Solve Mysteries.
Build Your Cybersecurity Career.

The best way to learn cybersecurity in 2026. Try an investigation right now — no signup needed.

§ try a case · no loginbeat 01 of 03
Case № 03 · Dwake vs. Present · opening
Dwake vs. Present

Two hip-hop artists, Dwake and Present, are in the middle of a feud. After long-stewing tensions, Dwake struck first with a diss track. Present's label hired someone to retaliate.

Your homeboy in the cyber underground passed along a tip. Someone at IP 18.66.52.227 was poking around OWL Records' website in early April. You're the security analyst. Pull the traffic.

Four rows. Someone really was in there, clicking around your website.

Look at what they were searching. They hit Dwake's profile. They pulled his email. But look at the search queries and you'll see the operator has opinions. Strong ones. They couldn't help typing them into the search bar.

There's one row in particular.

Right. The operator was wondering why Dwake's music is so trasshhhh. They typed it into your search bar. Hackers have opinions too, apparently.

But this wasn't just petty. Go back to Dwake's verse.

Exhibit B · diss track, bar 2 & 5
"Got the Washington name from my mom's side, son..."
"Used to play with little Fluffy, now I'm runnin' with the wolves..."

To reset a password at OWL Records you answer two security questions: mother's maiden name and childhood pet's name. Dwake rapped both answers on the record.

Scroll to the bottom of the results. The operator used those exact words.

You caught it.

The password-reset URL contains answer_1=Washington and answer_2=Fluffy. Dwake phished himself on his own diss track.

That's the whole KC7 habit: the evidence is always in the data, the data always tells a story, and once you see it, you can't unsee it. The full case has thirty more questions like this.

Question 1 · 10 pts
Run the query on the right. How many rows came back?
Azure Data Explorer › owl_records
Query
// tip from the homie: someone from this ip was poking the site
InboundNetworkEvents
| where timestamp between (datetime("2024-04-10") .. datetime("2024-04-11"))
| where src_ip has "18.66.52.227"
Results
// click "Run" to execute

Investigate Real Breaches

Choose a case and start hunting. Each investigation teaches you real skills used by professional security analysts.

START HERE — NO LEVEL REQUIRED
A Rap Beef: An Intro to Security Investigations
Beginner50 min
A Rap Beef: An Intro to Security Investigations

Great for first time KC7 Players! You don't need any cybersecurity experience to do this module!...

Play Now
A Scandal in Valdoria: A Political Mystery
Beginner400 min
A Scandal in Valdoria: A Political Mystery

A renowned newspaper, The Valdorian Times 🗞️, publishes an unauthorized article accusing the...

Requires Level 1
CloutHaus: Social Media leads to Compromise
Beginner240 min
CloutHaus: Social Media leads to Compromise

Afomiya Storm is a rising social media influencer who just landed a new role at CloutHaus. A...

Requires Level 1
Cowboy Couture: A Steampunk Space Adventure
Beginner1080 min
Cowboy Couture: A Steampunk Space Adventure

Celestial Cowboy Couture: A Steampunk Space Adventure Step into the wild world of Celestial...

Requires Level 1
Browse All Games

Choose Your Career Path

Follow structured learning paths designed around the skills real security teams hire for. Each path includes hands-on investigations and leads to a professional certificate.

Security Analyst I

As a Junior Security Analyst, you will learn how to identify basic signs of compromise and turn investigative questions into basic queries. We will walk you through every step of the investigation, teaching you how to form a hypothesis, follow evidence, and think through an attack systematically.

6 modules ~17 hours
Explore Path

Security Analyst II

As a Security Analyst II, you will begin to apply common external datasets and tools to enhance your investigations. You will start running investigations with less guidance, connecting evidence across systems and making your own calls about when to dig deeper versus when to move on.

7 modules ~43 hours
Explore Path

Security Analyst III

As a Security Analyst III, you will take alerts or indicators of compromise at any stage of the kill chain and map out full compromises. With minimal direction, you will lead complex investigations, recognize patterns quickly, and adapt when things get complicated.

7 modules ~136 hours
Explore Path
View All Career Paths

Top Investigators

Join 129,674 players competing on the global leaderboard

RankInvestigatorScore
🥇
SentinelSentinel
206,327points
🥈
david1a2a3adavid1a2a3a
206,327points
🥉
Eag13Eag13
206,327points
4
Aurelia Dumitru (Data Protection /WCP3)Aurelia Dumitru (Data Protection /WCP3)
206,290points
5
kat_xryskat_xrys
206,082points
🔥
Steve3141
229 day streak
🔥
vilchez23
176 day streak
🔥
PapyBaba
156 day streak
View Full Leaderboard

See KC7 in Action

Watch how investigators hunt down attackers in a real KC7 case

Trusted by cybersecurity professionals worldwide

100K+

Analysts Trained

3M+

Questions Answered

200+

Events Hosted

100%

Free To Play

Trusted by Security Professionals

Real results from real people who've used KC7 to launch their cybersecurity careers

"I found out about KC7 through a speaker presentation that was given at my school, and it has been nothing short of life-changing. I love how accessible it is, and how it breaks down complicated cyber topics into digestible, fun and engaging labs! It is because of KC7 that I've gotten into the cybersec field, so thank you for making such an incredible tool."

