⟁ PHANTOMYERRA
// CAPTURE THE FLAG · OWASP TOP 10
// REQUEST ACCESS — we'll review & set you up
No account? Hit Request Access · default admin: admin / phantom
⟁ PHANTOMYERRA
admin
// WELCOME BACK, OPERATOR

7 OWASP tracks · 70 categories · progressive labs. Real exploitable vulnerabilities — clear all of a track's Top 10 to earn a certificate.

FLAGS
XP
LEVEL
CERTS
STREAK
Platform progress
💡
XP to max rank 👑
XP total · next badge: all badges earned! 🏆
↩ CONTINUE WHERE YOU LEFT OFF
🚀 GETTING STARTED —
// CHALLENGE OF THE DAY
loading…
// CONCEPT OF THE DAY
🔁 Recall: ?
// THIS WEEK IN SECURITY
🔥 flags this week XP 📈 best streak d
// SKILL RADAR
Weakest: · train it →
// ACTIVITY — last 12 weeks
less more
// LEADERBOARD
Capture a flag to join the board.
// RECENT ACTIVITY
Nothing yet — go capture something! 🔥
// BADGES
🦉
// PHANTOMYERRA ACADEMY — your zero-to-hero path

🎓 Become a Pentester

Follow the path top to bottom: learn the foundations, master recon, exploit all 7 tracks, then methodology & reporting. Each lesson ends with a quick check (+30 XP).

// BLACK-BOX DISCOVERY — the real pentester skill

🕵️ Find the Bug

No one tells you the vulnerability here. You get an app and a request console — explore endpoints, probe inputs, notice what's off, and exploit it. This is how real pentesting works.

// REPORTING — the deliverable that gets you hired

📝 Write the Finding

Finding the bug is only half the job. A pentester is paid for the report. Pick a discovered vulnerability and write a professional finding — Title, Severity (use the CVSS calculator), Description, Steps to Reproduce, Impact, and Remediation. A senior-lead reviewer (your AI mentor, or a built-in rubric) scores it 0-100.

// CONCEPT CARDS — understand it in 30 seconds

🧠 Get It Fast

No walls of text. Every vulnerability across all 8 OWASP tracks — each as a real-world analogy, what it actually does, the breach it caused, the fix, and a one-tap "try it." Filter by track below.

🎴
Recall Drill
Match the attack to the scenario — the #1 way to actually remember.
// TOOLBELT — hands-on with the real tools

🧰 Tool Drills

Reading tool output and picking the next move is the real skill. Run a simulated nmap / ffuf / Burp / sqlmap and make the calls a pentester makes.

// ENGAGEMENTS — chain the bugs like a real breach

⛓️ Attack Chains

One bug rarely ends it. Here you chain a small leak → an IDOR → a takeover → a full dump. Each stage's loot unlocks the next. This is how Capital One, USPS & co. actually fell.

// EXAM SIMULATOR — train for the real certs

🎓 Cert Exam Sim

Real certs are timed practicals: capture objectives, then write a report. These mirror eJPT / BSCP / OSCP. Hit the objective count, submit an exec summary, pass.

⚔️
Helping with:
// AI MENTOR — your Socratic hacking coach 🦉
Ask me for a payload, the right tool, a walkthrough, the fix, or a real-world breach — or hit 🪜 Nudge for a step-by-step hint.
💾 Works fully offline — a bundled brain with payloads, tools & methodology for every OWASP class. Add an AI key in Profile for live coaching on top.
🧠 mentor is thinking
On rung /4 ·
// MY PROFILE
IDENTITY
AI MENTOR KEYS (yours only — stored on your account)
✓ AI is ONLINE — · tested ○ AI offline — save a key for a provider and click Test to activate.
BUDDY VOICE 🔊
CHANGE PASSWORD
⚠️ RESET PROGRESS
Want a fresh start? Pick exactly what to wipe — the rest stays. This can't be undone.
// ADMIN · ACCESS REQUESTS

🗂️ Access Requests

Submitted from the login page. pending. Approve to auto-create a user account (you'll get the generated login to share).

No requests yet.
// ADMIN · USER MANAGEMENT
CREATE USER
// MY CERTIFICATES & TROPHIES — clear all 5 levels of a challenge (e.g. SQLi) to win a 🏅 trophy; clear a whole track for a 🎖️ tiered certificate
🏆
No trophies yet. Capture all 5 flags of any single challenge (SQLi, XSS, IDOR…) to earn your first 🏅 Challenge Mastery trophy — then clear a whole track for a Bronze → Platinum certificate.
// 💉 INJECTION LAB — a safe sandbox. Every payload only hits the fake acme DB inside this app. Practice every injection class + the SQL you need.
🎯 / owned
↑ Pick an injection type to start.
// Live SQL console over the fake DB. Practice the real commands — SELECT, UNION, information_schema
// SCHEMA (db: )
// SQL YOU NEED — click an example to load it
// 🐧 LINUX LAB — a safe, fake box. Nothing here is real, so go wild. Practice every command a pentester needs.
⚙️ / commands used 🎯 / missions
// LEADERBOARD — operators
#
Operator
Flags
XP
Certs
No players yet — be the first to capture a flag!
🔐
Cheatsheet Vault
The complete answer key — every lab flag, payload & module key. Enter both access passwords to unlock it for this session.
The second password is today's date and changes every day.
// CHEATSHEET — exact solutions to every challenge on the platform
🔓 Unlocked for this session. ⚠️ This is the answer key — use it to learn, not to skip the fight.
Loading module keys…
// PICK A STATION