Labs

The SecureFlag Catalog has a range of Labs across different technologies, enabling participants to identify challenges and explore the vulnerability types in technologies and programming languages that best suit their needs.

Each Lab consists of exercises that explore applications with real-world vulnerabilities. In our Labs, participants can identify security flaws and write effective patches in a variety of different programming languages.

Lab Setup

Labs are categorized by their respective technologies. By selecting a technology, you can access the list of Labs contained within.

Lab Difficulty

Each Lab has an assigned difficulty level:

1. Beginner
2. Intermediate
3. Advanced
   

For each Lab you complete, you will be awarded Points and a Trophy. You are only awarded points the first time you solve a Lab. However, you can run the exercise again if you want to practice further.

Lab Status

Labs also have a Status tag associated with them that will change according to your progress:

1. All Labs initially have the tag Not Started.
2. If you started a Lab but were unable to complete it, the Status will be set to Not Solved.
3. If you successfully complete a Lab, the Status will be updated to Completed.
   

How to Run a Lab

Step 1:

To access a Lab, navigate to the Labs section by clicking on the Labs button in the navigation bar on the left.

Step 2:

Select a technology in the catalog or search for a specific Lab using the search bar.

Step 3:

Inside each technology, you will find a list of available Labs. Find the Lab you would like to attempt and click on the Run button to open the Lab page.

Step 4:

The Lab page contains a description of the Lab, as well as its duration, difficulty level, the number of points, and trophy awarded upon successful completion. In addition, there are two buttons on the right side of the page: Learn more and Run Lab.

Click on the Learn more button to access the vulnerability knowledge base, which provides more details about the vulnerability and best practices to resolve it.

Once you are ready, click on the Run Lab button to initiate the Lab.

Note: The vulnerability info will also be available inside the Lab for your reference.

Step 5:

After clicking the Run Lab button, the platform will take a few seconds to prepare the Lab, after which a Launch button will appear. Click on the Launch button to enter the Lab.

Note: The Lab’s timer will start once you click the Run Lab button.

How to Navigate the Lab Interface

The virtual Lab interface will appear shortly after launching. The key elements of the interface are:

1. Each Lab is split into four stages: Scenario, Setup, Hack, and Remediate. These stages are displayed in the top-left corner of the screen.
   
   
2. At each stage of the Lab, you will be provided with instructions about the Lab, a Continue button to move to the next stage, and the functionality to check your changes along the way.
   
   
3. A timer will be displayed in the bottom-left corner of the screen, indicating the remaining time you have to complete the exercise.
   
   
4. A major portion of the screen will be populated with your virtual desktop, simulating a developer environment.
   

1. You can copy and paste content from within the Lab environment and also paste content from outside the Lab interface into it, but not vice versa:
   

1.   Within the Lab interface, you can use copy-paste content and text. To do so, navigate to the top URL bar and click on the clipboard symbol.
   

1. Ensure that the Continue allowing this site to see the clipboard option is selected, then click Done.
   

For more information on how to enable clipboards in different browsers, check out this section.

Step 1:

The first Scenario stage provides the description of the exercise, as well as its duration, difficulty level, and score.

You can click on the highlighted text in the “Learn More about…” section to access the vulnerability knowledge base, which provides more details about the vulnerability and best practices to resolve it.

You can then move on to the Setup stage by clicking on the Continue button.

You can always come back to access the content of a stage you have worked on previously.

Note: The stage number will change from 1 to a Blue tick, indicating you have completed this stage.

Step 2:

Follow the Setup stage instructions to run the code and start/run the vulnerable application. Once the vulnerable application or code has begun, click on the Continue button to progress to the Hack stage.

Step 3:

While this stage is optional, we highly recommend that you try to execute the steps to exploit the vulnerability. It will give you a better understanding of the attack from an adversary’s perspective.