Clarisa Ortega
Student

"KC7 makes it easy for entry-level analysts, hobbyists, and managers to dive into the weeds so that they not only build skills but they also have an understanding of what goes on behind the scenes in cyber. Plus... it's FUN!"

Jeff Krakenberg
Security Researcher

"KC7 took my interest in cybersecurity and turned it into an obsession, all while offering a fun way to grow my skills to support investigations in the real world. It's the platform, and community, that has had the single greatest impact on my professional skillset. I can't thank the team enough for making this so accessible!"

haxo1ot1
Security Analyst

"KC7 allowed me, someone with no technical background, to experience what it’s like to be an investigator and fight for the blue team in a gamified, engaging way. The modules quickly became the highlight of my day. I’d spend hours getting lost in the logs, researching techniques, and catching the cultural references — all while genuinely having fun. I was so focused on “playing the game” that I didn’t even realize how much I was learning. Fast forward less than six months from being introduced to KC7, and I found myself working in a real SOC!"

Trey Hopkins
Cybersecurity Specialist

"When people ask about getting skills to work in cyber, I recommend they use KC7. When I feel like I need to brush up on my skills, I use KC7. I know no other platform with this amount of content available and so practical. I confidently tell people that if they use KC7, they'll have confidence in their own skills that they need to get into cybersecurity or advance in their career."

Squib
malware analyst, contributor

"KC7 has played an incredible role in my transition into cybersecurity. The platform gave me hands-on experience investigating realistic cases like ransomware, lateral movement, and brute-force attacks, all while learning to use tools like VirusTotal and CyberChef. Adding KC7 to my resume has also been a huge plus, it comes up in interviews all the time, and people love hearing about it. I highly credit it for the offers I’ve received. Overall, it’s helped me feel confident that I belong in this field and has truly fueled my passion for cyber."

ethiocipher
Read More Stories

How It Works

KC7 is a game that teaches cybersecurity. You investigate realistic breaches by analyzing actual logs and data. No textbooks, no lectures. Just real investigations.

1

Get a Real Scenario

You're dropped into an actual breach. A company's been hacked and needs your help. Read emails, check login records, and investigate suspicious files to figure out what happened.

2

Follow the Evidence

We guide you through analyzing the data using KQL, the same query language used at top companies. You'll spot phishing emails, trace suspicious logins, and track down attackers.

3

Solve the Mystery

Answer questions to prove what happened. Each solved case builds your investigative instincts. After a few cases, you'll start to think like a professional SOC analyst.

Common Questions

Do I need cybersecurity experience?

No. KC7 starts from scratch. If you can read and click, you can investigate. We explain every concept as you go. No prior knowledge of cybersecurity or coding required.

How much does it cost?

For players? Free. Always. KC7 is a nonprofit dedicated to making cybersecurity education accessible to everyone. If you can donate, it helps us reach more people.

How long does a case take?

Beginner cases take 30-60 minutes. Intermediate cases take a few hours. Professional-level investigations can take days to fully complete. You can pause and resume anytime. Your progress is saved automatically.

What will I actually learn?

You'll develop both tangible technical skills and intangible judgment skills. On the technical side: how to query logs with KQL, spot phishing attacks, track malware, and investigate suspicious activity. On the judgment side: pattern recognition, investigative reasoning, and knowing when to dig deeper or move on. This is the secret sauce that most people don't get until years into their career. View full curriculum

View All FAQs

Educators & Corporate Trainers

Host your own KC7 event for students or security teams. No cybersecurity expertise required. The platform handles everything.

Host an Event

Latest Insights

Stay updated with cybersecurity trends and KC7 news

KC7 Foundation Honored with Fayette County Public Schools 2025 Golden Apple Award
September 15, 2025
KC7 Foundation Honored with Fayette County Public Schools 2025 Golden Apple Award

KC7 Foundation is proud to announce that it has been awarded the by Fayette County Public Schools FCPS , recognizing...

Read More
Making the most of KC7
September 02, 2025
Making the most of KC7

Dear New KC7 Player, Welcome to KC7. We re glad you re here. Starting your cybersecurity journey can feel exciting...

Read More
KC7 Inducted into Microsoft Garage Wall of Fame!
April 10, 2025
KC7 Inducted into Microsoft Garage Wall of Fame!

We re excited to announce that , our gamified cybersecurity training platform, has been inducted into the...

Read More

Powered by the KC7 Foundation

Used worldwide by schools, community orgs, and professionals.

Sponsors

Patriot Consulting Technology
Corporate Sponsor
Microsoft
Technology Partner

Community Partners

Women In Cloud
Community Partner
Blacks In Cyber Conference
Community Partner
GirlSecurity
Community Partner
Become a Partner

Join our mission to make cybersecurity education accessible

Learn More

Ready to Start Your Investigation?

Join 100,000+ people building real cybersecurity skills. Your first case takes just 60 seconds to start.

No Installation Required • Works in Any Browser • Free Forever