Celebrate the Release of Our 100th PG-Practice Machine

Celebrate the Release of Our
100th PG-Practice Machine

Today we’re beyond excited to announce the release of the one hundredth (100th) PG-Practice machine into our production environment. To celebrate this momentous occasion we’d love to showcase some of the highlights of the PG-Play and PG-Practice labs as they evolved since their inception.



PG-Play began with only 50 machines that were originally submitted by members of the public to VulnHub. The lab itself is free-to-use, with the only requirement being a valid OffSec Platform account in order to obtain access. Through PG-Play and the Offsec Platform, students are able to easily start up and exploit the selected VulnHub machines, without the hassle and system requirements that are oftentimes required to get things operationally locally.

Handpicked VulnHub machines that we believe will make a meaningful contribution to a person’s learning journey are rotated into PG-Play on a quarterly basis, ensuring that the public has new machines to exploit. Those machines that are retired during these updates are moved to a dedicated section in PG-Practice, where users would still be able to access and exploit them.



PG-Practice, the same as PG-Play, started with 50 machines created by OffSec that ranged in difficulty. As in PG-Play, the PG-Practice lab is a safe and dedicated environment where users startup and exploit machines of their choosing. However, updates to PG-Practice are rolled out on a frequent basis to ensure that users are regularly presented with new vulnerable machines that would help them sharpen their pentesting skill sets.

We have also recently initiated the process of retiring vulnerable machines from PG-Practice to make room for new machines that have made their way to the environment via our UGC program. We will go over the UGC program more in-depth later on in this article.

Unfortunately, our older machines have reached the end of their life cycle and will be permanently retired. We might make them available again at some point in the future, however, for now, they’re scheduled to enjoy retirement on a backup device.

Going forward, users will always have 100 vulnerable machines to choose from in PG-Practice and our frequent rotation schedule will ensure that your list of 100 machines will always be updated with the latest and greatest exploits to help you sharpen your skillset.


UGC submissions

The UGC program is a first-of-its-kind open system where members of the public are able to submit their vulnerable machine concepts in exchange for a bounty. Below you can find out how to submit to our UGC page.


The premise is simple:

  • Write down your concept. Paper or napkins would suffice.
  • Gather the required exploits
  • Combine them into either a single free-standing machine or a chain of multiple machines
  • Create the required documentation and build scripts
  • Submit your concept via our website
  • Get paid

We work with the UGC submitters to modify and implement subtle changes that the community loves to see in PG-Practice. Many of the most liked PG-Practice machines were UGC submissions created by the community and we will continue to update the PG-Practice environment with your UGC submissions.

Got an idea for a vulnerable machine? Reach out to our UGC team on our Official Offsec Discord server. We’re always open to new techniques and great concepts!

MrGoodCat – ?