Break the cluster.
Own the pipeline
A hands-on offensive lab platform for Docker, Kubernetes, and CI/CD. Real attack chains. Real privileged escapes. Real cluster takeovers.
yes
Learning paths
Three tracks. One mission.
Break out of the box.
Container Escape
Docker.sock exposure, privileged containers, capability abuse, mount escapes, and kernel CVEs. Get to root on the host.
Take the cluster.
Kubernetes Offense
RBAC abuse, etcd exposure, kubelet API attacks, service account theft, admission controller bypass. Cluster-admin or bust.
Poison the pipeline.
CI/CD Compromise
GitHub Actions injection, runner abuse, OIDC trust misconfigs, malicious dependencies, build poisoning. Own everything downstream.
Featured boxes
Sample what's inside.
Sockmonkey
docker.sock · privesc · escape
Privileged
capabilities · cgroup · host-mount
Tiller
helm · rbac · cluster-admin
Anonymous
kubelet · exec · node
Manifest Destiny
admission-controller · supply-chain
Runaway
runc · CVE-2024-21626 · kernel
Pricing
Simple. Honest. Subscription.
Founding member pricing locked for life. No annual surprises.
Free
Sample three starter boxes. Decide for yourself.
- ✓3 introductory boxes
- ✓Community Discord
- ✓Public writeups
Pro
Full access to every box, track, and scenario as they ship.
- ✓All 30+ boxes
- ✓All 3 learning tracks
- ✓Multi-stage scenarios
- ✓Private VPN access
- ✓Official writeups
Team
For internal red teams and consulting shops.
- ✓5 seats included
- ✓Team leaderboards
- ✓SSO + invoicing
- ✓Priority support