Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

Build your team’s skills with hands-on projects

Help your team gain practical cybersecurity experience and test their skills through a series of real-world scenarios.

Claim your FREE 7-day trial

Apply new cybersecurity skills

Projects are a series of hands-on exercises designed to reinforce your team’s skills and provide real-world cybersecurity experience. Each exercise tests the practical application of key topics covered in the associated learning path.

As your team works through the challenges, they’ll put what they learned into practice, gain hands-on experience and build confidence around their new skills.

Gain practical cybersecurity experience

Learn how to analyze network traffic, pentest web applications, write secure code and more!

Start practicing Watch the introduction video, download the files and work through a series of challenges
Reinforce knowledge Revisit the material or get hints from the instructor when stuck on a difficult challenge
Validate new skills Check if each challenge was solved correctly — or if there are areas where your team can improve

Project library

Blockchain Security Project
Projects
Blockchain Security Project

Blockchain Security Project

Practice your blockchain security skills as your progress through five challenges. You'll begin by organizing information into valid block. Then you'll answer questions related to proposed solutions to the 51% attack and performing a double-spend attack on a Proof of Stake blockchain. Finally, you'll identify smart contract vulnerabilities and the importance of binding values.

Estimated project time: 2 hours, 11 minutes

Cryptography and Cryptanalysis Project
Projects
Cryptography and Cryptanalysis Project

Cryptography and Cryptanalysis Project

Six challenges will test your applied cryptography skills. In this project, you’ll need to find information in encrypted network traffic, circumvent obfuscation to examine malware network communications and configuration samples, break down a hash function operation to find a specific input value and find the values of obfuscated passwords and cookies.

Estimated project time: 2 hours, 10 minutes

Cybersecurity Data Science Project
Projects
Cybersecurity Data Science Project

Cybersecurity Data Science Project

In this project, you’ll analyze a malware sample using classifiers provided in the project files — or with ones you build yourself. You’ll begin by creating a virtual machine for the project and exporting its image in the OVA format, then extract the list of imports and identify the most commons 4-grams in the binary sequence in the Jigsaw ransomware sample. You’ll recognize images created with deepfakes and determine text in a large number of CAPTCHA images.

Estimated project time: 2 hours, 12 minutes

Incident Response Project
Projects
Incident Response Project

Incident Response Project

Use your incident response skills along with tools like Wireshark, Zeek and Volatility to respond to real-world scenarios. In the first project, you'll investigate a "watering hole attack" that may have affected someone in the IT department. In the second project, you'll need to investigate an SQL injection attack that may have led to credit card data being exfiltrated.

Estimated project time: 5 hours, 6 minutes

Mobile Application Pentesting Project
Projects
Mobile Application Pentesting Project

Mobile Application Pentesting Project

Twenty-four practical exercises in this project allow you to hone your iOS and Android application pentesting skills. You will use popular tools such as dex2jar and Hopper, practice working with ADB (Android Debug Bridge) and exploit various application vulnerabilities, including side-channel data leakage, broken cryptography, developer backdoors, insecure data storage and many others.

Estimated project time: 4 hours

Network Traffic Analysis for Incident Response Project
Projects
Network Traffic Analysis for Incident Response Project

Network Traffic Analysis for Incident Response Project

In this project, you will need to apply your knowledge and use common network traffic analysis tools to solve multiple challenges. Each challenge involves examining a network traffic capture file containing evidence of malicious activity, such as malware infection, data exfiltration and C2 (command-and-control) communications. You’ll need to find leaked credentials, analyze an attempted DDoS attack, extract files from captures and even more.

Estimated project time: 1 hour, 29 minutes

NIST Cybersecurity Framework Project
Projects
NIST Cybersecurity Framework Project

NIST Cybersecurity Framework Project

In this project, you’ll meet the challenge of performing a gap analysis to determine the current state of the organization, compared to the target state. You’ll practice determining and adjusting impact levels with information from FIPS 199 and NIST SP 800-60 and identifying the high-water mark from the impact levels. You’ll select, map and tailor controls from the NIST SP 800-53 catalog.

