## about
About FoilLab
What is FoilLab?
FoilLab is a free Capture The Flag (CTF) platform specializing in defensive security scenarios: log forensics, DNS analysis, packet captures, and email threat analysis. All challenges are based on realistic incident response scenarios.
Challenges are designed for SOC analysts, threat hunters, and anyone learning network security. No registration required — just download the challenge files and start investigating.
Rules
- Don't share flags publicly. Write-ups are welcome after 7 days.
- Don't attack the FoilLab infrastructure — all challenges are solved locally with provided files.
- Scores are stored locally in your browser. There is no server-side leaderboard (yet).
- Multiple devices? Submit your score on each one independently.
- Found a bug or wrong flag? Open an issue on GitHub.
Scoring
Easy100–150 ptsIntro-level log analysis. Tools: basic Linux CLI.
Medium200–250 ptsMulti-step analysis. Requires pattern matching and decoding.
Hard300+ ptsCovert channels, obfuscation, advanced forensics techniques.
Total available: 1000 pts across 5 challenges
Tools you may need
tshark / WiresharkPacket capture analysispython3Decoding, scriptingjqJSON processingbase64Encoding/decodingdig / nslookupDNS queriesgrep / awk / cutLog filteringSubmit a challenge
Have a realistic forensics scenario to contribute? FoilLab accepts community challenge submissions. Requirements:
- Original scenario — not from existing CTF competitions
- Realistic artifact file (pcap, log, csv, etc.) — synthetic data only, no real PII
- Clear flag in format
FOIL{...} - A solution write-up included in the submission
Part of the Foil suite
FoilLab is one of four open-source projects in the Foil security suite:
FoilGuard — phishing & typosquatting detection Chrome extension
FoilLab — this platform
FoilVault — local-first encrypted password manager
FoilSuite — project hub at foilsuite.netlify.app