# Hextree > Hextree is a cybersecurity learning platform created by Fabian (LiveOverflow) and Thomas (stacksmashing). > It offers hands-on courses and interactive labs covering topics like hardware hacking, reverse engineering, > web security, mobile security, and more. Hextree provides video-based training courses with interactive labs where learners can practice real-world security skills in browser-based environments. Content is organised into courses, modules, and pages. Standalone labs are also available. You are not just watching videos; you are jumping into integrated labs, hunting for flags, and climbing the leaderboard to validate your skills. Courses include real-world specializations — for example, systematically reverse engineering the Mirai malware, or walking through a complete professional-grade security audit of Stirling-PDF including a real CVE discovery. Access tiers: Free, Foundational, and Specialization. ## Pages - [Home](https://app.hextree.io/) - [Hex Map](https://app.hextree.io/map) - [Labs](https://app.hextree.io/labs) - [Leaderboard](https://app.hextree.io/leaderboard) - [YouTube Map](https://app.hextree.io/youtube) - [About Us](https://www.hextree.io/about-us) ## Hextree Courses Premium micro courses — short, dense, and professionally edited with integrated hands-on labs. ### Web Security Courses: - [Your First Hacks!](https://app.hextree.io/courses/web-intro): Free — We jump right into hacking a website. You will get a first overview over the process of hacking and afterwards you can branch out into the areas that seem interesting to you. - [HTTP Protocol and HTTP Proxy](https://app.hextree.io/courses/web-proxies): Foundational — We are exploring the basics of HTTP by looking at the raw TCP communication. After that we learn how an HTTP proxy works, which helps us understand how modern proxy tools for web hacking work. - [Identifiers and IDOR](https://app.hextree.io/courses/identifiers-and-idor): Foundational — In this course, we will explore different types of identifiers like incremental IDs, UUIDs, slugs, hashes, and their role in web application security. We will discuss how this affects vulnerabilities like insecure direct object reference (IDOR) and what you can learn from IDs about the application itself. - [Web Servers and Databases](https://app.hextree.io/courses/servers-and-backends): Foundational — This course provides a concise introduction to various web servers and the evolution of web applications. It also offers a brief overview of databases, aiming to give a broad understanding of these key technological components without delving into too much detail. - [HTTP Sessions](https://app.hextree.io/courses/http-sessions): Foundational — This course provides a foundational understanding of web authentication technologies. We will learn how server-side sessions can be implemented with cookies or HTTP headers, and how signed tokens work. - [Intro to Automation (Enumerate IDs)](https://app.hextree.io/courses/automation-enumeration): Foundational — Learn how to automate the tedious task of enumerating IDs in web applications using tools like ffuf and Burp, or by writing your own little tools with JavaScript, Bash or Python. - [Stirling-PDF - Complete Security Audit](https://app.hextree.io/courses/stirling-pdf-audit): Foundational — We will go conduct a fictional penetration test against a real web application called Stirling-PDF. We plan the engagement, conduct the security audit and ultimately deliver a report with serious security issues - including the discovery of a real CVE. Labs: - [HexHax Blog](https://app.hextree.io/lab/blogger1-ks): Foundational — Here you can find a basic blog and photo gallery. It's also recommended to have a look at HexHax Blog v2 , which implements similar functionality, but using different technologies. - [HexHax Blog v2](https://app.hextree.io/lab/blogger2-ks): Foundational — Here you can find a basic blog and photo gallery. It's also recommended to have a look at HexHax Blog , which implements similar functionality, but using different technologies. - [My Movie List](https://app.hextree.io/lab/moviedb): Foundational — This is a basic modern web application implementing a movie database. - [Stirling PDF](https://app.hextree.io/lab/stirling-pdf): Foundational — According to the README.md : "This locally hosted web application started as a 100% ChatGPT-made application and has evolved to include a wide range of features to handle all your PDF needs" . Demo user credentials for the lab: demo:demo Grab the source: Stirling PDF v0.20.0 - [VSCode IDE](https://app.hextree.io/lab/vscode): Foundational — This lab exposes two endpoints, the www- and the code- endpoint. The code- URL gives you access to a Linux environment with a VSCode IDE. You can use the IDE to browser the system files, write basic scripts and even access a Linux terminal ( Menu > View > Terminal ). The www- domain can be used to access anything listening on port 80. This means you can also stop the default nginx server and launch another webserver to replace it. service nginx stop php -S 0.0.0.0:80 python3 -m http.server 80 ### Reverse