Skip to content
OPERATOR TRAINING PLATFORM

Train Across the
Entire Attack Chain.

Browser-based offensive and defensive missions built around real adversary behavior. Investigate evidence, operate tools, submit findings, and develop measurable security skills.

lab.killchainlabs.com

[operator@kc-lab ~]$ nmap -sV 10.0.1.44

PORT      STATE SERVICE  VERSION

22/tcp    open  ssh      OpenSSH 8.9

80/tcp    open  http     Apache 2.4.54

443/tcp   open  ssl/http Apache 2.4.54

3306/tcp open  mysql    MySQL 5.7.40

Enter evidence flag...

Kill Chain Progress

56
Missions Available
7
Security Domains
7
Kill Chain Phases
6
Operator Ranks
Attack Lifecycle

The Cyber Kill Chain

Seven phases of adversary operations. Every mission maps to at least one.

Reconnaissance

Phase 1 of 7
Offensive Objective

Map the target attack surface and gather intelligence

Defensive Objective

Detect enumeration and scanning activity

Tools
NmapShodantheHarvester
Skills
Network mappingOSINTPort analysis
View Related Missions
Mission Tiers

Choose Your Difficulty

Every mission is designed around a specific skill level, from guided introductions to open-ended investigations.

01Recruit

Recruit

Guided workflow with structured hints, clear objectives, and introductory tools. Learn the fundamentals of each domain.

  • Guided step-by-step objectives
  • Structured hint ladder
  • Single-phase focus
Difficulty1–2
Points10–100
Duration20–40 min
NmapWiresharkDevTools
View missions
02Operator

Operator

Multi-stage investigations requiring evidence analysis, terminal work, and cross-phase thinking. Reduced guidance.

  • Multi-step evidence collection
  • Limited hint availability
  • Cross-domain scenarios
Difficulty3–4
Points20–300
Duration45–90 min
Burp SuiteSQLMapMetasploit
View missions
03Elite

Elite

Minimal guidance, multiple attack paths, advanced reporting requirements, and higher evidence thresholds.

  • No hints available
  • Multiple valid solutions
  • Full kill chain traversal
Difficulty5
Points500
Duration90–180 min
Custom scriptsFull toolchainLive analysis
View missions
Browser-Based Labs

Your Entire Lab Runs in the Browser

No disconnected worksheets. No passive video completion. Every mission requires evidence, decisions, and execution.

mission://sql-injection-discovery

MISSION BRIEFING

SQL Injection Discovery

Identify injection vectors in the target web application and extract the database schema.

[operator@kc-lab]$ sqlmap -u "http://10.0.1.44/search?q=test" --dbs

[*] fetching database names

available databases [3]:

[*] information_schema

[*] target_app

[*] mysql

KCL{...}
DEBRIEFAvailable after completion
00:47:23
Receive objective
Launch environment
Investigate target
Collect evidence
Submit findings
Review debrief
Advance profile
Operator Paths

Train for Your Role

Structured progression through domains and kill chain phases aligned to real security roles.

Offensive Operator

Web exploitation, network attacks, privilege escalation

Web App SecurityNetwork Attack/Defense
KILL CHAIN
Difficulty Range: 2–5

Start with web vulnerability discovery

Explore Path

Defensive Analyst

Threat detection, log analysis, incident triage

Network Attack/DefenseMalware Analysis
KILL CHAIN
Difficulty Range: 1–4

Start with network traffic analysis

Explore Path

Cloud Defender

Cloud misconfiguration, IAM abuse, container security

Cloud SecurityCrypto/Auth
KILL CHAIN
Difficulty Range: 2–5

Start with IAM policy review

Explore Path

Malware Analyst

Static and dynamic analysis, reverse engineering

Malware AnalysisReverse Engineering
KILL CHAIN
Difficulty Range: 3–5

Start with basic PE analysis

Explore Path

Web Security Operator

OWASP Top 10, API security, client-side attacks

Web App SecurityCrypto/Auth
KILL CHAIN
Difficulty Range: 1–4

Start with XSS discovery

Explore Path

Threat Hunter

Proactive threat detection, hypothesis-driven investigation

OSINT/ReconNetwork Attack/Defense
KILL CHAIN
Difficulty Range: 3–5

Start with OSINT correlation

Explore Path
Measurable Progression

Track Every Skill You Build

Your operator profile reflects real evidence from completed missions — not hours watched.

CALLSIGN: OPERATOR-7
OPERATOR1,740 / 3,500 pts

12

Missions

4

Domains

5

Phases

KILL CHAIN COVERAGE
R
W
D
Ex
In
C2
AoO
DOMAIN COVERAGE
Network
37.5%
OSINT
25%
RE
0%
Malware
12.5%
Web App
50%
Cloud
12.5%
Crypto
12.5%
RECENT MISSIONS

SQL Injection Discovery

Web Application Security

+180 pts

Network Recon Basics

Network Attack/Defense

+150 pts
RANK PROGRESSION
Recruit0 pts
Analyst500 pts
Operator1,500 pts
Specialist3,500 pts
Expert7,000 pts
Elite15,000 pts

Next Rank: Specialist at 3,500 pts

1,760 points remaining to level up.

* Sample operator profile. Your actual progression is updated instantly as you submit verified evidence in missions.

How It Works

Four Steps. Real Evidence.

Every mission follows the same loop. The browser lab is the center of the experience.

01

Receive the Mission

Read the briefing, understand the target environment, and review your objectives before you begin.

Each mission maps to a Kill Chain phase and security domain.

02

Launch the Environment

Your isolated lab environment starts in the browser. No local configuration needed for browser-based missions.

Environments include terminals, web targets, and analysis tools.

03

Investigate and Submit

Run commands, analyze evidence, and submit findings through flag submission or evidence collection.

Hints are available at a point cost. Each hint reduces your score by 25%.

04

Review the Debrief

Review the mission debrief showing the intended approach, alternative methods, and defensive countermeasures.

Points are awarded, your rank updates, and the next mission is recommended.

Your First Mission Is Ready.

Establish your operator identity, complete Mission 0, and begin building evidence-backed security skills in isolated lab environments.