sides of the table.

Explore osint →

Encoding, stego, scripting — the tricks that don't fit a taxonomy.

Explore misc →

Not sure? Start with Purple.

The ELO matchmaker will find your weak spot in minutes and start building your skill vector from there.

Start Hacking →See the pipeline

Red, Blue, and Purple Team Training | LevelUp