Our challenges are designed to help security professionals and enthusiasts practice and develop their offensive security skills across multiple domains. Each challenge is crafted by industry experts who present at top conferences worldwide.
Realistic scenarios based on real-world vulnerabilities
Progressive difficulty from beginner to expert
Detailed walkthroughs and hints available
Earn certificates upon completion
Free access to all challenge content
Achievement
Earn Lab Completion Certificates
Complete all challenges in a domain and earn your certificate of completion.
Android Lab Certificate
iOS Lab Certificate
ARM Lab Certificate
AI Lab Certificate
Getting Started
How It Works
01
01
Create Account
Sign up for free on the 8kSec Academy platform. No credit card required.
02
02
Pick a Domain
Choose from AI, Android, iOS, or ARM security challenges based on your interest.
03
03
Solve & Earn
Complete challenges, submit flags, and earn your domain completion certificate.
FAQ
Frequently Asked Questions
Yes — all 41 labs across the four domains are completely free to access. You create a free account on the 8kSec Academy platform (no credit card required) and get immediate access to all challenge content. There is no paywall, trial period, or time limit.
There are four domains: AI Security (10 labs covering prompt injection, LLM jailbreaking, and AI agent exploitation), Android Security (10 labs covering APK reverse engineering, component exploitation, and dynamic analysis), iOS Security (11 labs covering binary analysis, jailbreak detection bypass, and app security), and ARM Exploitation (10 labs covering ARM64 reverse engineering and exploitation). 41 labs in total.
Each domain is structured with progressive difficulty — challenges start at a foundational level and build toward expert-level scenarios. If you are new to mobile security, the Android or iOS beginner challenges are a good entry point. If you have some experience with CTFs or security tools like Frida or jadx, you will be able to move through the early levels quickly and hit meaningful difficulty by the intermediate challenges.
The AI Security labs cover offensive AI techniques applied to real LLM-powered applications — prompt injection (direct and indirect), jailbreaking techniques to bypass safety guardrails, LLM agent manipulation, and exploiting insecure tool usage in AI systems. They are designed to complement the Practical AI Security course and reflect real-world attack scenarios, not toy examples.
The Android challenges cover APK decompilation and static analysis, reverse engineering obfuscated code, exploiting Android app components (activities, content providers, broadcast receivers), dynamic analysis with Frida, and bypassing root/emulator detection. Each lab isolates a specific vulnerability class so you build focused skills.
The iOS labs cover binary analysis of Mach-O applications, exploiting insecure data storage and keychain misuse, WebView and URL scheme vulnerabilities, bypassing jailbreak detection, SSL pinning bypass, and dynamic instrumentation with Frida on iOS. The iOS domain has 11 labs — the largest set — reflecting the depth of the iOS attack surface.
The ARM challenges focus on ARM64 reverse engineering and binary exploitation — understanding ARM64 assembly, analyzing stripped binaries, identifying vulnerability classes (stack overflows, use-after-free), and building exploits for ARM64 targets. These are aimed at people interested in low-level exploitation on mobile and embedded platforms.
No. All challenges run in virtualized or cloud-based environments. You do not need a physical iPhone, iPad, or Android device. A laptop with an internet connection and a browser is all you need to get started.
For most challenges you will need basic tools that security professionals typically already have — a browser, terminal, Python, and depending on the challenge: jadx or apktool for Android APK analysis, Frida for dynamic instrumentation, or a disassembler like Ghidra for ARM/binary challenges. Each lab includes guidance on the tools needed.
Complete all challenges within a specific domain to earn that domain's Lab Completion Certificate. There are four certificates available — Android, iOS, ARM, and AI. These are certificate-of-completion credentials, separate from the professional certification exams (OMSE, CMSE, CASR, CISR etc.) offered alongside 8kSec's paid training courses.
Yes. Each challenge has hints available and detailed walkthroughs are provided after a challenge is completed or after a certain number of attempts. The goal is learning — you are not left stranded on a challenge without any guidance.
Yes — the Battlegrounds are explicitly designed to complement the training courses and help you build practical skills for the certification exams. The Android labs reinforce skills tested in the CMSE and CASR exams. The iOS labs align with the CISR exam. The ARM labs complement the OAAE exam. Working through the relevant domain before attempting a certification exam is strongly recommended.
Yes. The challenges work well for team skill development and internal CTF-style competitions. For structured, instructor-led training with customized content and certification preparation, see our Corporate Training options — these are private sessions with a minimum of 5 participants.
Ready to Test Your Skills?
Join thousands of security professionals and enthusiasts who are sharpening their offensive security skills with 8kSec Battlegrounds.
10 Labs 
10 Labs 
11 Labs 
10 Labs 
