We Just Released 240 Free Cybersecurity Exercises

For the past several months, we’ve been building something that didn’t exist in the format we wanted.

Not another blog series explaining MITRE ATT&CK.

Not another certification-style quiz testing definitions.

Not another lab that requires spinning up infrastructure, deploying agents, and configuring logging pipelines just to practice one scenario.

We wanted something simpler and more honest: repetition. Structured repetition. The kind that builds analytical instincts instead of surface familiarity.

Today we’re releasing it.

240 free cybersecurity training exercises.

They run entirely in your browser. No account creation. No tracking. No cost. Open the page and start.

Why We Built This

Most people encounter cybersecurity in fragments.

You read about persistence. You watch a video about lateral movement. You memorize that T1059 is command execution. You maybe run a lab once or twice.

But real security work doesn’t happen in fragments.

It happens in sequence.

An attacker doesn’t “do a technique.” They pursue an objective. They gain access. They establish control. They expand access. They extract value. And they adapt along the way.

If you want to understand attacks, you have to think in narrative form – not isolated events, but progression.

That’s what these exercises train.

What’s Included

There are two major components.

The first is a set of Scenario Quizzes – 180 exercises total.

They’re divided across Windows, macOS, and Linux. Each operating system has three difficulty levels: Easy, Medium, and Expert. Every quiz contains 20 realistic attack scenarios.

Each scenario walks you through five layers of reasoning. You identify what the attacker is trying to accomplish. You determine the relevant ATT&CK tactic. You isolate the specific technique. You point to evidence that supports your conclusion. Then you anticipate what likely happens next.

That final step is intentional. Many people can identify what already happened. Fewer can predict the next move. Strong analysts can.

The second component is Investigation Simulations – 60 interactive exercises where you take the role of a security analyst responding to an alert.

You’re not given a tidy write-up. You’re given a signal. Something triggered. Something looks wrong.

From there, you choose what to examine first. Process tree? Authentication logs? Network connections? Command-line arguments?

Each decision branches the investigation. If you chase the wrong artifact too early, you’ll feel the friction. If you skip something important, you’ll miss context. When you finish, you see the path you took, the optimal path, and an explanation of where reasoning improved or drifted.

It’s not about speed. It’s about structure.

Difficulty That Actually Progresses You

“Easy” doesn’t mean trivial. The scenarios are realistic across all levels. The difference is how much scaffolding you receive.

Easy provides structured options that help reinforce how tactics and techniques connect.

Medium removes some of that support. You begin recalling, validating, and reasoning more independently.

Expert is fully open-ended. Multi-stage attack chains. Minimal guardrails. The kind of complexity that forces you to slow down and think in sequences rather than labels.

Across all levels, the goal remains the same: develop disciplined analytical thinking.

Who This Is For

If you’re studying for a SOC role, this gives you structured exposure to how alerts unfold and how attackers progress.

If you’re already working in security, the Expert quizzes and simulations are built to stretch your reasoning in areas you might not encounter every day.

If you manage a team, these are ready-to-use exercises you can share immediately. No infrastructure. No onboarding. Just practice.

If you’re simply curious how cybersecurity investigations actually work behind the scenes, this gives you a front-row seat.

Why It’s Free

Because the goal has always been empowerment over dependence. We want to make you capable, not make you reliant on us. Open tools. Clear frameworks. Skills you own.

Everything runs locally in your browser. Your answers aren’t sent anywhere. There’s no backend tracking progress. No account system. Your work stays on your machine.

Security training should build independence, not introduce friction.

Start Exploring

You can access everything here:

• MITRE ATT&CK Quizzes
• Investigation Simulations
• All Training Resources

There’s no required order. Start where you’re comfortable. Move up when it feels challenging. Revisit scenarios later and see how your reasoning changes.

If security is ultimately about understanding behavior, then improvement comes from analyzing behavior repeatedly.

You now have 240 opportunities to do exactly that.