Train against
real attacks.
Weekly CTF challenges based on network forensics, phishing infrastructure, DNS abuse, and IoT exploits. Every challenge ships with a full write-up.
— challenges
Silent Channel
Your SOC team has detected unusual DNS traffic originating from a single internal workstation. A raw DNS query log has been captured from the network gateway. Your job: figure out what data is being sent out — and how.
Phantom Heartbeat
A corporate HTTP proxy captured outbound traffic from the internal network. Analysts spotted a host sending unusually regular requests to an unknown external server. Find the beacon, decode the data it leaks, and submit the flag.
Ghost Protocol
A network tap captured DNS traffic from a compromised workstation. The IDS flagged abnormally high response TTL values with no apparent cause. Something is hiding in the numbers.
Mail Trap
An employee in the finance department received an email claiming to be from the company CFO requesting an urgent wire transfer. The SOC team captured the raw SMTP conversation. Find out what was really sent.
Brand Impersonator
A threat intel feed captured 72 hours of suspicious domain registrations. Multiple brands are being impersonated. Identify the phishing infrastructure, map the campaign, and extract the operator's mistake encoded in the kit metadata.
FoilLab is the challenge platform for the Foil Security Suite. Challenges are based on attack patterns that FoilGuard detects — so you can see exactly how defenders think about the same threats.
- FoilGuard ↗ — browser extension
- FoilLab — CTF platform (you are here)