pwn.college

Learn to hack!



Welcome to pwn.college!

pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. In martial arts terms, it is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) cybersecurity competitions (CTFs) and wargames. Our philosophy is “practice makes perfect”.

The platform is maintained by an awesome team of hackers at Arizona State University. It powers much of ASU's cybersecurity curriculum, and is open, for free, to participation for interested people around the world!

If you have comments, suggestions, and feedback, please email us at pwn@pwn.college!




Great! How do I jump in?

pwn.college is organized into a series of dojos, each of which covers a high-level topic area. Please start your journey with the Getting Started dojo:

Once you complete this module, you can access many other dojos full of amazing hacking knowledge through the Dojos link at the top of the page. When you run into problems with concepts and challenges, you can get help on our discord server. The discord is also a great place to chat with other aspiring hackers!




The "School Year"

pwn.college is available year-round, but during ASU's semester, we host live classes on our Twitch channel to dig into the material currently being covered on pwn.college, then archive those to our YouTube channel. The live classes are used to fill in gaps between prerecorded lectures and answer student questions.

Current live classes:



The Belts

Consider hacking as a martial art that students earn belts in as they progress and build their skills. This course progresses hackers from white belts, to orange belts, yellow belts, green belts, and then finally refines them into blue belts. This is not just metaphor: we have actual belts, in yellow, green, and blue, custom-embroidered for pwn.college.

Eventually, hackers continue their journey beyond pwn.college, becoming certain in their skills, achieving brown belt status (and able to, for example, usefully contribute to the cybersecurity industry and academia), before finally graduating to hacking masters: black belts. But this, unfortunately, must happen outside of the dojo (for now!).

How to earn an orange belt?

For an orange belt, you must complete all active challenges launched in:

How to earn a yellow belt?

For a yellow belt, you must complete all active challenges launched in:

How to earn a green belt?

For a green belt, you must complete all active challenges launched in:

How to earn a blue belt?

For a blue belt, you must complete all active challenges launched in:

How to get the actual belt?

To get your belt, send us an email from the email address associated with your pwn.college account once you’ve completed the necessary challenges. We’ll then get your belt over to you (eventually)! Note that, due to logistical challenges, we're currently only shipping belts to hackers after they earn their blue belt. Until then, we will belt you in person, at ASU or some security conference.

Who has earned belts? We maintain a list of hackers with pwn.college belts. Once you achieve your belt, we will add you to the list!



Collaboration, Livestream, and Writeup Policy

The challenges created for pwn.college are educational material, and are used to grade students at ASU. Because of this, we would appreciate that writeups, walkthrough videos, and livestreams of challenge solutions are not posted to the internet. Obviously, we can’t enforce this, but we worked hard to make all of this public, and we would appreciate your help in keeping pwn.college a viable educational platform.



Further Practice

After you learn the basics of cybersecurity and earn your blue belt, you should move on to harder challenges.

Capture The Flags (CTFs) are a great way to practice your hacking skills in a fun and ethical way. The most popular way to find upcoming events is at https://ctftime.org. There is also a list of introductory CTFs here. If you are at ASU, feel free to check out and join ASU’s enigmatic hacking club.

Wargames are another great way to practice your hacking skills. Whereas CTFs are short (normally 48 hour) events, wargames are not time-based. You can find a list of wargames at https://github.com/zardus/wargame-nexus.

If you want to get involved with cybersecurity research, but don’t know how, consider joining us for an internship at ASU.



Reusing pwn.college Material

Want to use pwn.college in your course? You can!

The videos and slides of pwn.college lectures are licensed under CC-BY-NC. You can use them freely for non-commercial purposes, but please provide attribution! Additionally, if you use pwn.college in your own education program, we would appreciate it if you email us to let us know. Evidence of wide-spread use of pwn.college for education will be a huge help for Yan’s tenure case!

EDUCATORS: If you are an educational institution and are using pwn.college as part of a class, you can import our challenges (or add your own) into your own private dojo for your students! Create your dojo here.

CONFERENCES: If you are running a conference and would like pwn.college presence there (as a form of intense weekend-long training), please email us!



Contributing

The infrastructure powering pwn.college is open source, and we welcome pull requests and issues. Some of the modules are closed-source, because they include source code and solution scripts, but others can be found on github. If you are an educator, or otherwise someone we trust, and are interested in collaborating on the modules themselves, please email us at pwn@pwn.college. Likewise, drop us a line if you are interested in collaborating on the slides!



Greetz

Team work makes the dream work, and the team behind pwn.college is full of dreamers! They are:



Resources