Missions

Pick a mission, read the briefing, root the box. Every run is unique — and earns a Sigil.

Start here — Flagship missions

New to the Arena? These three are the polished, hand-tuned path.

Start here

Ops Room: Lost Key

Beginner
Attacker

Break into a training host and capture your first proof. The gentlest way in.

Linux basicsFile discoveryRecon
~15 minSigil on win
Start the mission
Flagship

Incident Response: The Miner

Intermediate
Defender

Investigate a live cryptominer and remove its persistence before it comes back.

Incident responseProcess forensicsPersistence removal
~25 minSigil on win
View briefing
Flagship

DAEMON: HAL 9000

Nightmare
vs DAEMON

Face DAEMON, an adversarial system watching every command you type.

Adversarial playProcess huntingComposure under pressure
~30 minSigil on win
Enter DAEMON Mode

Red Team — Beginner

Attacker fundamentals.

Intel Gathering: Network Mapping

Beginner
AttackerBeta

Map an unknown network and build your first target profile.

NmapService enumerationRecon
~20 minSigil on win
View briefing

Broken Permissions: Sudo Escape

Beginner
AttackerBeta

A too-generous sudo grant is all you need to reach root.

SudoShell escapePrivilege escalation
~15 minSigil on win
View briefing

Careless Dev: Key Hunt

Beginner
AttackerBeta

A developer left an SSH key where anyone can read it. Find it. Use it.

SSH keysCredential huntingEnumeration
~15 minSigil on win
View briefing

Legacy FTP Drop

Beginner
AnalystBeta

An old FTP server full of forgotten files. What did they leave behind?

FTPFile analysisOSINT
~20 minSigil on win
View briefing

Red Team — Intermediate

Sharper escalation paths.

Elevation: SUID Hunt

Intermediate
AttackerBeta

You have a shell. Now get root — the SUID bits tell a story.

Privilege escalationSUIDLinux
~30 minSigil on win
View briefing

Web Breach: Data Extraction

Intermediate
AttackerBeta

The web app is leaking. Extract the data before they patch it.

SQL injectionWeb appsData extraction
~40 minSigil on win
View briefing

Container Breakout: Writable Passwd

Intermediate
AttackerBeta

Sloppy container permissions are your way out.

ContainersFile permissionsPrivilege escalation
~25 minSigil on win
View briefing

Timed Strike: Cron Injection

Intermediate
AttackerBeta

A root cron job runs a world-writable script. Inject your payload and wait.

Cron jobsScript injectionPersistence
~25 minSigil on win
View briefing

Blue Team — Incident Response

Defend, contain, recover.

Incident Response: The Web Shell

Advanced
DefenderBeta

The WAF flagged suspicious PHP uploads. Find the shell. Trace the damage.

Incident responseWeb shellsLog analysis
~30 minSigil on win
View briefing

Incident Response: The Backdoor

Advanced
DefenderBeta

Outbound C2 traffic detected. An attacker left a backdoor. Hunt it down.

Incident responseSSH backdoorsNetwork forensics
~30 minSigil on win
View briefing

Incident Response: Ransomware

Advanced
DefenderBeta

Files are encrypting right now. Contain it and recover before it spreads.

Incident responseRansomwareContainment
~30 minSigil on win
View briefing

Advanced & DAEMON

The system fights back.

DAEMON: Meet the Operator

Nightmare
vs DAEMONBeta

Root a box that fights back. The operator knows you’re here.

Adversarial playActive defenseStealth
~30 minSigil on win
Enter DAEMON Mode