Read the instructions in the Hack stage to learn how to execute the hack. If you get stuck along the way, hints are available to point you in the right direction. To read a hint, click on the Free Hint button.

Once you have successfully exploited the vulnerability, click on the Continue button to move on to the Remediate stage.

Note: Points are not deducted when using hints in the Exploit stage.

Step 4:

Read the instructions in the Remediate stage to know which code changes you need to make. If you get stuck along the way, hints are available to point you in the right direction. To read a hint, click on the Hint button.

Note: Points will be deducted when using a hint during the Remediate stage.

Once you have made the necessary changes, run the code again as per the instructions in the Setup stage, and then click on the Continue button.

Step 5:

If your changes have fixed the vulnerability, the stage number changes from 4 to a Blue Tick, and a popup window will appear, indicating that you have successfully completed the Lab.

From here, you can click on Stop Exercise to be taken back to the Completed Labs page, or you can click on Cancel to close the popup window and then test the hack to see how your changes have fixed the vulnerability.

To exit the Lab, you can either click on the Continue button in the Remediate stage or click on the Power Button located in the bottom-left corner of the screen.

Step 6:

If your changes to the code have not fixed the vulnerability, a status message will appear, indicating the code is still vulnerable.

The Lab will alert you if your changes have broken any functionality. If this is the case, a Broken Functionality message will be displayed with an option to restore the code to its initial state.

When you click on restore, you will be requested to close and reopen the IDE. On reopening the IDE, you will be presented with the code from the beginning of the Lab.

You can now try to fix the vulnerability again.

Important: In the event you Restore your code, stage numbers 2 and 4 will change into a Red cross, indicating that the code is not running. You must first complete stage 2 Setup then move to stage 4 Remediation.

How to Access the Vulnerability Info of a Lab Inside a Lab

You can access the vulnerability info for the Lab you are currently in by clicking on the highlighted text in "Learn More about..." at the end of the Scenario stage in a Lab.

How to Save a Lab for Later

You can save your Lab to run it later.

1. Select the Lab which you want to save for later.
2. Click the small clock icon to save the Lab.
   

1. Then you will get a popup saying “Saved!”
   

1. You can find the saved Lab in the “My Activities” page under the “Saved Activities” section.

1. You can remove the Lab from saved activities by clicking the “Remove” button.
   

How to Share a Lab

If you would like to share a particular lab with someone, you can do it by clicking the share icon next to the save icon.

Then, you can see a popup saying, “Link copied to clipboard.” Later, you can share the copied link to share the lab.

Browser Compatibility for Lab Clipboards

The copy/paste clipboard in the Lab is compatible with Chromium-based browsers. We recommend running the Labs in Chrome, Opera, or Microsoft Edge.

Enabling Clipboard Within Google Chrome and Microsoft Edge

1. The first time you run a Lab, you will be presented with a request to access your clipboard. Click on Allow.
   
2. You should see a small clipboard icon in the URL address bar.

Enabling Clipboard within Opera

1. The first time you run a Lab, you will be presented with a request to access your the clipboard. Click on Allow.
   
2. You should to see a small clipboard icon in the URL address bar.
   

Using Clipboards on Browsers not Based on Chromium

When running Labs on browsers that are not based on Chromium, for example, Firefox, you will have space on the right of the screen dedicated to copying and pasting content within the Lab.

1. Firstly, the Lab will open with a message, letting you know that native copy and paste functionality is not supported within the browser.

1. To access the clipboard, click on the clipboard icon located on the bottom left of the screen above the power button.
   

1. A clipboard will appear on the left of the screen, where you can place the content you wish to paste into the Lab. Once you close the clipboard, you can paste into the Lab.
   

To add more content, simply click on the clipboard icon located in the bottom left of the screen.

How to Extend the Duration of a Lab

Note: This feature is not available during tournaments.

The SecureFlag Platform allows you to extend the duration of the Lab, giving you more time to complete your Lab without interruption.

