FAQ · BreachLab

// Contents

What is BreachLab?
How does it work?
What will I learn?
Do I need experience?
How is rank computed?
What are Battles?
Can I publish writeups?
Why might a flag or my points change?
How do I get help?
How can I support BreachLab?
Who is behind BreachLab?

What is BreachLab?

A wargaming platform for offensive security. You learn by doing on real machines with real misconfigurations and real exploitation, not multiple-choice quizzes. Progress is proven by capturing flags, not by watching videos.

How does it work?

Content is organised into tracks (Ghost, Phantom, Specter, Mirage and more), each a sequence of levels. Every level hands you a target: recover its flag, submit it, and bank the points plus any first-blood bonus.

# every level gives you a target. recover its flag.
$ ssh <handle>@<lab-host>   # connect to the box
  ...enumerate · exploit · escalate...
# paste the flag on the level page to score

Targets come in a few shapes:

SSH boxes you enumerate and break out of
Web apps you exploit from the browser or a script
Live PvP arenas where you fight other operatives

What will I learn?

Practical offensive tradecraft, end to end:

Foundations and enumeration
Post-exploitation and privilege escalation
Cloud and container attack paths
Web exploitation
Initial-access techniques

The goal is real-world capability you can apply on an engagement, not CTF trivia.

Do I need experience?

No. Ghost is the foundation track and assumes only basic comfort with a Linux shell.

Later tracks ramp up fast, with zero hand-holding. That is the point. If you get stuck, the community is one message away.

How is rank computed?

Your global score is the sum of validated points across every level you solve, plus first-blood bonuses. Beyond the all-time board, the leaderboard also tracks:

Weekly: points banked this week (Mon to Sun, UTC)
Speedrun: fastest validated full-track completions
First Bloods: the first operative on each level
Top Authors: approved writeups and community stars
Most Active: the busiest operatives right now

Ranks are computed strictly from validated solves.

What are Battles?

Battles is the live PvP arena: King-of-the-Hill Crown Wars where operatives fight to take and hold a box against each other in real time, with its own seasons, champions, and daily runs.

Can I publish writeups?

Yes. After you solve a level you can submit a writeup; once approved it joins the community library and earns you stars and a place on the Top Authors board.

Don't post solutions for unsolved levels outside the platform. Keep the puzzles intact for the next operative.

Why might a flag or my points change?

BreachLab is in early access. Tracks are live but still hardening.

Flags can rotate, levels can be patched, and points can be recomputed after integrity audits. Your validated solves are preserved; only the scoring math is corrected when needed.

How do I get help?

Jump into the Discord and ask in the help forum, or read the rules of engagement. We point you in the right direction. We don't hand out flags.

How can I support BreachLab?

BreachLab is free to play. If you want to help keep the lights on, you can back the project on the donate page. Companies that want to reach the operatives can get in touch on Discord.

Who is behind BreachLab?

BreachLab is built by operators, for operators. The roster of founding operatives lives on the Hall of Operatives. Want your handle on the wall? Clear Phantom or any pro track beyond it.