🕵️‍♂️ Breach Village

Welcome to Breach Village, where capture the flag meets real-world impact.

The internet is filled with hidden vulnerabilities, not just in systems, but in the way sensitive information is handled, published, routed, and overlooked. Privacy issues are not confined to made-up hacker stories or simulated environments. Covert infrastructure, exposed data, weak operational security, and tunnel abuse exist right now on the real internet, and many people do not know how to spot them, preserve evidence, or report them responsibly.

This CTF is built differently. Instead of chasing fantasy exploits or solving puzzles from a movie plot, Breach Village focuses on practical skills and real-world awareness, the kind that can help protect people and make a difference.


🔐 Two Tracks. One Goal.

1️⃣ Operation Glass Labyrinth: Network Tunneling Forensics

Cyber. Local Docker. Solo or Team.

Tunneling.png

In this track, you will investigate Black Meridian, a fictional cybercriminal group that uses SSH pivots, TCP redirectors, encrypted tunnels, reverse proxies, WireGuard overlays, and cloud bootstrap scripts to hide operators, relays, and command infrastructure.

Your job is not to attack real systems. Your job is to raise controlled Docker Compose lab stacks, reconstruct the tunnel paths from forensic evidence, identify how each relay was built, and collect runtime proof flags that show you completed the investigation.

Across four expert-level labs, you will work through:

Every lab runs locally and generates its own credentials, keys, tokens, passwords, and flags the first time the stack starts. Students must prove completion from live artifacts, not by reading static answers from configuration files.

This track is designed for operators, red teamers, blue teamers, incident responders, and forensic analysts who need to understand tunneling as both tradecraft and evidence.


2️⃣ Privacy Breaches

Learn to Find and Report Real Digital Leaks.

This track is based on a fictionalized scenario involving websites in Puerto Rico. This is not a government-sponsored event, and the scenario is meant purely for educational purposes.

That said, the techniques you will learn are very real. You will discover how:

The goal here is not exploitation. It is accountability. We want participants to walk away with the ability to identify and notify the right people when sensitive data is exposed online.


💬 Remember

With great access comes great responsibility. We encourage ethical exploration, responsible disclosure, and never storing or using exposed personal data. Your skills can help make the web a safer place. Start here.