Skip to main content
*

We don't sell courses. We sell the infrastructure to become dangerous.

AI-native challenges · Instant lab provisioning · Resume-ready certs · Verifiable skill

STATUSOPERATIONAL
ACTIVE LABS0
FLAGS CAPTURED0
UPTIME0.00%
THE PROBLEM

Yesterday's training is tomorrow's breach

Static challenge platforms recycle the same CVEs for years. Operators memorise walkthroughs instead of building instinct. The threat landscape moves daily — your training should too.

STATIC PLATFORM — STALE FEED
CVE-2019-07082019-05-14

BlueKeep — patched 7 years ago

CVE-2020-14722020-08-11

Zerologon — retired from exams

CVE-2021-442282021-12-09

Log4Shell — every lab uses this

CVE-2021-345272021-07-01

PrintNightmare — memorised

CVE-2017-01442017-03-14

EternalBlue — a decade old

$ status --training-relevanceWARNING: 100% of scenarios last updated > 12 months ago
DUCKYARD — LIVE INTEL
CVE-2026-1337*
CRITICALJust now

Novel auth bypass — AI scenario generated

CVE-2026-1284*
HIGH2m ago

Kernel race condition — live topology

CVE-2026-0847*
CRITICAL14m ago

RCE chain — randomized every session

CVE-2026-0621*
HIGH1h ago

Container escape — ephemeral sandbox

CVE-2026-0399*
MEDIUM3h ago

SSRF pivoting — unique network map

*ready for input
FEATURES
GENAI_ENGINE

GenAI Challenge Engine

Every challenge is procedurally generated. No two scenarios are identical. Adaptive difficulty, infinite replayability.

Unique scenarios
PROVISIONING

Instant provisioning

Sub-second lab deployment. Zero wait times.

<1s
Deploy time
RESEARCH

Research pipeline

Live CVE tracking and exploit development.

24/7
Active feed
ISOLATION

Sandbox isolation

Full VM isolation. No cross-contamination.

100%
Isolated
WHY_DUCKURITY

Why Duckurity

Unlike HTB or THM, we don't rely on static challenges. Our AI generates unique scenarios every time. Unlike OffSec, we don't lock training behind certifications. Sovereign infrastructure, zero vendor lock-in.

UPTIME

Platform uptime

Infrastructure reliability.

99.97%
SLA
THERMAL_VIS
HOW IT WORKS

From zero to operating in four steps

No onboarding theatre. No hand-holding. Deploy, attack, learn, repeat.

4 PHASES
01

Deploy your sandbox

Sub-second provisioning. No VPN, no config files, no waiting.

Sovereign infrastructure spins up an isolated VM with full network simulation. Destroyed on exit. Zero footprint.

02

Face AI-generated scenarios

Every challenge is procedurally unique. Impossible to memorize or share.

Our GenAI engine models real-world attack chains — lateral movement, C2 exfiltration, privilege escalation — with randomized topologies every session.

03

Consume live threat intel

Real CVEs, real exploits, real-time. Fed directly into your training loop.

Continuous research pipeline integrates active vulnerability data so your training reflects today's threat landscape, not last year's.

04

Build on the API

Programmatic access to everything. Lab provisioning, challenge generation, research data.

Automate workflows, integrate with your existing toolchain, or build entirely custom training programs on sovereign infrastructure.

ARCHITECTURE

Isolation by design

Every lab runs inside a Firecracker microVM with its own network namespace. No shared kernel, no cross-contamination, no persistence. Destroyed on exit.

ISOLATION:Firecracker microVM
NETWORKING:Per-instance CIDR
LIFECYCLE:Ephemeral — auto-destroy
OPERATORAuthenticated session
VPN GATEWAYWireGuard tunnel
ORCHESTRATORChallenge engine
FIRECRACKER VMEphemeral instance
ISOLATED NET10.13.0.0/16 CIDR
AUTO-DESTROYZero footprint
UNDER THE HOOD

See the payloads.

Every challenge is a real configuration. Every lab is a real machine. Scroll to decrypt the artifacts that power the platform.

