foyl · learn

Train on real tools.
No setup required.

Interactive cybersecurity labs and mock security platforms for hands-on analyst training.

5 labs · 10 tools live ~2 hrs each foyl Red →
Engagement Methodology
● Live · Full guide →
1 · Planning & Scoping
2 · Reconnaissance
3 · Scanning
4 · Initial Access
5 · Post-Exploitation
6 · Lateral Movement
7 · Objectives
8 · Reporting
Technique Library
14 ATT&CK tactics · Browse all →
TA0043
Reconnaissance
OSINT, passive scanning, target profiling before active engagement.
TA0042
Resource Development
Building attack infrastructure — domains, C2, accounts, malware.
TA0001
Initial Access
Getting a foothold — phishing, exposed services, supply chain.
TA0002
Execution
Running malicious code on local or remote systems.
TA0003
Persistence
Maintaining access across reboots and credential changes.
TA0004
Privilege Escalation
Gaining higher permissions — local admin, domain admin, SYSTEM.
TA0005
Defense Evasion
Avoiding detection — AMSI bypass, log clearing, living off the land.
TA0006
Credential Access
Stealing credentials — LSASS dump, Kerberoasting, hash capture.
TA0007
Discovery
Mapping the environment — users, shares, trusts, running processes.
TA0008
Lateral Movement
Moving through the network — PtH, PtT, WMI, PSExec, RDP.
TA0009
Collection
Gathering target data — files, emails, screenshots, keylogging.
TA0011
Command & Control
Communicating with implants — C2 channels, beaconing, tunneling.
TA0010
Exfiltration
Moving data out — staged archives, cloud uploads, DNS tunneling.
TA0040
Impact
Disrupting operations — ransomware, data destruction, defacement.
Red Labs
Hands-on offensive scenarios · View all →
Active Directory Attack Paths
BloodHound enumeration, Kerberoasting, DCSync, Pass-the-Hash, Golden Ticket — full domain compromise scenario.
AdvancedComing soon
Web Application Pentesting
SQLi, SSRF, IDOR, XSS, authentication bypass, and privilege escalation in a vulnerable mock application.
IntermediateComing soon
Network Recon & Scanning
Nmap scan types, service fingerprinting, OS detection, and building a target network map from scratch.
IntroductoryComing soon
Cloud Penetration Testing
AWS IAM misconfiguration, Azure privilege escalation, exposed storage buckets, and metadata service abuse.
AdvancedComing soon
Social Engineering Simulation
Phishing campaign design, pretexting, vishing framework, and AiTM proxy setup against a simulated org.
IntermediateComing soon
Offensive Tooling
● Live · Full directory →
Recon & OSINT
Shodan · theHarvester · Recon-ng · Amass · SpiderFoot
Scanning & Discovery
Nmap · Masscan · Nuclei · Nikto · Feroxbuster
Exploitation
Metasploit · SQLmap · Burp Suite · ExploitDB
Active Directory
BloodHound · Impacket · Rubeus · Certipy · CME
Post-Exploitation
Mimikatz · WinPEAS · LinPEAS · Seatbelt · PowerView
C2 Frameworks
Cobalt Strike · Sliver · Havoc · Brute Ratel
Reference
Report writing · cheat sheets
Report Writing Guide
Executive summary, finding structure, CVSS scoring, severity classification, evidence documentation, and remediation guidance.
ReferenceLive
Cheat Sheets
Quick-reference command cards — nmap, hashcat, BloodHound Cypher, AD LDAP queries, reverse shells, Linux & Windows privesc.
ReferenceComing soon