🕵️♂️ Breach Village
Welcome to Breach Village, where capture the flag meets real-world impact.
The internet is filled with hidden vulnerabilities, not just in systems, but in the way sensitive information is handled, published, routed, and overlooked. Privacy issues are not confined to made-up hacker stories or simulated environments. Covert infrastructure, exposed data, weak operational security, and tunnel abuse exist right now on the real internet, and many people do not know how to spot them, preserve evidence, or report them responsibly.
This CTF is built differently. Instead of chasing fantasy exploits or solving puzzles from a movie plot, Breach Village focuses on practical skills and real-world awareness, the kind that can help protect people and make a difference.
🔐 Two Tracks. One Goal.
1️⃣ Operation Glass Labyrinth: Network Tunneling Forensics
Cyber. Local Docker. Solo or Team.

In this track, you will investigate Black Meridian, a fictional cybercriminal group that uses SSH pivots, TCP redirectors, encrypted tunnels, reverse proxies, WireGuard overlays, and cloud bootstrap scripts to hide operators, relays, and command infrastructure.
Your job is not to attack real systems. Your job is to raise controlled Docker Compose lab stacks, reconstruct the tunnel paths from forensic evidence, identify how each relay was built, and collect runtime proof flags that show you completed the investigation.
Across four expert-level labs, you will work through:
- Lab 1, SSH Tunnel Chain: Pivot through four containers where each host is reachable only through the previous host. Start with username and password access, recover SSH key material, and use local forwarding to reach deeper evidence systems.
- Lab 2, TCP Redirectors and Chisel: Analyze redirector behavior, trace relay sockets, and reconstruct traffic paths built with tools such as
socatand Chisel. - Lab 3, WireGuard and Reverse Proxies: Recover overlay network clues, map reverse proxy behavior, and identify how internal services are exposed through encrypted paths.
- Lab 4, Cloud User-Data Tunnel Reconstruction: Examine AWS user-data and Azure customData artifacts to determine how open-source tunneling tools can be staged through cloud initialization workflows.
Every lab runs locally and generates its own credentials, keys, tokens, passwords, and flags the first time the stack starts. Students must prove completion from live artifacts, not by reading static answers from configuration files.
This track is designed for operators, red teamers, blue teamers, incident responders, and forensic analysts who need to understand tunneling as both tradecraft and evidence.
2️⃣ Privacy Breaches
Learn to Find and Report Real Digital Leaks.
This track is based on a fictionalized scenario involving websites in Puerto Rico. This is not a government-sponsored event, and the scenario is meant purely for educational purposes.
That said, the techniques you will learn are very real. You will discover how:
- Sensitive information can accidentally appear on public websites.
- Google Dorking and other OSINT methods can reveal privacy breaches.
- To responsibly report breaches to the proper agencies that manage state or government websites.
The goal here is not exploitation. It is accountability. We want participants to walk away with the ability to identify and notify the right people when sensitive data is exposed online.
💬 Remember
With great access comes great responsibility. We encourage ethical exploration, responsible disclosure, and never storing or using exposed personal data. Your skills can help make the web a safer place. Start here.