Estimated project time: 2 hours, 13 minutes

NIST DoD RMF Project
Projects
NIST DoD RMF Project

NIST DoD RMF Project

In this project, you’ll be applying the process for selecting system impact levels and choosing security controls based on them. Based on a given scenario, you’ll define the types of potential losses for confidentiality, integrity and availability and define the impact levels of low, moderate and high. You’ll complete the NIST FIPS 200 worksheet for system categorization and perform other tasks related to the RMF application process.

Estimated project time: 2 hours, 17 minutes

OWASP Top Ten Project
Projects
OWASP Top Ten Project

OWASP Top Ten Project

In this project, you’ll be introduced to five scenarios involving examples of common web application vulnerabilities and attacks. You’ll need to analyze examples of application log entries and payloads sent to be processed and identify the type of vulnerability that is being exploited in each scenario. What are the potential consequences of a successful exploitation? What mitigation options can be implemented?

Estimated project time: 2 hours, 14 minutes

Secure Coding Fundamentals Project
Projects
Secure Coding Fundamentals Project

Secure Coding Fundamentals Project

Apply the hacker mindset to application security by solving the multiple challenges included in this project. You’ll need to identify vulnerabilities in the provided applications and code samples and discover how those vulnerabilities could be exploited by an attacker. See for yourself how security errors in code can lead to compromised credentials, SQL injections, and buffer overflow and Cross-Site Scripting (XSS) attacks.

Estimated project time: 2 hours, 8 minutes

Web Application Pentesting Project
Projects
Web Application Pentesting Project

Web Application Pentesting Project

This project is built on a real bounty-based CTF challenge hosted by Infosec. Each of its levels represents a vulnerable Web application and is based on the OWASP Top Ten list of the most common web application security risks, including SQL injection, Cross-Site scripting (XSS), broken authentication and more. You’ll need to apply all your knowledge about web application vulnerabilities and use many different tools and browser utilities to solve the challenges.

Estimated project time: 3 hours, 18 minutes

Web Server Protection Project
Projects
Web Server Protection Project

Web Server Protection Project

Secure a real web server in this hands-on project containing ten challenges. You will need to work with an Apache web server installed on a virtual machine to implement network filtering, add cookies to access log, harden the host OS, identify tampered binary files and complete other tasks to ensure that your web server is properly protected.

Estimated project time: 2 hours, 42 minutes

Windows 10 Host Security Project
Projects
Windows 10 Host Security Project

Windows 10 Host Security Project

Multiple challenges within this project allow you to practice securing Windows 10 hosts. You’ll begin by setting up a secure Hyper-V lab environment. Next, you’ll practice locating and enabling the virtual trusted platform module and virtualization-based security, encrypting data with BitLocker, sharing files and modifying user permissions, verifying port security provided by Windows Firewall and much more.

Estimated project time: 2 hours, 24 minutes

Windows Server Security Project
Projects
Windows Server Security Project

Windows Server Security Project

Set up a secure Hyper-V lab on your host PC and build your skills through eight hands-on challenges. You'll start with installing Active Directory onto the server. Then you'll practice creating a shared folder and calculating effective permissions, hiding shares from users without access, encrypting files using the Encrypting File System (EFS) and BitLocker, blocking access via IP addresses and firewall ports, and securing server traffic using certificates.

Estimated project time: 2 hours, 13 minutes

x86 Disassembly Project
Projects
x86 Disassembly Project

x86 Disassembly Project

Practice your x86 skills by using tools like NASM, Makefiles, objdump, gdp and more to complete three projects. In the first project, you'll create the quintessential Hello World program to practice skills such as registers, memory, instructions, system calls, and building and linking x86 Assembly. In the second project, you'll debug an x86 program to practice using ASCII, condition codes and deciphering unknown assembly instructions and programs. Finally, you'll tie together all of the concepts from the Introduction to x86 Disassembly Learning Path with a project that leverages input, output and logic flows.

Estimated project time: 2 hours, 42 minutes

Plans and pricing

Personal

$299

Annually

Teams

$599 / license

Annually. Includes all content plus team admin and reporting.

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Infosec and Infosec Skills

Best Cybersecurity Education Provider and Best Security Education Platform

Infosec Skills

Most Innovative Product

Infosec Skills

Cyber Security Education and Training

Infosec Skills

SC Media names Infosec Skills Best IT Security Training

See for yourself why Infosec Skills leads the cybersecurity training industry.