foyl · learn
Train on real tools.
No setup required.
Interactive cybersecurity labs and mock security platforms for hands-on analyst training.
5 labs · 10 tools live
~2 hrs each
foyl · red
Think like the attacker.
Break the chain first.
Offensive methodology, technique library, and red team tooling for adversary simulation and penetration testing.
Methodology · Tools live
Labs & techniques coming
Blue Team Visibility toggle on all techniques
Interactive Labs
Networking Fundamentals→
TCP/IP, DNS resolution, firewall ACLs, and SIEM network visibility — built around real analyst tooling.
2 hrsIntroductory
Incident Response→
AiTM phishing → credential theft → lateral movement → exfiltration. First alert through incident report.
2 hrsIntermediate
Threat Analysis Fundamentals→
ATT&CK framework, threat actor profiling, malware lifecycle, detection rule writing, and kill chain disruption.
2 hrsIntermediate
Log Analysis & SIEM Queries→
Query live Ficsit Inc. logs, triage an alert queue, and build a detection rule — all inside an embedded Foyl SIEM.
2.5 hrsIntermediate
Vulnerability Management→
CVSS scoring, KEV cross-referencing, asset criticality tiers, patch workflow, and SLA tracking across a realistic asset inventory.
2 hrsIntroductory
Mock Security Tooling
Foyl SIEM→
Log querier, alert queue, correlation rules, investigation workflows.
Foyl EDR→
Process timelines, threat detections, endpoint isolation, threat hunting.
Foyl NGFW→
Traffic monitor, security policies, IPS events, zone config, reports.
Foyl MailGuard→
Email threat detection, BEC prevention, account takeover protection — powered by behavioral AI.
Foyl Identity→
User directory, sign-in logs, identity protection, conditional access, PIM, and device compliance.
Foyl VM→
CVE inventory, CVSS scoring, CISA KEV tracking, asset risk profiles, scan management, and remediation SLA.
Foyl SOAR→
Low-code playbook automation with a visual workflow editor, case management, run history, and 10 live integrations.
Foyl TIP→
Threat intelligence platform — IOC library, actor profiles, campaign tracking, feed management, and pivot & enrich.
Foyl CASB→
Cloud Access Security Broker — app discovery, shadow IT, DLP enforcement, user activity monitoring, and access policies.
Foyl Queue→
Ticketing Platform — kanban board, sprint planning, SLA tracking, subtasks, time tracking, and cross-tool incident linking.