Engineering Courses: - [Binary Ninja Getting Started](https://app.hextree.io/courses/bn-getting-started): Free — Learn the basics of reverse-engineering with Binary Ninja! - [Frida for iOS Fundamentals](https://app.hextree.io/courses/frida-ios-fundamentals): Foundational — Learn the fundamentals of using Frida to instrument and dynamically reverse engineer iOS applications! - [Ghidra Getting Started](https://app.hextree.io/courses/ghidra-quickstart): Free — In this course we are getting started with Ghidra: We'll see how to load our first binary, how to analyze it, and the basics of using the decompiler to reverse-engineer programs! After this quick introduction you will already be able to reverse quite a lot of binaries using Ghidra! - [Reverse Engineering Mirai with Binary Ninja](https://app.hextree.io/courses/reversing-mirai): Foundational — In this course we will reverse engineer the Mirai IoT malware using Binary Ninja. We will look at the obfuscation, network logic and even create a Wireshark dissector to analyse the C&C traffic. ### Android Courses: - [Your First Android App](https://app.hextree.io/courses/first-android-app): Free — In this course we will build a simple Android application. Knowing how to write apps will help you reverse them - and we often need to build PoC applications when trying to verify certain attacks. - [Research Device & Emulator Setup](https://app.hextree.io/courses/research-device-setup): Free — In this course we learn how to setup a basic research environment for analyzing Android applications. We are mainly going to use the official Android Emulator and a physical device. - [Reverse Engineering Android Apps](https://app.hextree.io/courses/reverse-android-apps): Free — In this course we will learn the basics of reverse-engineering Android applications: From fetching APKs from devices to decompiling them this course will allow you to hit the ground running and start reverse engineering some real Android applications! - [Network Interception](https://app.hextree.io/courses/network-interception): Free — In this course we go through different networking interception options. Including SSL interception and special tricks like (ab)using Android VPN features. - [Dynamic Instrumentation](https://app.hextree.io/courses/android-dynamic-instrumentation): Free — In this course we will look at Frida, the dynamic instrumentation toolkit, to explore and patch applications at runtime! - [Intent Attack Surface](https://app.hextree.io/courses/intent-threat-surface): Free — The most important concept to understand the Android app to app communication are the "Intents". In this course we explore the fundamental concepts of Android Intents and delve into various typical vulnerabilities, such as Intent Redirects and Hijack Implicit Intents, and examines the security implications of Deeplinks. - [Android Permissions](https://app.hextree.io/courses/android-permissions): Free — let's look at the Android permission system. How are permissions created and protected? And how can they be used to protect exported components? - [Broadcast Receivers](https://app.hextree.io/courses/broadcast-receivers): Free — While often used for handling system events, receivers are also used for short background tasks. Besides activities, exported broadcast receivers are another important threat surface we have to understand. - [Content- and FileProvider](https://app.hextree.io/courses/content-provider): Free — Android has an interesting feature to share data and files with other apps in a secure way. But this also increases the attack surface and there are a few pitfalls developers run into. In this course we learn how providers work, and how they can be attacked. - [Android Services](https://app.hextree.io/courses/android-services): Free — Learn everything about Android Services you need to know to find bugs. We explore different kinds of services and how to recognise them during reverse engineering. Including basic background services, Message Handler services and full AIDL Services. - [Android (Insecure) Storage](https://app.hextree.io/courses/insecure-storage): Free — In this course we learn everything important around Internal Storage and External Storage. We talk about the changes in recent Android versions and explore a storage related vulnerability in a real application. - [WebViews and CustomTabs](https://app.hextree.io/courses/android-webviews): Free — Android WebViews expose both traditional web threat surface, but also some unique combinations of JavaScript and the Android runtime. Besides WebViews we will also have a look at more modern web integrations called CustomTabs and TrustedWebActivities. - [Bluetooth Reverse Engineering Basics](https://app.hextree.io/courses/android-bluetooth-reversing): Free — With the rise of IoT, a lot of Android applications communicate with Bluetooth devices - in this course we look at reverse-engineering Bluetooth applications, and building our own BLE attack application. - [Android Bug Bounty](https://app.hextree.io/courses/android-bugbounty): Free — Want to break into Google’s Android Bug Bounty programs but don’t