What is FoilLab?

FoilLab is a free Capture The Flag (CTF) platform specializing in defensive security scenarios: log forensics, DNS analysis, packet captures, and email threat analysis. All challenges are based on realistic incident response scenarios.

Challenges are designed for SOC analysts, threat hunters, and anyone learning network security. No registration required — just download the challenge files and start investigating.

Rules

  1. Don't share flags publicly. Write-ups are welcome after 7 days.
  2. Don't attack the FoilLab infrastructure — all challenges are solved locally with provided files.
  3. Scores are stored locally in your browser. There is no server-side leaderboard (yet).
  4. Multiple devices? Submit your score on each one independently.
  5. Found a bug or wrong flag? Open an issue on GitHub.

Scoring

Easy100–150 ptsIntro-level log analysis. Tools: basic Linux CLI.
Medium200–250 ptsMulti-step analysis. Requires pattern matching and decoding.
Hard300+ ptsCovert channels, obfuscation, advanced forensics techniques.

Total available: 1000 pts across 5 challenges

Tools you may need

tshark / WiresharkPacket capture analysis
python3Decoding, scripting
jqJSON processing
base64Encoding/decoding
dig / nslookupDNS queries
grep / awk / cutLog filtering

Submit a challenge

Have a realistic forensics scenario to contribute? FoilLab accepts community challenge submissions. Requirements:

  • Original scenario — not from existing CTF competitions
  • Realistic artifact file (pcap, log, csv, etc.) — synthetic data only, no real PII
  • Clear flag in format FOIL{...}
  • A solution write-up included in the submission
Submit via GitHub Issues ↗

Part of the Foil suite

FoilLab is one of four open-source projects in the Foil security suite:

FoilGuard — phishing & typosquatting detection Chrome extension
FoilLab — this platform
FoilVault — local-first encrypted password manager
FoilSuite — project hub at foilsuite.netlify.app
GitHub ↗