We are thrilled to launch 8kSec Battlegrounds, our new free mobile training ground designed to help you turn theoretical knowledge into real-world skills.
Inside, you’ll find a collection of interactive applications and focused challenges that look and feel secure, just like the mobile environments you use every day. Your goal? Find the hidden vulnerabilities and exploit them to gain access, steal the data, and see for yourself how attackers operate in the wild. You’ll come out of these labs with sharpened skills, real confidence, and a certificate to back it up!
A Tour of Your New Playground
We drew inspiration from the apps we all use daily, like games, password managers, media viewers, and even VPNs. The idea was to replicate real-life scenarios to show how attackers can exploit common user behaviors and application flaws.
Let’s look at what you’ll be up against:
Android Application Exploitation Challenges
We start off with our “Uncrackable” Android Apps! These are real-world applications that just happen to have hidden vulnerabilities and logic vulnerabilities you can actually exploit. You’ll gain hands-on experience with techniques like bypassing client-side security controls, exploiting deep links, and creating malicious applications to extract data from the target app. Ever wanted to exploit an application by using just a single link? Here is your chance!
iOS Application Exploitation Challenges
Tackle the famously tough iOS ecosystem with our ever so “secure” apps. In the real world it’s never just basic local storage that is an issue! Our range of vulnerable iOS applications are geared to challenge your knowledge of the Apple ecosystem and the vulnerabilities you’d come across when you analyze them. You’ll develop custom scripts and work with essential tools like Frida, Objection, and Hopper to tackle tasks ranging from bypassing biometric authentication and SSL pinning, to conducting vulnerability assessments and writing exploits. All while hunting for “Golden Nuggets” hidden within the app.
ARM Exploitation Challenges
Why focus on just IPA and APK based challenges when you can learn more? We know all mobile devices run some flavor of ARM. This is your chance to master the backbone of mobile and IoT devices with our ARM Exploitation Challenges. You will get hands-on practice with reverse engineering and dynamic analysis, learning to bypass security controls as you tackle vulnerabilities ranging from classic heap overflows to subtle use-after-free bugs. This course will make you comfortable using essential tools like pwndbg, radare2, and Ghidra, helping you build a true attacker’s mindset and intuition around ARM binary attack strategies.
This is what sets our labs apart:
- Real-World Exploitation, Not Just CTFs: Forget abstract challenges. Here, you’ll chain multiple vulnerabilities together to steal data, just like in a real-world attack. For most of the challenges, you’ll need to craft your own malicious apps and web links, and when a user interacts with them, you’ll compromise their data or even gain access to their hardware peripherals. This isn’t always about just finding a flag like in most CTF challenges out there, it’s about practical, hands-on hacking.
- A Uniquely Comprehensive Platform: We couldn’t find any other free platform that covers iOS, Android, and ARM exploitation all in one place. Until now, you had to piece together tools and apps from different sources to learn each skill. With our labs, you get a single, streamlined path to explore a wide range of vulnerabilities in a structured, consistent environment.
- Designed to Be Fun and Engaging: We believe learning should be enjoyable, and not a chore. That’s why we’ve modeled some of our labs after addictive falling-object games and interactive apps you’d actually want to use. These aren’t just broken test apps, they’re designed to look and feel like real products, making the experience more immersive and engaging.
- Verified, Certified Skills: After completing the challenges, you can submit your solutions for review. Our team will verify that the exploitation was done correctly, and if it meets the criteria, you’ll earn an official certificate of completion. It’s a way to prove your skills aren’t just theoretical – they’re tested, validated, and real.
Practice Mobile Hacking Legally and Safely
It’s tough to find legal, hands-on apps where you can safely practice the mobile security techniques you read about online. When we were getting started, there were plenty of blog posts, but nowhere to actually test and apply what we were learning (for free!). So, we built what we wished we had!
These labs were created for the next generation of security professionals. They’re open to everyone, and not just our training attendees, and offer a safe, streamlined way to explore real-world mobile hacking techniques across Android, iOS, and ARM. You’ll encounter a wide range of vulnerabilities, all organized in one place, so you can focus on learning, and not on setting up or hunting for targets.
Use them to test your skills, break things, and experiment. And when you’re ready to dive deeper into advanced techniques, our full training courses will be here to take you further.
The skills you need to secure the future of mobile apps are just a challenge away.
