A playable terminal museum for the hacks, incidents, and command-line moments that shaped computing. Every system is a simulation. You sit at the prompt the way the people who lived through it did, and type your way through.
The newest reconstructions in the archive. Open one to read the briefing first.
11 May 2026. GTIG publishes disruption of a mass-exploitation-ready Python zero-day: valid-password session first, second factor skipped via a contradictory trust shortcut in auth flow. Practice the defender read they describe.
May 14, 2026. A threat cluster publishes hundreds of look-alike packages and tampers with restore keys in public workflows. You prove cross-ecosystem reach from CI artefacts.
May 12, 2026. After CVE-2026-31431 mitigations land, one CI worker still shows odd text section mappings. You prove whether fragments of poisoned pages remain mapped in shared address spaces.
Each scenario is a self-contained reconstruction with a briefing, a fake system, and a defensive lesson.
A real terminal renders in your browser via wterm. Commands are scripted; outputs feel real because they were written that way.
Every reconstruction ends with what happened, what was simulated, and what to take back to the systems you actually own.
Every environment is fictional, sandboxed, or historically abstracted. Commands are matched against scripted responses. The filesystem you see exists only inside your tab. Network commands return a polite refusal. There are no real credentials, no real hosts, no exploit code: only the shape of the story, told in the medium it actually happened in.
EmulateHacks exists to teach how incidents look from the inside, so the next one is recognised earlier. Read the full safety note.