🛡 Defender Mode

Flip the exercise. Read the CVE, study the exploit, then write a Sigma detection rule. Our LLM grades it against the official solution on five dimensions: syntax, logsource, key indicators, coverage depth, and specificity.

39
Challenges
37
KEV CVEs
5
Grading Dimensions
100
Max Score

Pick a challenge

CVE-2026-1340
KEV CRITICAL

CVE-2026-1340: Unauthenticated RCE in Ivanti EPMM via Bash Code Injection

CVSS 9.8 · Click to attempt →
CVE-2009-0238
KEV UNKNOWN

CVE-2009-0238: Microsoft Excel Invalid Object Access Leads to Remote Code Execution

CVSS 8 · Click to attempt →
CVE-2025-58360
KEV HIGH

CVE-2025-58360: Unauthenticated XXE in GeoServer WMS GetMap Operation

CVSS 8.2 · Click to attempt →
CVE-2021-43798
KEV HIGH

CVE-2021-43798: Grafana Path Traversal - Unauthenticated Arbitrary File Read

CVSS 7.5 · Click to attempt →
CVE-2025-52691
KEV CRITICAL

CVE-2025-52691: Critical File Upload Vulnerability in SmarterTools SmarterMail Enables Unauthenticated Remote Code Execution

CVSS 10 · Click to attempt →
CVE-2026-5281
KEV UNKNOWN

CVE-2026-5281: Google Dawn WebGPU Use-After-Free Allows Sandbox Escape

CVSS 8 · Click to attempt →
CVE-2026-34197
KEV UNKNOWN

CVE-2026-34197: Remote Code Execution in Apache ActiveMQ via Jolokia

CVSS 8 · Click to attempt →
CVE-2026-32201
KEV MEDIUM

CVE-2026-32201: Microsoft SharePoint Server Improper Input Validation Enables Network Spoofing

CVSS 6.5 · Click to attempt →
CVE-2026-3055
KEV UNKNOWN

CVE-2026-3055: Citrix NetScaler Out-of-Bounds Read via SAML IdP Memory Overread

CVSS 8 · Click to attempt →
CVE-2026-33634
KEV UNKNOWN

CVE-2026-33634: Trivy Supply Chain Compromise and Credential Exfiltration

CVSS 8 · Click to attempt →
CVE-2026-35616
KEV CRITICAL

CVE-2026-35616: FortiClient EMS Improper Access Control Leads to Pre-Authentication RCE

CVSS 9.1 · Click to attempt →
CVE-2023-36424
KEV HIGH

CVE-2023-36424: Windows clfs.sys Pool Overflow Enables Kernel Privilege Escalation

CVSS 7.8 · Click to attempt →
CVE-2025-53521
KEV CRITICAL

CVE-2025-53521: Critical Stack-Based Buffer Overflow in F5 BIG-IP APM Virtual Servers

CVSS 9.8 · Click to attempt →
CVE-2025-68645
KEV HIGH

CVE-2025-68645: Critical LFI in Zimbra Webmail Classic UI Exposes Sensitive Files

CVSS 8.8 · Click to attempt →
CVE-2026-1731
KEV CRITICAL

CVE-2026-1731: Critical Pre-Auth RCE in BeyondTrust Remote Support Products

CVSS 9.9 · Click to attempt →
CVE-2025-6018
HIGH

CVE-2025-6018: PAM Configuration Local Privilege Escalation - Console Rights Through Environment Injection

CVSS 7.8 · Click to attempt →
CVE-2024-4577
KEV CRITICAL

CVE-2024-4577: PHP CGI Argument Injection on Windows Enables Remote Code Execution

CVSS 9.8 · Click to attempt →
CVE-2025-14847
KEV HIGH

CVE-2025-14847: MongoBleed - Unauthenticated MongoDB Memory Leak

CVSS 8.7 · Click to attempt →
CVE-2026-21643
KEV CRITICAL

CVE-2026-21643: Critical Pre-Auth SQL Injection in FortiClient EMS 7.4.4

CVSS 9.1 · Click to attempt →
CVE-2025-55182
KEV CRITICAL

CVE-2025-55182: React2Shell - When Server Components Become Remote Shells

CVSS 10 · Click to attempt →
CVE-2025-31125
KEV MEDIUM

CVE-2025-31125: Vite Development Server Path Traversal Vulnerability Exposes Sensitive Files

CVSS 5.3 · Click to attempt →
CVE-2012-1854
KEV UNKNOWN

CVE-2012-1854: Microsoft VBA Insecure Library Loading and Privilege Escalation

CVSS 8 · Click to attempt →
CVE-2025-32432
KEV CRITICAL

CVE-2025-32432: Critical Pre-Auth RCE in Craft CMS via PHP Object Injection

CVSS 10 · Click to attempt →
CVE-2026-33017
KEV HIGH

CVE-2026-33017

CVSS 8 · Click to attempt →
CVE-2024-23897
KEV CRITICAL

CVE-2024-23897: Critical Jenkins CLI File Read Vulnerability Enables Unauthenticated Remote Code Execution

CVSS 9.8 · Click to attempt →
CVE-2026-34621
KEV HIGH

CVE-2026-34621: Adobe Acrobat/Reader Prototype Pollution Leads to RCE

CVSS 8.6 · Click to attempt →
CVE-2026-3502
KEV HIGH

CVE-2026-3502: TrueConf Client Update Hijacking via Missing Integrity Check

CVSS 7.8 · Click to attempt →
CVE-2020-9715
KEV UNKNOWN

CVE-2020-9715: Adobe Acrobat/Reader Use-After-Free Arbitrary Code Execution

CVSS 8 · Click to attempt →
CVE-2025-11953
KEV CRITICAL

CVE-2025-11953: Critical Command Injection in React Native Metro Development Server

CVSS 9.8 · Click to attempt →
CVE-2025-49132
CRITICAL

CVE-2025-49132: Critical Unauthenticated RCE in Pterodactyl Game Server Panel

CVSS 10 · Click to attempt →

How grading works

Syntax

Valid Sigma YAML with required top-level keys (title, detection, logsource).

Logsource

Correct category / product / service pointing at where the attack shows up.

Indicators

Key attack artefacts present (payload patterns, user-agents, file paths).

Coverage

Captures multiple attack paths or only a single specific payload.

Specificity

Tight enough to minimise false positives on legitimate traffic.