Attack a live Linux target in your browser

Every session is a new host, new story, new puzzle. No walkthroughs exist because no two runs are the same.

No signup · 15-minute demo · Beginner-friendly

root@webserver-04a ~ ssh session

root@webserver-04a:~# nmap -sV 10.0.8.0/24

Starting Nmap 7.94 ( https://nmap.org )

Nmap scan report for 10.0.8.3

PORT    STATE SERVICE   VERSION

22/tcp  open  ssh      OpenSSH 8.9p1

80/tcp  open  http     Apache 2.4.52

3306/tcp open  mysql    MySQL 5.7.38

root@webserver-04a:~# ls -la /var/www/html/

drwxr-xr-x 4 www-data www-data 4096 Apr  7 09:12 .

-rw-r--r-- 1 www-data www-data  814 Apr  7 09:12 index.php

-rw-r----- 1 root     root      42 Apr  7 08:55 .db_creds

root@webserver-04a:~# cat .db_creds

cat: .db_creds: Permission denied

root@webserver-04a:~#

Powered by 149,000+ real attack events captured across 6 global nodes

LondonHelsinkiNYCTorontoBangaloreSydney

Every Session is Different

No two environments are the same. The host, filesystem, processes, and story change every time you connect.

Walkthrough-Proof

No guide can help because the scenario changes every run. You develop real methodology, not memorised steps.

Real Attack Intelligence

Scenarios are informed by genuine threat data from global monitoring. Train against patterns that matter.

How It Works

Step 1

Enter a live terminal

Connect to a real Linux environment directly in your browser. No installs, no VPN, no setup.

Step 2

Investigate the host

Enumerate services, explore the filesystem, read logs, and piece together what happened on this machine.

Step 3

Capture objectives and score

Find the flags, complete the objectives, and earn a score based on your technique and efficiency.

Why this isn't another static CTF

Traditional capture-the-flag platforms give everyone the same box. Once someone writes a walkthrough, the challenge is dead.

Static CTFs

  • Fixed host every time
  • Known process tree
  • Reusable walkthroughs
  • Same experience every session

Krystal Arena

  • New host each run
  • Variable processes
  • No walkthrough fits
  • Different every session

Coming Soon

DAEMON Mode

Can you root a box that's fighting back?

An adaptive defender watches your every command. Taunts you. Moves files. Rotates credentials. Good luck.

Pricing

Free

$0/forever

  • 1 scenario
  • 60-minute sessions
  • Progress tracking
Get Started
Most Popular

Pro

$14.99/mo

or $99/year

  • All scenarios
  • Unlimited sessions
  • DAEMON mode
  • Leaderboard
  • Badges
Go Pro

Your next scenario hasn't been created yet.
It will be when you start it.

Enter the Arena