Solve the Challenges

This website contains a series of security challenges. We do not expect people to finish all of them (although it's great if you do!), they are to gauge strengths/weaknesses as well as interest in security. You can get started by carefully examining the website.

Permitted Scope

Challengers are permitted to attack the server instance of the domain and any ip addresses that this domain is pointed to. This includes anything explicitly called out in the challenges, including port scanning. Prohibited activities include denial-of-service attacks, port flooding, social engineering attacks, or DNS service attacks.

2/2024: This challenge site has been updated to a new version. If you were working on it before 2/1/2024, it will not be 100% the same and you may need to reattempt challenges and/or clear your existing challenge cookie from your browser.

No Spoilers Please

Please do not post public write-ups, we use this site as a way to vet potential new hires and provide exercises for those who want to learn more about security. Creating and hosting challenges takes a fair bit of work and we don't want it to go to waste. If you do feel compelled to do a writeup feel free to send it our way and maybe score an interview.

If you are working on these challenges and are interested in applying for a position at Security Innovation (full time or intern) we would suggest staying away from write-ups. You will miss out on the learning that comes from trial and error and will have a more difficult time in the interview process. Take your time, enjoy the challenges, and best of all, have fun!

We are Hiring

If you had fun with the challenges, you may enjoy working at Security Innovation. To see a list of open positions go to our Career Page

We look forward to hearing from you!