A safe environment
Participants learn inside a permissioned, legal challenge — never by testing unauthorized public systems.
EST. 2004 · UNITED ARAB EMIRATES
The first UAE
Web Hacking
Challenge.
Before the region had a name for ethical hacking, Hack.ae was already teaching it — a legal, hands-on arena where developers, students, and security professionals learned to break systems in order to defend them. Conceived, designed, and coded by Ibrahim Al Mallouhi in 2004.
2004Year launched
16Total levels
2Challenge games
1stIn the UAE
THE FOUNDER
A pioneer before the region
had a word for it.
Ibrahim Al Mallouhi — creator & engineer of Hack.ae
First contest · 18.10.2004
26+
Years in
cybersecurity
cybersecurity
In 2004, Ibrahim Al Mallouhi built the first Web Hacking Challenge in the United Arab Emirates — putting hands-on security education on the map years before "capture the flag" entered the regional vocabulary. More than two decades, and over 26 years in the field, later, the same conviction drives Hack.ae's return: teach people how systems break, so they can build ones that don't.
ABOUT
Security awareness through practical, hands-on learning.
Hack.ae was designed as a controlled web-security challenge. Its objective has always been education — helping people understand common weaknesses inside a safe environment, before those weaknesses appear in live systems.
Web-security focus
The original games covered XSS, SQL injection, weak cookies, parameter manipulation, hidden fields, and HTML-comment exposure.
Progressive difficulty
Each level acts as a gate. You must solve the current challenge before the next one unlocks.
RULES OF ENGAGEMENT
Ethics are part of the challenge.
Hack.ae has always rewarded skill earned the right way. These boundaries keep the contest fair, legal, and genuinely educational.
01No sharing answers, passwords, or walkthroughs.
02No brute-forcing authentication mechanisms.
03No denial-of-service activity against the infrastructure.
04No attacking systems outside the defined level scope.
05Advance only by solving each level with the correct flag.
06Use the knowledge responsibly — only where you have permission.
LEVELS
Two historical games. Sixteen levels.
The level system is presented without publishing legacy solutions. Each card is ready to connect to a CTF backend, scoreboard, or authentication gateway when the live platform returns.
GAME #1
LAUNCHED 18.10.04
Nine-level web-security challenge
A progressive introduction to core web-application risks — moving from discovery tasks toward more complex exploitation logic.
010203040506070809
View historical progress →
GAME #2
LAUNCHED 22.09.05
Seven-level advanced challenge
A second phase built for a more advanced and diverse set of problems, with per-level instructions and hints.
01020304050607
Study the knowledge path →
PLAYERS
Historical participation, archived.
These charts preserve the original impact metrics as a visual archive — the funnel of players who advanced level by level. Swap this for a live scoreboard when the new platform goes online.
Game #1 progression
PLAYERS PASSED PER LEVEL
Game #2 progression
PLAYERS PASSED PER LEVEL
TOOLS
The training toolbox.
The original platform referenced common security utilities. The relaunch presents current, legitimate tooling categories with lab-only usage notes and defensive learning objectives.
Reconnaissance
Network mapping, service identification, and asset inventory in permitted labs.
Web testing
Proxying, request inspection, parameter review, and application behaviour analysis.
Forensics
File analysis, logs, encodings, and evidence handling for challenge investigations.
Secure coding
Input validation, output encoding, authentication design, and session hardening.
KNOWLEDGE
The ethical-hacking learning path.
The foundations that turn a curious player into a capable, responsible security practitioner.
01
Network Security Essentials
Understand TCP/IP, routing, services, firewalls, and secure network design.
02
UNIX & Linux Essentials
Learn shell usage, permissions, processes, logs, and secure administration.
03
Web & Windows Security
Study authentication, session handling, browser behaviour, and platform hardening.
04
Secure Programming
Build defensively: validate input, encode output, handle secrets, and avoid unsafe assumptions.
DISCLAIMER
For authorized education only.
Hack.ae content is provided for security awareness, lawful research, and controlled lab training. Do not test, scan, exploit, or disrupt any system unless you have clear written permission. Users are fully responsible for complying with all applicable laws, rules, and platform terms.