Platform Guide
Intro to Platform
A practical guide to paths, challenges, machines, AttackBox, rankings, and ethical platform usage.
Welcome to VulnByDefault Labs
Welcome to the most comprehensive cybersecurity learning platform designed for both beginners and professionals. Our platform offers a complete ecosystem of learning resources, hands-on practice environments, and competitive elements to accelerate your cybersecurity journey.
What You'll Learn
Our platform covers all major areas of cybersecurity including:
- Web Application Security - SQL injection, XSS, CSRF, and more
- Penetration Testing - Network security, vulnerability assessment
- Digital Forensics - Evidence collection and analysis
- Reverse Engineering - Malware analysis and binary exploitation
- Cryptography - Encryption, hashing, and cryptographic attacks
- OSINT - Open source intelligence gathering
Learning Paths & Courses (Coming Soon)
Learning Paths
Learning paths are structured curricula that guide you through specific cybersecurity domains. Each path contains multiple modules organized in a logical progression:
- Beginner Paths - Perfect for newcomers to cybersecurity
- Intermediate Paths - For those with basic knowledge looking to advance
- Advanced Paths - Expert-level content for professionals
Courses
Individual courses provide focused learning on specific topics:
- Interactive Content - Rich text with code examples and explanations
- Practical Exercises - Hands-on labs and assignments
- Progress Tracking - Monitor your learning journey
Modules
Each course is broken down into digestible modules:
- Prerequisites - What you need to know before starting
- Learning Objectives - Clear goals for each module
- Content - Detailed explanations with examples
- Assessments - Questions to test your understanding
Submodules
Each module is divided into smaller submodules that build on each other sequentially:
- Locked Progression - You must complete each submodule to unlock the next one
- Focused Content - Each submodule covers one specific concept
- Gradual Difficulty - Complexity increases progressively across submodules
- Completion Tracking - See your progress within each module
You can monitor your progress on the dashboard page.
CTF Challenges
Challenge Types
Our platform offers various types of Capture The Flag (CTF) challenges:
- Web Challenges - Web application vulnerabilities
- Pwn Challenges - Binary exploitation and reverse engineering
- Crypto Challenges - Cryptographic puzzles and attacks
- Forensics Challenges - Digital forensics and file analysis
- Reversing Challenges - Reverse engineering binaries
- OSINT Challenges - Open source intelligence gathering
Challenge Features
- Multiple Difficulty Levels - From beginner to expert
- Flag Submission System - Submit flags to earn points
- Hint System - Get help when you're stuck
- First Blood Rewards - Bonus points for being first to solve
- Progress Tracking - Monitor your challenge completion
Dynamic Challenges
Some challenges use containerized environments:
- Web Containers - Deploy vulnerable web applications
- Custom Instances - Unique environments for each user
- Time-Limited - Instances expire after a set time
- Real-World Scenarios - Practice on realistic targets

If you have solved a challenge then it would appear in green and if you got first blood on it, then it would be shown in red.

Virtual Machines (VMs)
What are VMs?
Virtual machines are pre-configured vulnerable systems designed for hands-on practice:
- Windows VMs - Practice Windows-specific attacks and defenses
- Linux VMs - Learn Linux security and administration

When you click on the deploy VM button, VM IP would be assigned to you and you could also see a VM indicator at the right side of the page. Also each VM comes with 2 hours of session time and you can only extend it 4 times.
AttackBoxes
What are AttackBoxes?
AttackBoxes are pre-configured Kali Linux environments that provide you with all the tools needed for penetration testing and ethical hacking:
- Kali Linux - Industry-standard penetration testing distribution
- Pre-installed Tools - Metasploit, Nmap, Burp Suite, and more
- Web-based Access - No local installation required
- Persistent Storage - Your work is saved between sessions
AttackBox Features
- One-Click Deployment - Deploy your attack environment instantly
- Full Root Access - Complete control over your environment
- Tool Updates - Always have the latest security tools
- Custom Configurations - Personalize your attack environment
- Session Management - Start, stop, and manage your sessions
When to Use AttackBoxes
- Machine Exploitation - Attack vulnerable VMs
- Web Application Testing - Test web applications and APIs
- Network Scanning - Discover and enumerate networks
- Tool Practice - Learn and practice with security tools
Once you click on "Start Attackbox" button, you'll see that a Kali Linux attackbox is created with 1 hour of session time. Clicking on "View Desktop" button would open up a web based Kali Linux environment. You will also see an attackbox indicator which would be visible throughout the platform if you have an attackbox running.


Instances & Deployment
Challenge Instances
Some challenges require dynamic environments:
- Web Containers - Deploy vulnerable web applications
- Custom Configurations - Unique setups for each challenge
- Automatic Cleanup - Instances are destroyed when done
- Resource Management - Efficient use of platform resources
Instance Management
- Start/Stop - Control your instances
- Renew - Extend instance lifetime
- Monitor - Track instance status


Rankings & Achievements
Point System
Earn points through various activities:
- Machine Completion - Points for solving machines
- Challenge Solving - Points for CTF challenges
- Flag Submission - Points for finding flags
- First Blood - Bonus points for being first to solve (25 pts)
- Achievements - Special rewards for milestones (25 pts)
Rankings are based on solving active machines and challenges (events not included). On user page, you might see different points than on rankings page, Worry not! That's your all time stats including all challenges and machines (active and retired both).


Security & Ethics
Educational Purpose
This platform is designed for educational purposes only:
- Learn Ethical Hacking - Understand vulnerabilities to defend against them
- Practice Responsibly - Use skills for legitimate security testing
- Respect Boundaries - Only test systems you own or have permission to test
Safe Environment
- Isolated Labs - All testing happens in controlled environments
- No Real Targets - All systems are designed for learning
- Responsible Disclosure - Report vulnerabilities through proper channels
Ready to Start?
You're now equipped with everything you need to know about our platform. Whether you're a complete beginner or an experienced professional, there's something here for everyone.
Start your cybersecurity journey today:
- Try Some Challenges - Test your skills with CTF challenges
- Deploy a VM - Get hands-on experience with vulnerable systems
- Set Up Your AttackBox - Deploy your penetration testing environment
Remember, cybersecurity is a journey, not a destination. Keep learning, keep practicing, and most importantly, keep it ethical!
