← foyl Learn / foyl Red / Labs
foyl Red · Labs
Red Labs
Hands-on offensive scenarios against simulated environments. Each lab pairs red team tradecraft with a Blue Team Visibility toggle — see exactly what the defender sees as you execute each technique.
5 labs planned Coming soon
🎯
Labs are in development
Red team labs require a fully instrumented environment with simulated targets, exploit paths, and real-time blue team telemetry. They're being built now — sign up at foyl.io to be notified when they launch.
Planned Labs
In development · Coming soon
Active Directory Attack Paths
Start as an unprivileged domain user. Use BloodHound to map attack paths, Kerberoast a service account, move laterally via Pass-the-Hash, and achieve Domain Admin through a DCSync attack. Full Ficsit Inc. environment with real telemetry generated in Foyl SIEM and Foyl EDR.
BloodHound Kerberoasting DCSync Pass-the-Hash Active Directory
Blue View: shows Event 4769 (Kerberoasting), 4624 (PtH), DCSync in Foyl SIEM live
Coming soon Advanced
~3 hrs
Web Application Pentesting
Methodically attack a vulnerable mock application — SQLi to extract credentials, SSRF to probe internal services, IDOR to access other users' data, and authentication bypass to escalate privileges. Structured around a PTES / OWASP Top 10 methodology.
SQLi SSRF IDOR Auth Bypass OWASP Top 10
Blue View: WAF alerts, application logs, Foyl SIEM web exploit detections
Coming soon Intermediate
~2.5 hrs
Network Recon & Scanning
Build a target network map from scratch using nmap scan types, service fingerprinting, OS detection, and directory brute forcing. Learn when to use stealth scans vs aggressive scans, and how scan timing affects detectability.
Nmap Masscan Service Enum Feroxbuster
Blue View: Foyl NGFW IDS alerts, port scan signatures in SIEM
Coming soon Introductory
~2 hrs
Cloud Penetration Testing
Exploit AWS IAM misconfigurations to escalate from a low-privilege access key to admin, discover exposed S3 buckets, abuse Azure managed identity, and exfiltrate data via cloud-native services. IMDSv1 metadata abuse included.
AWS IAM Azure S3 IMDSv1 Cloud
Blue View: Foyl CASB cloud anomalies, SIEM CloudTrail correlation
Coming soon Advanced
~3 hrs
Social Engineering Simulation
Design and execute a simulated phishing campaign — craft lure pretexts, build an AiTM proxy with Evilginx2, deliver the campaign, capture session cookies, and replay them to bypass MFA. Mirrors the IRON CHIMNEY THREAT-001 scenario from Foyl Learn.
Phishing AiTM Evilginx2 GoPhish MFA Bypass
Blue View: Foyl MailGuard THREAT-001, Identity impossible travel, IRON CHIMNEY in SIEM
Coming soon Intermediate
~2 hrs