pwn.college
Learn to hack!
pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. In martial arts terms, it is designed to take a “white belt” in cybersecurity through the journey to becoming a “blue belt”, able to approach (simple) cybersecurity competitions (CTFs) and wargames. Our philosophy is “practice makes perfect”.
The platform is maintained by an awesome team of hackers at Arizona State University. It powers much of ASU's cybersecurity curriculum, and is open, for free, to participation for interested people around the world!
If you have comments, suggestions, and feedback, please email us at pwn@pwn.college!
Ground Rules
The challenges created for pwn.college are, first and foremost, educational material, and are used to grade students at universities around the world. Because of this, we would appreciate that you do not post writeups, walkthrough videos, and livestreams of challenge solutions to the internet. Obviously, we can’t enforce this, but we worked hard to make all of this public, and we would appreciate your help in keeping pwn.college a viable educational platform.
Getting Started — Learn the Basics!
The material on pwn.college is split into a number of "dojos", with each dojo typically covering a high-level topic. These first few dojos are designed to help you Get Started with the platform. Start here before venturing onwards!
Note: if you run into problems with concepts and challenges, you can get help on our discord server. The discord is also a great place to chat with other aspiring hackers!
-
Getting Started
14 Hacking
2 Modules
10 Challenges -
Linux Luminarium
70 Hacking
12 Modules
84 Challenges -
Optional Refreshers
26 Hacking
4 Modules
228 Challenges
After completing the dojos above, dive into the Core Material below!
Core Material — Earn Your Belts!
These dojos form the official pwn.college curriculum, taking you on a curated journey through the art of hacking. As you progress and build your skills, like in a martial art, you will earn belts for completing dojo after dojo.
The material is designed to be tackled in order. We won't stop you from jumping around if you want (and have the requisite skills), but you must earn belts sequentially.
-
Intro to Cybersecurity
44 Hacking
6 Modules
141 Challenges -
Program Security
33 Hacking
4 Modules
110 Challenges -
System Security
12 Hacking
5 Modules
80 Challenges -
Software Exploitation
23 Hacking
8 Modules
173 Challenges
After completing the dojos above, not only will you be added to the belts page, but we will send you actual pwn.college-embroidered belts!
To get your belt, send us an email from the email address associated with your pwn.college account. We’ll then get your belt over to you (eventually)! Note that, due to logistical challenges, we're currently only shipping belts to hackers after they earn their blue belt. Until then, we will belt you in person, at ASU or some security conference.
Community Material — Earn Badges!
No matter how much material we create, there is always more to learn! This section contains additional dojos created by the pwn.college community. Some are designed to be tackled after you complete the dojos above, whereas others are open to anyone interested in more specialized topics.
Completing these dojos will grant you emoji badges!
-
pwn.college Archives
3 Modules
27 Challenges -
ARM Dojo
5 Hacking
2 Modules
28 Challenges -
CTF Archive
63 Modules
512 Challenges -
The Quarterly Quiz
2 Hacking
2 Modules
13 Challenges -
Windows Warzone
1 Hacking
1 Module
7 Challenges -
Codesprouts's
1 Module
3 Challenges -
Computing 101
3 Modules
15 Challenges -
Cryptomania
1 Hacking
1 Module
5 Challenges -
Hunter Dojo
1 Module
4 Challenges -
Hydra Dojo
1 Hacking
1 Module
7 Challenges -
Kalevala
2 Modules
17 Challenges -
Linux Lunacy
2 Modules
6 Challenges -
Pwntools Tutorials
1 Hacking
1 Module
12 Challenges -
The Art of the Shell
1 Hacking
5 Modules
46 Challenges -
The House Always Wins
1 Hacking
1 Module
9 Challenges -
Westworld Dojo
1 Module
2 Challenges
The Courses — Earning Credit
We leverage the above material to run a number of courses on this platform. For the most part, these courses import the above material, though some might introduce new concepts and challenges.
-
CSE 365 - Fall 2024
23 Hacking
5 Modules
195 Challenges -
CSE 466 - Fall 2024
14 Hacking
11 Modules
234 Challenges -
CSE 598 AVR - Fall 2024
5 Modules
53 Challenges
Want to use pwn.college in your course? No problem! You can use the videos and slides of pwn.college lectures freely for non-commercial purposes, but please provide attribution! Additionally, if you use pwn.college in your own education program, we would appreciate it if you email us to let us know. Evidence of wide-spread use of pwn.college for education will be a huge help for our various academic careers!
EDUCATORS: If you are an educational institution and are using pwn.college as part of a class, you can import our challenges (or add your own) into your own private dojo for your students! Create your dojo here.
CONFERENCES: If you are running a conference and would like pwn.college presence there (as a form of intense weekend-long training), please email us!
Your Own Dojos — Share With the World!
You can create your own dojo, either hosting your own challenges or remixing existing material! Once created, a dojo can be shared with your friends or students (providing a private scoreboard and curated experience) or made public to the world to appear in the Community Material list above!
Want to add your dojo to the fray? Create it here!
After pwn.college
Eventually, hackers continue their journey beyond pwn.college, becoming certain in their skills, achieving brown belt status (and able to, for example, usefully contribute to the cybersecurity industry and academia), before finally graduating to hacking masters: black belts. But this, unfortunately, must happen outside of the dojo (for now!). Some suggestions:
Capture The Flags (CTFs) are a great way to practice your hacking skills in a fun and ethical way. The most popular way to find upcoming events is at https://ctftime.org. There is also a list of introductory CTFs here. If you are at ASU, feel free to check out and join ASU’s enigmatic hacking club.
Wargames are another great way to practice your hacking skills. Whereas CTFs are short (normally 48 hour) events, wargames are not time-based. You can find a list of wargames at https://github.com/zardus/wargame-nexus.
If you want to get involved with cybersecurity research, but don’t know how, consider joining us for an internship at ASU.
Contributing
The infrastructure powering pwn.college is open source, and we welcome pull requests and issues. Some of the modules are closed-source, because they include source code and solution scripts, but others can be found on github. If you are an educator, or otherwise someone we trust, and are interested in collaborating on the modules themselves, please email us at pwn@pwn.college. Likewise, drop us a line if you are interested in collaborating on the slides!
Greetz
Team work makes the dream work, and the team behind pwn.college is full of dreamers! They are:
- Zardus (Yan Shoshitaishvili) originated the idea, created the initial prototype and many of the challenges, and continues to cajole everyone else into a shared vision!
- kanak (Connor Nelson) made the mistake of signing up to TA an “easy A” course and quickly found himself reimplementing Yan’s insane code into the amazing dojo you see today, along with the creation of many challenges.
- robwaz (Robert Wasinger) for the creation of the Software Exploitation dojo.
- Adam Doupe for helping in the brainstorming of the initial concept and helping develop the pwn.college platform.
- mahaloz (Zion Basque) for contributing ROP challenges and embryoasm to pwn.college.
- Erik Trickel for helping in the development of pedagogical concepts underlying pwn.college.
- redgate, for contributing to embryoasm.
- Pascal-0x90, for contributing to embryoasm.
- frqmod, for contributing embryogdb.
- kylebot, for contributing babyfmt, Kernel Exploitation, and the inaugural Quarterly Quiz!
- ramen, for contributing babyfile.
- zolutal, for contributing babyarch.
- spencerpogo, for contributing Windows support.
- sinamhdv for contributing V8 Exploitation.
Resource Index
We use a lot of different resources and platforms. Here they are!