What do the labs actually cover?

SQL injection, XSS, CSRF, IDOR, command injection, file upload bugs, JWT attacks, directory traversal, subdomain enumeration, broken authentication and more. Roughly the OWASP Top 10 plus the practical recon and exploitation skills bug-bounty hunters use.

Are the labs legal and safe to practice?

Completely. You're attacking targets we host inside isolated sandboxes — never real third-party systems. This is the same legal practice setup that platforms like HackTheBox and TryHackMe use.

Can I get a certificate?

Yes. Finishing a learning path unlocks a verifiable certificate you can post on LinkedIn or attach to your résumé.

Cyfotok Labs · v1.0live

NewLearning paths with certificatesarrow_forward

Your Cybersecurity Lab in your language, Not Just Another Course

Real vulnerabilities, running in real sandboxes you break into from your browser — with tutorials written in Tanglish and English.

Try a lab — it's freearrow_forward Browse the cataloguearrow_outward

credit_card_offNo credit card

Tutorials available in

TanglishTamil + EnglishEnglishdefault

/labs · what's inside

Six things you can hack today.

All labs →

Easy

Intro to XSS (Cross-Site Scripting)

Indha learning path la neenga XSS (Cross-Site Scripting) attack basics lendhu intermediate-level concepts varaikum easy-a purinjukalam. Website la user input proper-a filter pannaama irundha, attacker epdi malicious JavaScript code inject pannuvanga, adhu browser la epdi execute agum, and adhunaala enna impact varum nu step-by-step-a explore pannuvom. XSS cybersecurity world la most common and dangerous web vulnerabilities la onnu. Bug bounty hunting, web pentesting, red teaming, application security madhiri areas la strong foundation build panna XSS knowledge romba mukkiyam. Indha path la browser epdi work agudhu, HTML & JavaScript browser la epdi render and execute agudhu, user input dangers enna, different types of XSS attacks epdi nadakudhu, payload basics, cookies & session concepts, input filtering & sanitization importance, and real-world attack understanding madhiri important concepts ellam beginner-friendly Tanglish style la simple-a explain pannapadum. Technical terms irundhaalum easy examples use panni clear-a puriya maadhiri structure pannirupom. ⚠️ Note: Indha learning path la theory + understanding concepts mattum cover pannuvom. Practical labs and hands-on exercises separate modules la later varum.

The method

More terminal,
less reading.

Each lab opens in a split screen. The vulnerable app on one side. The tutorial and your terminal on the other.

No 40-minute video first. No 12-page PDF. The whole point is to get your hands on something exploitable in under sixty seconds.

If a step is confusing, leave feedback in the lab — we actually read it, and tutorials get rewritten.

Cyfotok Labs interactive interface — vulnerable app on one side, tutorial and terminal on the other. — ↑ a real lab, mid-exploit. The flag is at the end.

The curriculum

What you'll
actually be able
to do.

Not "you'll learn about cybersecurity." Specifically these things — with a real lab attached to each.

WebAuthAPIRecon

01
SQL injection
Login bypass, blind SQLi, UNION attacks
Web
02
Cross-site scripting
Reflected, stored, and DOM-based XSS
Web

A note from us

We tried teaching this the way everyone else does — long lecture videos, slide decks, links to external CTF sites. About half the room understood. The other half nodded politely and quietly looked up the words.
The hard part wasn't the security. It was English.
So we wrote every tutorial twice — once in Tanglish, once in plain English — and we'll keep adding more languages as we grow. Cyfotok Labs is small and opinionated. There aren't 500 labs yet. The ones we have, we've sat with someone less technical than you and watched them work through.

Cyfotok Labs team · Coimbatore, India

Pricing

Free to start.
Honest if you outgrow it.

Free

₹0 forever

Beginner labs, leaderboard, progress tracking. The full platform — not a teaser.

Pro

₹399/monthor ₹2,489/yr

Everything: advanced labs, learning paths, certificates, priority support.

Colleges can buy seats in bulk with a discount and get an instructor dashboard. Email sales@cyfotok.com.

See the pricing pagearrow_forward

FAQ

The questions that
keep coming up.

Don't see yours? Email hello@cyfotok.com and we'll add it.

What is Cyfotok Labs?add

A hands-on cybersecurity learning platform built for students from South India. Every lab runs a real vulnerable application in a sandboxed environment, with step-by-step tutorials in Tanglish or English so you can learn in the language you actually think in.

Is it free?add

Yes — the beginner labs and the full free tier are free forever, no credit card. Pro is ₹399/month or ₹2,489/year if you want unlimited access to advanced labs, learning paths and certificates.

Do I need any prior experience?add

No. The first few labs assume only that you've used a computer and know what HTML and a browser are. Each lab teaches the underlying concept before asking you to exploit it.

The first lab takes about ten minutes.

You don't need to read more about it. Sign up, pick a lab, and we'll see you in the terminal.

Create a free accountarrow_forward or look around first →

╴╴ no credit card · cancel anything any time ╴╴

Your Cybersecurity Lab in your language, Not Just Another Course

Six things you can hack today.

More terminal,less reading.

What you'llactually be ableto do.

Free to start.Honest if you outgrow it.

The questions thatkeep coming up.

The first lab takes about ten minutes.

More terminal,
less reading.

What you'll
actually be able
to do.

Free to start.
Honest if you outgrow it.

The questions that
keep coming up.