Hackers School Apply

Tracks

Pick the track that matches your current reps, then ship real work every week.

Every track has explicit prerequisites, a bounded weekly loop, and a concrete artifact at the end. You should know what the work looks like before you apply.

Step 01

Place honestly

Starting lower is often the fastest way to build speed and judgment.

Step 02

Submit artifacts

Each track expects solves, PoCs, exploit code, reproducers, or notes that can actually be reviewed.

Step 03

Advance when the work is ready

New levels unlock when the current work is stable and the reasoning is sound, not when the timer expires.

Level 01 Builder

CTF Foundations

Build a reliable operator workflow before touching advanced pwn chains.

Duration 4-6 weeks
Cadence 5-7 hours/week

Convert tutorial-heavy beginners into deliberate problem solvers. The focus is on repeatable habits for recon, hypothesis testing, debugging, and writeups.

Best fit: Best for builders who can already script basic Python and are comfortable in Linux.

Systems practice

  • Python scripting for challenge automation
  • Core crypto and encoding patterns
  • Intro reversing in Ghidra
  • Basic buffer overflow debugging with pwndbg

Challenge loop

  • Daily warm-up micro challenges
  • Two mentor debriefs each week
  • One timed challenge sprint every weekend

Weekly goal

Ship documented solves and helper scripts you can reuse in future events.

Track outcome

Ship your first 25 documented solves and a small helper-script toolkit you can reuse across CTFs.

Level 02 Intermediate

Binary Exploitation

Move from debugger comfort to reliable exploit development under real mitigations.

Duration 6-8 weeks
Cadence 7-9 hours/week

Work realistic binaries with partial mitigations and learn to turn memory corruption primitives into stable proofs of concept.

Best fit: Best for builders who already know ELF basics, pwndbg, and how to read a short exploit script.

Systems practice

  • Stack and heap corruption primitives
  • ROP and JOP chain design
  • ASLR, PIE, and NX bypass strategy
  • Exploit script architecture and reliability checks

Challenge loop

  • Progressive exploit ladders with checkpoints
  • Exploit review rubric on each submission
  • Patch-and-retest exercises to study defense

Weekly goal

Submit stable exploit chains with notes on leaks, gadgets, constraints, and reliability.

Track outcome

Deliver a portfolio of exploit scripts with clear notes on primitives, constraints, and stabilization choices.

Level 03 Advanced

Kernel Fuzzing

Generate, triage, and reduce kernel crashes into actionable research leads.

Duration 6-10 weeks
Cadence 8-10 hours/week

Assemble a working fuzzing lab, tune coverage, and triage meaningful crashes with an emphasis on reproducibility and disciplined root-cause analysis.

Best fit: Best for builders who can navigate Linux internals and want a structured path into syzkaller workflows.

Systems practice

  • Syzkaller setup and corpus tuning
  • Crash triage with KASAN and KMSAN reports
  • Reproducer minimization and flake reduction
  • Responsible issue hygiene for vulnerability research

Challenge loop

  • Lab bootstrapping milestones
  • Weekly crash triage drills
  • Mentor review on root-cause hypotheses

Weekly goal

Ship reproducers, triage notes, and clean crash narratives that survive retesting.

Track outcome

Publish a crash notebook with reproducers, minimization notes, and high-confidence bug narratives.

Level 04 Expert

Kernel Pwn

Turn kernel bug classes into controlled privilege-escalation chains.

Duration 8-12 weeks
Cadence 10+ hours/week

Blend allocator behavior, race orchestration, and mitigation-aware planning to design end-to-end chains rather than one-off tricks.

Best fit: Best for builders who can already triage kernel bugs and want to turn primitives into stable escalation.

Systems practice

  • Race-condition design and trigger reliability
  • SLUB internals and object lifecycle control
  • cred and namespace abuse pathways
  • Mitigation-aware kernel exploit stabilization

Challenge loop

  • Two-week exploit labs with checkpoints
  • Live exploit read-through sessions
  • Hardening retrospectives after each chain

Weekly goal

Ship capstone exploit chains with trigger, escalation path, and post-exploit stability analysis.

Track outcome

Complete a capstone chain that includes trigger, primitive escalation, and post-exploit stability analysis.

Placement note

Foundations is still selective

It is the shallowest track, not a zero-to-one coding course. You still need enough scripting fluency to work independently.

Binary and kernel tiers

Expect reviewed, technical artifacts

Progress in these tracks comes from stronger exploit logic, clearer reproducers, and better debugging discipline.

Capacity

10 founding seats only

Seats stay limited so review quality stays personal and consistent.

Apply

Choose the lane, then apply for the cohort.

If you know where you should start, go to pricing and apply before the first 10 seats fill.

Review pricing Apply from tracks page