SPECTER

Recon & Initial Access. Four sub-tracks, ~40 levels, ephemeral per-session containers from day one. Specter I is live; II, III, and IV ship in order.

Where operatives stop reading about attacks and start performing them — reconnaissance and initial access, from the open web to the wire, the airwaves, and the human in front of the screen.

Each sub-track is independent — take them in order or specialise. Specter I is live; II–IV follow.

Sub-tracks

I · OSINT — Recon OperativesLive
14 levels

Passive intelligence gathering at professional grade. Multi-engine pivots, source independence, OPSEC discipline, adversarial targets. The only OSINT track that grades operational tradecraft alongside collection.

Enter →
II · Network & WirelessPlanned
8 levels

Initial access through the wire and the air. ARP spoofing, LLMNR/NBT-NS, MITM extraction, network pivoting, WPA2 cracking, evil twin APs, WPA Enterprise downgrade.

III · Defence Evasion & DisruptionPlanned
10 levels

Both sides of the line. DDoS attack and defence, firewall bypass, IDS signature evasion, DNS/HTTPS/ICMP tunneling.

IV · Social Engineering & Human OperationsPlanned
8 levels

The human attack surface. Pretexting, vishing, baiting, USB drops (Rubber Ducky), targeted elicitation, persona ops. Every target is a scripted mark with its own personality, jargon, security awareness level, and detection cues — you craft pretext, run conversation, exfiltrate intel without tripping the alarm. The only wargame track that actually grades social tradecraft.

New here? Start with Ghost or advance through Phantom.