Step 1:

When the Lab reaches the last 6 mins, a pop-up will appear in the top right corner.

Note: The pop-up will only appear once.

Step 2:

You can then click on the countdown timer at the bottom left corner to extend the Lab by 10 minutes.

Note: This can be repeated whenever the timer falls below 6 minutes.

How to Check Lab Results

Step 1:

After completing a Lab, you will be redirected to the Completed Labs page.

The page is presented in a tabular format with the following columns: Lab, Technology of the Lab, Date/Duration of the Lab instance, Score for the Lab completion and the Status of the Lab instance.

Note: This status is different from the Lab Status described in Lab difficulty.

Step 2:

Click on the View Results button in the last column. You will be directed to the bottom of the page, where you will find three tabs:

1. Results tab:

1. Here, you will be presented with some brief information about the completed Lab.
2. You can check the changes you made to the code by clicking on the Source Code Diff button.
3. You may also view the Lab solution by clicking on the View Solution button. This button will only work if the status of the results is Not Vulnerable.
   

1. Hints tab: The Hints Tab displays the hints you used when you were trying to hack the application and when you were trying to fix it in the Lab.
   

1. Lab Flags tab: The Lab Flags Tab contains the exploit and remediation instructions presented inside the Lab.
   

How to Filter for a Lab

The SecureFlag Platform has a plethora of Labs and Learning Paths. To ensure our users find what they are looking for, we have filters set up on the pages.

Step 1:

Navigate to the Labs section by clicking on the Labs button in the navigation bar on the left.

Step 2:

You can search for any Lab by entering its title into the search bar, or you can access more filters by selecting the Browse button located under each technology type.

Step 3:

Selecting a technology that you are interested in will present a table of available Labs for the selected technology.

You are presented with a page that allows you to filter Labs by Technology, Lab Type, Difficulty Level, Status, and relevant Frameworks in the selected technology.

How to View Assigned Activities

Your Team Leader might want to concentrate on certain vulnerabilities to establish baseline security measures. In this case, they can assign Labs and Learning Paths to you. These tasks can have a due date.

Step 1:

You can view the exercises assigned to you by clicking on the “All Assigned Activities” on the Dashboard or the “My Activities” button on the Platform header.

Step 2:

In the My Activities page, your activities will be presented in a tabular format, with a Start button in the last column allowing you to commence the activity.

Additional information concerning the assigned activity will also be visible, such as the Type, i.e., whether it is a Lab or a Learning Path, the related technology, the level of Difficulty, the Due Date if there is one designated, and the current Status of the activity.

Also, reminder emails will be sent to remind you of the upcoming activities and their corresponding due dates.

You can view your completed Activities by clicking the "Show Completed Activities" toggle switch.

Then, you can view your incomplete assigned activities by clicking the "Hide Completed Activities" toggle switch.

• Related Articles

• Achievements

  Hard work pays off! Click on the Achievements button in the left navigation bar or click on the All Metrics button on the far right of the Competency Metrics section in the Dashboard to view your trophies and certificates. Once you complete a ...

• Frequently Asked Questions (FAQ's)

  Labs Is the Hack phase mandatory? No, the Hack phase is optional. You can choose to skip it and continue with the rest of the exercise. Does my solution need to match the expected one exactly? No, your solution does not need to be identical to the ...

• Tournaments

  This feature is available exclusively on the Enterprise Plans. Learn more. A tournament is a time-boxed challenge where participants will compete against each other to raise security awareness throughout the organization by completing a series of ...

• Support

  If you're struggling with a Lab and have been unable to find a solution after multiple attempts, we are here to help. You can get in touch with the Support team for assistance by using our feedback forms. Below are a few ways to get in touch with ...

• Genarating HAR Files

  HTTP Archive (HAR) is a format that captures data exchanged between web browsers and websites. Access Gateway extensively utilises HAR files to replicate errors experienced by end users or administrators. Below, we detail the process for generating ...