know where to start? This course introduces different hunting methodologies, practical techniques, and creative approaches to finding vulnerabilities. ### Hardware Hacking Courses: - [Your first Glitch/Voltage Fault Injection](https://app.hextree.io/courses/fault-injection-introduction): Free — In this course you will learn the basics of performing voltage fault-injection - using the Hextree Faultier & the nRF52832-based GlitchTag! - [Glitching the nRF52 APPROTECT protection (AirTag Glitch)](https://app.hextree.io/courses/fault-injection-nrf52-approtect): Free — In this course you learn how to bypass the nRF52 firmware read-out protection by reproducing LimitedResult's APPROTECT bypass! All you need is a Faultier, a GlitchTag and some jumper-wires! - [Glitching the STM32 (Conference Edition)](https://app.hextree.io/courses/fault-injection-stm32-conference): Free — In this training you learn how to reproduce the infamous wallet.fail glitch used to recover millions from crypto hardware wallets. ## YouTube Courses These courses were originally produced for YouTube. The videos do not match the hextree.io production style and lack the integrated hands-on labs that Hextree courses provide. ### Hardware Hacking Courses: - [Hardware Hacking](https://app.hextree.io/courses/yt-hardware-hacking): Free — Learn about hacking embedded devices and other hardware. - [Glitching and Fault Injection](https://app.hextree.io/courses/yt-hardware-glitching): Free — Glitching or Fault Injection is one of the most interesting and powerful hardware attacks. - [Crypto Wallet Hack - 0xf00dbabe](https://app.hextree.io/courses/yt-crypto-wallet): Free — Researching the security of a crypto wallet product and discovering the 0xf00dbabe weakness. We are going to reverse engineering the electronics and ARM assembly. - [Hacking Nintendo Consoles](https://app.hextree.io/courses/yt-nintendo-consoles): Free — Hacking the Game Boy and Game and Watch from Nintendo ### Web Security Courses: - [Basic Web Security](https://app.hextree.io/courses/yt-websecurity): Free — A course covering some basic topics of web security. - [The History of Cross-Site Scripting (XSS)](https://app.hextree.io/courses/yt-history-xss): Free — Learn client-side web security by exploring the history of Browsers and the first vulnerabilities. Where does the name "XSS" even come from? - [Cross Site Scripting (XSS)](https://app.hextree.io/courses/yt-xss): Free — In this course we cover various XSS examples, for example in Google! We - [AngularJS Sandbox Escape (XSS)](https://app.hextree.io/courses/yt-angularjs): Free — Learn how to do security research on JavaScript frameworks by understanding old sandbox bypasses of AngularJS. - [Reverse Engineering JavaScript](https://app.hextree.io/courses/yt-js-reversing): Free — In this course we are reverse engineering obfuscated javascript code with various tools. - [Invalid Reports and Threat Modeling](https://app.hextree.io/courses/yt-invalid-reports): Free — What is a security vulnerability? We discuss security risks, threat modeling and bug impact. This course is recommended to anybody interested in bug bounty. - [Security Research and 0days](https://app.hextree.io/courses/yt-0day): Free — Various videos about 0days and other types of security research. Including log4shell, GitLab. APISIX and Tomcat. ### Binary Exploitation Courses: - [Linux, Coding and Assembly Introduction](https://app.hextree.io/courses/yt-system-asm-introduction): Free — Taken from the binary exploitation series by LiveOverflow, in this course you get a crash course to linux and assembly - a prerequisite to learn more about system security and memory corruptions. - [The WannaCry Ransomware](https://app.hextree.io/courses/yt-wannacry-ransomware): Free — Learn how to reverse engineer the infamous WannaCry ransomware. - [Buffer Overflows](https://app.hextree.io/courses/yt-basic-buffer-overflows): Free — Learn about buffer overflows. The course starts by exploiting very basic 32bit programs using shellcode and ret2libc, but quickly moves to bypassing ASLR, stack cookies and return-oriented programming (ROP). - [Linux Reverse Engineering](https://app.hextree.io/courses/yt-reverse-engineering-x86): Free — Building on top of basic C programming and assembly knowledge, you will learn how to reverse engineer basic Linux binaries. - [Windows Reverse Engineering](https://app.hextree.io/courses/yt-reverse-engineering-windows): Free — Various examples of reverse engineering windows programs. - [Linux Heap Exploitation](https://app.hextree.io/courses/yt-heap-exploitation): Free — Heap exploitation is closely related to buffer overflows. But instead of overflowing a buffer on the stack, you overflow a buffer allocated on the heap. This course covers the heap challenges from Protostar. - [Sudoedit Walkthrough CVE-2021-3156](https://app.hextree.io/courses/yt-sudoedit): Free — In-depth course about the process of security research and exploit development covering the sudoedit vulnerability CVE-2021-3156. - [Format String Vulnerabilities](https://app.hextree.io/courses/yt-format-string): Free — Besides buffer overflows and other