RULES · OPS DOCTRINE

A free training ground for real offensive and defensive tradecraft. The labs stay open because operators behave like operators.

Standing Orders

  1. 1
    Respect other operators.

    Harassment, discrimination, or bad-faith conduct gets you removed. No grey area — the community is the asset.

  2. 2
    No spoilers.

    Stuck? Use the per-track help threads on Discord — read the pinned #help rules first. Never drop passwords, flags, or hints in chat; the rooms are mirrored and spoiler tags don't survive.

  3. 3
    Leave the box clean.

    No junk in /tmp, no half-finished payloads in shared dirs. The labs are shared infrastructure, not your scratch space — clean up when you close out.

  4. 4
    No brute force.

    Automated guessing on passwords, flag submission, or SSH ingress is out of bounds. Read the system, don't flood it — we rate-limit and you'll get caught.

  5. 5
    Don't attack the platform.

    The wargames are the target. The web app, host, database, and other operators' accounts are out of scope. Found a real vuln there? DM @ato for a Hall-of-Fame slot.

Writeups · Creators

  1. 1
    Teach technique, never publish answers.

    Writeups and videos are welcome when they teach the method — not the literal password or flag. Share technique-focused content in writeups.

  2. 2
    If it earns, give back.

    BreachLab runs on donations. If content built on our tracks made you revenue, the donate page is right there.

  3. 3
    Credit BreachLab.

    A link back or a name-drop in the description. That's it.

Using BreachLab means you've read these and you're in. No checkbox.