train. hack.
certify.
$ The terminal-native MCQ platform for cybersecurity. Drill real-world questions across forensics, networks, exploitation, and defense — then earn the badge.
// why_hackcert
built for people who actually break things
Terminal-grade UX
A monospace, keyboard-first experience built for people who live in tmux.
Real-world drills
MCQs sourced from CVE reports, SOC playbooks, and forensic case studies.
Instant feedback
Every answer reveals an explanation with citations — learn while you play.
Gamified progress
XP, streaks, skill badges, and a leaderboard that updates in real time.
Multiple domains, growing
Forensics, Linux, Networks, Crypto, Web Exploits, Defensive Ops — and more.
Adversary mindset
Train the way attackers think. Defend the way operators must.
// featured_domains
explore the skill tree
Digital Forensics
Trace artifacts, dissect evidence, and reconstruct the breach timeline.
Linux Basics
Shell, permissions, processes, and the core primitives of every server.
Network Security
TCP/IP, packet inspection, firewalls, and intrusion detection.
Cryptography
Symmetric & asymmetric ciphers, hashing, PKI, and modern protocols.
Web Exploitation
OWASP Top 10, SSRF, XSS, deserialization, and modern bypass tactics.
Defensive Ops
SOC workflows, SIEM analysis, and incident response playbooks.
// signal_from_the_field
trusted by operators
"The only training platform that doesn't feel like a corporate compliance video."
"Hackcert is what I open on my second monitor while waiting for nmap."
"Tight, focused MCQs that actually map to what I review in PRs."
"Finally, memory forensics scenarios that test real volatility2 and volatility3 commands."
"The heap feng-shui diagrams are incredibly detailed. Excellent visual learning."
"TCP handshake and routing questions are brutal but accurate."
"The x86-64 assembly breakdown challenge helped me pass my GREM."
"Packet analysis drills that actually mirror active C2 communications."
"Excellent breakdown of RSA padding oracle attacks and timing leaks."
"The Web Exploit track is gold. Real bypassing techniques, not just theoretical stuff."
"Container breakout scenarios are highly relevant to modern enterprise security."
"Great scenarios covering Kerberoasting, AS-REP roasting, and pass-the-ticket."
"Linux permissions, sticky bits, and SUID checks are spot-on."
"Covers real CVEs. Finally, a platform that knows the difference between log4j versions."
"Kernel debugging and syscall intercept challenges are extremely well-crafted."
"Registry hive analysis and Shimcache extraction drills are top-tier."
"Fast-paced, high-fidelity security drills. Very realistic code reviews."
"Better than standard training. Gamified elements keep me coming back every day."
"Deep dive into AWS IAM privilege escalation paths. Best cloud security quiz out there."
"Pivoting and port-forwarding drills that actually make you think through the routing."
"Excellent coverage of fuzzing methodologies and sanitizers (ASAN/MSAN)."
"Perfect refresher on block cipher modes of operation and initialization vectors."
"Excellent ICMP tunneling and packet fragmentation questions."
"Direct system call loading and process hollowing questions are top-tier."
"Teaches you why standard code patterns fail. Highly practical for dev teams."
"API mass assignment and BOLA scenarios are highly educational."
"Out-of-band SQL injection and blind time-based queries explained beautifully."
"Covers OLE document analysis and malicious macro parsing techniques."
"VPC flow log analysis and S3 bucket policy misconfigurations. Spot on."
"The debugger control flow analysis questions are outstanding."
"Kubernetes RBAC and pod security policy challenges are very detailed."
"Saves us hours of boring training. Our tier 1 analysts actually enjoy these drills."
"Super clean layout and monospace font. Feels like home for command-line junkies."
"The malloc chunk layout questions are phenomenal for understanding heap exploitation."
"Scanning and service enumeration details are accurate. I learned some new flag combos."
"Finally, interactive logs that test if you can spot the subtle SQLi attempt."
"Assembly payload construction challenges are very satisfying to complete."
"The bypass-focused questions help keep my AMSI bypass logic fresh."
"Better preparation for OSCP than reading standard slide decks."
"CIDR calculation and routing table quizzes are fast and perfect."
"The JWT signature bypass and CSRF token leakage scenarios are very thorough."
"Excellent questions on user-to-kernel context switching and security boundaries."
"APT attribution and IOC mapping questions match real-world threat feeds."
"Hardware analysis and firmware reversing topics are very refreshing."
"Great repository security drills. Branch protections and secret scanning."
"Registry event logging and process injection detection questions are high quality."
"Keeps regulatory frameworks practical instead of dry compliance reading."
"Reverse proxy misconfigurations and HTTP request smuggling quizzes are amazing."
"No generic multiple choice questions here. Every option tests a specific edge case."
"Excellent CSV/JSON log parser challenges. Teaches regex and grep speed."
"Sandboxing and anti-analysis detection questions are accurate and up-to-date."
"WPA3 handshake and PMKID capture challenges are a nice touch."
"Helps you memorize Event ID mappings (4624, 4625, etc.) in a fun way."
"DOM-based XSS and CSP bypass drills are modern and useful."
"Understanding memory permission transitions (RWX to RX) is critical. Great quizzes."
"NetFlow analysis and anomaly detection questions are very realistic."
"MD5 collisions, salt-hashing, and GPU attack scaling calculations are solid."
"PCAP challenges are very clean. Teaches you what key fields to look at."
"DNS tunneling exfiltration scenarios are highly realistic."
"IDS/IPS signature syntax drills. Excellent for fine-tuning detections."
"LSA secrets extraction and DPAPI credential bypass questions are great."
"The gamification and daily streaks have motivated my entire SOC team to practice."
"Windows token manipulation and potato exploits are described perfectly."
// faq
questions, answered
? What is Hackcert?
Hackcert is an interactive cybersecurity gamified learning platform. It empowers operators to validate their practical tradecraft in offensive operations, blue-team detection engineering, cloud posture, and AI security through structured multiple-choice questions (MCQs), challenges, and certification preparation.
? What is the Review Loop feature?
The Review Loop automatically isolates questions you answered incorrectly during a quiz run and presents them again at the end of the session. This methodology guarantees you learn from mistakes and master the tradecraft before moving on.
? How are experience points (XP) calculated?
Each correct answer awards baseline XP adjusted by difficulty (Beginner: 10 XP, Intermediate: 20 XP, Advanced: 30 XP). Answering consecutively correctly builds a combo multiplier, which scales your earnings for that round.
? How does the global Leaderboard rank players?
The leaderboard evaluates total lifetime XP accumulated by registered users. Tiebreakers are resolved based on badge counts, streak durations, and correct-answer ratios.
? How is user authentication handled?
We utilize Auth0, an industry-standard, OAuth2-compliant authentication provider. This guarantees secure identity storage, supporting modern Multi-Factor Authentication (MFA) and preventing password-leak vectors.
ready to level up?
Equip yourself with elite cyber defense and offensive maneuvers.