memory corruption vulnerabilities, there are also format string - [WebKit Browser Exploitation](https://app.hextree.io/courses/yt-browser-exploit): Free — In this course we will walk through an example webkit exploit to explain how browsers can be hacked. ### Game Hacking Courses: - [Minecraft:HACKED](https://app.hextree.io/courses/yt-minecraft): Free — Learn hacking in a fun way through a combination of a Let's Play and the exploration of the technical side of Minecraft. - [Pokémon Red and Blue](https://app.hextree.io/courses/yt-gameboy-pokemon): Free — Learn more about Pokémon Red and Blue game glitches by analyzing the Game Boy memory. - [Hacking Unity Games](https://app.hextree.io/courses/yt-devlog): Free — A short module about developing a hackable game. Talking about learning a new skill, multiplayer networking and hacking unity games. - [Pwn Adventure 3 (Game Hacking)](https://app.hextree.io/courses/yt-pwn-adventure): Free — A Let's Play (or Let's Hack?) series of Pwn Adventure 3. It's a unique game because we have to reverse engineer the client and the network protocol. And we develop cheats to fly, teleport and much more! ### General Security Courses: - [Docker and Containers](https://app.hextree.io/courses/yt-docker): Free — Containers are a Linux feature, and in this course we look at how to work with Docker and dig into the internals. How is it implemented? This will help us better understand the possibilities, threatmodel and limitations. - [Career, Community and Culture](https://app.hextree.io/courses/yt-general-education): Free — In this course you can find videos about having an IT security career, how to learn hacking and various other (non-technical) videos. - [Artificial Intelligence and LLM Security](https://app.hextree.io/courses/yt-llm-security): Free — How will the easy access to powerful APIs like GPT-4 affect the future of IT security? Keep in mind LLMs are new to this world and things will change fast and we don't want to fall behind. So let's start exploring the security of LLMs. - [Operating System Security](https://app.hextree.io/courses/yt-system-hacking): Free — Let's explore some other types of system vulnerabilities. For example race conditions or kernel vulnerabilities. - [Learning with Capture The Flag (CTF)](https://app.hextree.io/courses/yt-ctf): Free — This course does not cover CTF solutions, but talks generally about CTFs. - [Basic Networking](https://app.hextree.io/courses/yt-networking): Free — Get a short introduction to (TCP) networking and general networking terminology. - [Code Review](https://app.hextree.io/courses/yt-code-review): Free — Some videos related to reading code. - [Wireless Networking](https://app.hextree.io/courses/yt-wireless-networking): Free — Videos about wireless and mobile networks like GSM and WiFi. - [Smart Contract (web3) Hacking](https://app.hextree.io/courses/yt-web3): Free — Ethereum smart contract hacking. - [Cryptography](https://app.hextree.io/courses/yt-cryptography): Free — Covering various areas of cryptography, including symmetric and asymmetric encryption, hashing and cracking with z3. ## Other Labs - [Devana Game](https://app.hextree.io/lab/devana): Foundational — Devana is an oldschool open source browsergame implemented in beautiful PHP. Source: https://sourceforge.net/projects/devana/ Copyright (C) 2008-2009 Andrei Busuioc The latest version is suffering from a SQL injection issue (https://www.exploit-db.com/exploits/11922), which has been fixed for this lab. The game contains several vulnerabilities which can be exploited to get various flags. Flag locations: In the file /flag.txt The password of the admin A private message sent/received by the flag player Bonus flag in the filesystem root if you get RCE (no known solution) - [Intent Attack Surface](https://app.hextree.io/lab/intent-attack-surface): Free — This Android application was created to showcase various Intent attack surfaces that could be exposed by an Android application. Do not modify or hook the target app. If not stated differently, the intended solution is to develop a malicious attack app. Overview This app offers various challenges to learn about different Android topics. Together with the relevant courses you can learn everything you need to know about Android app hacking: Activity ActivityResult Implicit Intent Deeplink and Chrome Intents Broadcast Receiver Pending Intent Service Content Provider File Provider WebView and CustomTabs Instructions The app displays a list of challenges intended to be solved by attacking the app. The most relevant class to start reverse engineering a challenge is shown as well. To find flags you need to call the success() method by implementing an attack. So when reverse engineering the relevant classes, always look at how success() could be called. If success() gets executed by the correct conditions, the app should display the flag. If not, check the logcat output, the flag should be there as well. For most challenges you should develop an attack app. Changelog v2 New WebView flags 38-41 New app icon Added UI filter for challenges v1 Initial app version with flags 1-37