CHALLENGE PAYLOAD
ENCRYPTED
 
 
 
 
 
 
 
 
 
 
 
 
 
yaml · 13 lines · sha256:00000000...
DEPLOY SEQUENCE
ENCRYPTED
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
bash · 15 lines · sha256:00000000...
THREAT INTEL FEED
ENCRYPTED
 
 
 
 
 
 
 
 
 
 
 
 
 
 
json · 14 lines · sha256:00000000...
INTERFACE PREVIEW
DUCKYARD
MALLARD
ACTIVE LABS3
HTB-COMPROMISED-v4
RUNNING02:14:33
CUSTOM-AI-C2-RECON
RUNNING00:45:12
CVE-2026-0847-REPRO
PAUSED01:22:00
CHALLENGE QUEUE7
Privilege Escalation
Network Forensics
Kernel Exploitation

+4 more

RESEARCH FEEDLIVE
CVE-2026-1337*
CRITICALJust now
CVE-2026-1284
HIGH2m ago
CVE-2026-1199
MEDIUM14m ago
*ready for input
LIVE DEMO

Try before you buy

This is a live terminal. Type real commands. See how the platform responds. No signup required.

OPERATOR TERMINAL
SESSION: DEMO
DUCKYARD OPERATOR TERMINAL v2.1.0
Type 'help' to list available commands.
$
TRUST VERIFICATION

Don't trust our marketing.
Verify our infrastructure.

Security claims without evidence are just words. Here are the receipts — operator testimonials, audit posture, and live infrastructure metrics.

OPERATOR FIELD REPORTS

SPECTER
VERIFIED
We retired our previous lab vendor within two weeks. The AI-generated scenarios surfaced gaps our internal red team missed for months.
Red Team LeadFortune 100 Financial
PGP: 7A2B:9C3E:1D4F:8A6B2026-01-18
WRAITH
VERIFIED
Sub-second provisioning changed how I train. I go through 12-15 unique scenarios per session now. Nothing else comes close.
Security ResearcherIndependent
PGP: 4E0C:2D9F:7B1A:3E8C2026-02-03
CONDUIT
VERIFIED
The ephemeral architecture gave our compliance team confidence we couldn't get from shared lab environments. Zero persistence, verifiable destruction.
CISOSeries B SaaS
PGP: 6F4D:0A5B:8C2E:1F7A2026-01-29

SECURITY POSTURE

ENCRYPTION AT RESTAES-256-GCMAll data volumes
ENCRYPTION IN TRANSITTLS 1.3Strict transport security
VM ISOLATIONFIRECRACKERPer-session microVM
KEY MANAGEMENTHSM-BACKEDFIPS 140-2 Level 3
PENETRATION TESTINGQUARTERLYExternal auditor
DATA RESIDENCYEU / USFrankfurt & Virginia

LIVE INFRASTRUCTURE READOUT

SYS.METRICSPOLLING: 5s
MEAN TIME TO DEPLOY0.8s
ENVIRONMENTS DESTROYED (24H)14,291
UNIQUE SCENARIOS GENERATED
CROSS-CONTAMINATION INCIDENTS0ever
SECURITY CLEARANCE

AI-native labs. Resume-ready certs. Verifiable skill — prove it with paths, certificates, and the public leaderboard.

HATCHLING
$0/mo
Recon phase. Get your bearings.
  • *5 lab deploys per month
  • *1 concurrent lab
  • *2-hour sessions
  • *VPN-only connection (no browser terminal)
  • *Community challenges
  • *Public leaderboard
Start free
MALLARD
2 MONTHS FREE
MOST DEPLOYED
$29$28/mo

billed annually at $336

Standard operating procedure.
  • *Unlimited lab deploys
  • *3 concurrent labs
  • *4-hour sessions
  • *1 Persistent Standard Bunker
  • *VPN + Browser terminal
  • *MCP (AI) access — 20 RPM Pro
  • *API access
  • *Priority queue
  • *AI-generated challenges
  • *Advanced analytics
Deploy
APEX
2 MONTHS FREE
$99$89/mo

billed annually at $1068

Full operational authority.
  • *Everything in Mallard
  • *5 concurrent labs
  • *8-hour sessions
  • *1 Persistent Heavy Bunker (4 vCPU, 4GB)
  • *MCP (AI) access — 60 RPM Elite
  • *Custom network topologies
  • *Team management (1 seat)
  • *Dedicated infrastructure pool
  • *Priority support SLA
Request access
CADET.edu REQUIREDSTUDENTS

Academic clearance. Built for students. Unlimited deploys, 2 concurrent labs, 3hr sessions, AI challenges.

$9$8/mo

$96/yr

Verify & deploy
Compare all features →
*

60-DAY MONEY-BACK GUARANTEE

No free trials. Full access from day one. If Duckyard doesn't make you dangerous, get every cent back.

FAQ

Technical questions

Infrastructure, security, and operational details for technical operators.

Stop reading.
Start breaking.

That's already more patience than most script kiddies. Get inside. Break things. Learn something real.

*requesting_access --tier=apex --priority=high
Request access

HATCHLING IS FREE FOREVER · 60-DAY MONEY-BACK GUARANTEE · INSTANT UPGRADES