Back to Awareness
AVAILABLE

The Grid — Cybersecurity Training Program

(5)

6-month program · 15 tracks · 148 hands-on challenges

€79.00 €49.00

A structured, narrative-driven cybersecurity program. You are the operator. The breaches are real. Six months of hands-on exploitation in controlled lab environments — from SQL injection fundamentals to cloud breaches and a graduate capstone defending against rival hackers.

1

Product Sku: DOR-AWR-GRID · Cat: Awareness

Share : f 𝕏 in

The Grid is an immersive cybersecurity curriculum framed as an ongoing narrative: over six months you progress as an operator infiltrating fictional financial institutions. The program emphasises hands-on exploitation over lectures, recreating real-world attack scenarios in controlled lab environments — whether you're a seasoned developer or a security enthusiast, you finish as a skilled defender who thinks like a hacker.

MonthPhaseFocusTracksChallenges
1RecruitmentFundamentals: SQL injection, DoS, cryptography428
2RookieBreaking into Solstice Bank; OWASP Top 10 mapping235
3NoviceLive Vaulture Capital breach; mobile/web vulnerabilities214
4IntermediateSocial engineering, phishing, pretexting223
5AdvancedCloud misconfigurations; cryptographic side-channels219
6GraduateFinal capstone: defending against rival hackers122

Featured tracks include Operation Bits n Bites (food-delivery app exploitation: access control, injectable endpoints, weak cryptography), The Human Factor (social engineering against Banco Maximus: reconnaissance, phishing, prompt injection) and Skyfall: Breach in the Cloud (metadata services, IAM roles, secrets management).

Every one of the 148 challenges is catalogued across four areas and mapped to the OWASP Top 10 (2025). Difficulty: 🟢 Beginner 68 🟡 Intermediate 73 🔴 Advanced 7

114
OWASP Top 10
web security (2025 list)
5
LLM Top 10
GenAI security
9
Social Security
people-targeted attacks
20
Attack
offensive tradecraft

Coverage at a glance

OWASP Top 10 (2025) — web security

114 challenges
Included
All ten 2025 categories: broken access control, injection (the largest track), cryptographic failures, authentication & MFA flaws, misconfiguration, insecure design, integrity/deserialization, supply chain, logging, and error-handling side-channels.
You learn
To find and exploit each flaw hands-on — IDOR & SSRF, blind SQL & XSS, padding and timing oracles, broken MFA, deserialization gadget chains — and then apply the server-side defence that closes it.
Why it matters
These are the vulnerabilities behind most real breaches; recognising them in your own stack is the core of secure development and the technical measures NIS2 expects.

OWASP LLM Top 10 — GenAI security

5 challenges
Included
Prompt injection (direct and indirect) and sensitive-information disclosure for AI features.
You learn
That any surface feeding untrusted text into a model can be hijacked, and how indirect vectors — documents, tickets, emails — bypass every user-facing control.
Why it matters
As organisations add AI assistants, an injected model can exfiltrate data or act without the operator noticing — a fast-growing surface most teams have not yet secured.

Social Security — people-targeted attacks

9 challenges
Included
Social engineering, spearphishing and phishing — attacks that target people, not systems.
You learn
To recognise pretexting, craft and spot a tailored lure, and understand why authority and rapport lower defences — plus the verification habits that stop it.
Why it matters
The human element appears in ~68% of breaches and phishing drives 40%+ of initial access; awareness is the control technical tools cannot provide.

Attack — offensive tradecraft

20 challenges
Included
OSINT & reconnaissance, offensive tradecraft, and side-channel attacks — the adversary's playbook around the OWASP list.
You learn
How attackers build a target dossier from public data, weaponise CVEs within hours of disclosure, and reconstruct secrets from timing and behaviour without direct access.
Why it matters
Understanding how an attack begins and hides lets defenders shrink their footprint and detect intrusions far earlier.

OWASP Top 10 (2025) coverage

A01 — Broken Access Control
18
A02 — Security Misconfiguration
8
A03 — Software Supply Chain Failures
1
A04 — Cryptographic Failures
14
A05 — Injection
51
A06 — Insecure Design
3
A07 — Authentication Failures
7
A08 — Software or Data Integrity Failures
5
A09 — Security Logging and Alerting Failures
2
A10 — Mishandling of Exceptional Conditions
5

Each of the six phases ends with a concrete, demonstrable capability.

1
Recruitment — spot and explain core vulnerabilities with working demos
  • Tell encoding from real encryption and reverse weak schemes (Base64, ROT13, ECB) with no key
  • Run blind SQL injection using boolean-, error- and time-based oracles
  • Trigger denial-of-service through catastrophic regex backtracking and resource abuse
2
Rookie — map an app, prioritise risks and brief a team
  • Exploit IDOR and broken access control, distinguishing horizontal from vertical escalation
  • Extract data with UNION-based SQL injection and binary-search enumeration
  • Map findings to the OWASP Top 10 and communicate risk to stakeholders
3
Novice — design and run an ethical exploit workflow
  • Chain web and mobile vulnerabilities into an end-to-end breach
  • Recover secrets stored in client storage, config files and misconfigured vaults
  • Tamper with serialized objects and escalate over-posting toward code execution
4
Intermediate — recognise, exploit and defend against social engineering
  • Assemble a target dossier from open-source reconnaissance
  • Craft a tailored spearphishing lure that reads as a routine message
  • Apply verification and out-of-band confirmation to defeat pretexting
5
Advanced — chain cloud misconfigurations into full organisational compromise
  • Abuse cloud metadata services, IAM roles and secrets management
  • Execute padding- and timing-oracle attacks to recover plaintext and keys
  • Manipulate LLM features through direct and indirect prompt injection
6
Graduate — defend real systems with offensive insight and engineering skill
  • Harden an application against the full attack chain you have practised
  • Integrity-protect and centralise logs to detect and reconstruct intrusions
  • Defend a live system against rival operators in the graduate capstone
An unhandled error has occurred. Reload 🗙