A turnkey lab platform for engineering colleges. Real vulnerabilities, in-browser sandboxes, instructor dashboards, and tutorials in Tanglish + English — so every student in the room can keep up.
╴ avg reply time < 4 hours · pilots welcomed · cheaper per seat than individual pro ╴
50+
Hands-on labs
100%
Browser-based
₹0
Setup cost per student
24/7
Sandbox availability
The problem
Theory-only textbooks
Students read about SQL injection. They never type one. Exam over → skill gone.
VM setup eats 2 weeks
Kali, VirtualBox, hypervisor conflicts. By the time everyone's set up, the term's half over.
English-only resources
International platforms assume native English. Half the class quietly looks up the words.
Manual grading hell
Faculty grades 60 student submissions by hand. Nobody has the bandwidth to do it well.
The Cyfotok approach
We didn't build a generic CTF site. We built the platform we wished existed when we were teaching cybersecurity to first-year B.Tech students.
Every design decision — Tanglish tutorials, browser-only labs, auto-graded flags, instructor dashboards — comes from sitting in the back of a real classroom and watching what actually worked.
Cyfotok Labs is small and opinionated. It's not trying to be everything. It's trying to make sure every student in the room — top of the class or bottom — can finish a real exploit by the end of week one.
Students
187
Active 7d
142
Completions
318
Avg streak
4d
SQL Injection — Login Bypass
Stored XSS — Comment Form
JWT Algorithm Confusion
↑ a sample instructor dashboard
What's included
One subscription, every feature unlocked. No add-on tier for instructor analytics, no paywall on certificates. The same platform a top student in Bangalore uses, your first-year class in Tier-3 city gets too.
Real, isolated labs
Every lab spins up a vulnerable application in a sandbox. Students get a real target to attack, not a slideshow with screenshots. Zero install — they open a browser and start.
Tanglish + English tutorials
Step-by-step walkthroughs written in Tanglish (Tamil + English) and plain English. The hard part isn't the security — it's English. We removed it.
Instructor dashboard
Live view of every student in your college: who's active this week, who's stuck, who's leading. Per-lab completion rates, dormant-student alerts, downloadable CSV reports.
Curriculum assignments
Assign specific labs to your students. They see a clean, ordered list of what to work through. No more 'just go practice somewhere' without direction.
Verifiable certificates
Finish a learning path → student gets a certificate with a unique verification URL. Looks great on LinkedIn, recruiters can confirm authenticity in one click.
Auto-graded flags
Each lab ends with a flag the student submits in-browser. Correct submission auto-marks completion in your dashboard. Zero manual grading.
Legal & ethical setup
Same legal-practice model as HackTheBox and TryHackMe. Students attack only the targets we host — never real third-party systems. No university policy concerns.
Streaks, points, ranks
Built-in gamification keeps engagement high. Students chase daily streaks, climb a leaderboard, and unlock ranks as they earn points. Healthy competition without you setting it up.
Faculty support
30-minute onboarding call. Email + WhatsApp support during the term. Custom learning paths mapped to your syllabus. We treat you like a partner, not a ticket number.
How it works
Kickoff call
30-min Zoom with our team. We set up your college account, create the instructor dashboard, and import faculty / student lists.
Pick your curriculum
Choose a ready-made learning path (Web Hacking 101, OWASP Top 10, Bug Bounty Starter) or we build a custom path mapped to your syllabus.
Students start practicing
Students log in, follow the assigned labs, submit flags, earn points, and progress toward certificates. You watch the dashboard.
Outcomes
Not "they'll learn about cybersecurity." Specifically these outcomes — measurable in your placement records and résumé quality at the end of the term.
Practical skill, not just theory
Students leave the term having actually exploited 20+ vulnerabilities — not having read about them.
Higher placement readiness
Cybersecurity is one of India's top-paying tech tracks. Hands-on portfolio puts students ahead in interviews.
Faculty get their time back
Auto-grading, auto-tracking, auto-reports. Faculty teach the concepts and let the platform handle the operations.
Verifiable proof of skill
Every learning-path certificate has a public verification URL. Recruiters trust it because it's tied to actual lab completions.
A note from us
Most cybersecurity courses end with students who can spell "SQL injection" but have never typed a payload. We're fixing that, one classroom at a time.
If you're a HoD or faculty member at an engineering college and you want your students to graduate with real, demonstrable security skills — not just marks — we'd love to talk. Email us. We respond fast and we're happy to do a free pilot for one batch.
Pricing
Colleges always pay less per student than what an individual pays for the same access. Volume drops the rate further. We share a tailored quote within the same day — no fake list-price anchoring, no "contact us to be ghosted".
Custom quote · same day
Lower than our
individual Pro pricing.
Tell us how many students and which kind of program (semester elective, full-year course, workshop) — we send a per-seat number that beats what your students would pay individually.
sales@cyfotok.com
Want to see what an individual student pays for comparison? See the individual Pro plan →
FAQ
Don't see yours? Email sales@cyfotok.com and we'll get back the same day.
Three things. (1) Tutorials are written in Tanglish and plain English, so the language barrier doesn't slow students down. (2) Each lab includes a tutorial, a sandboxed target, and a flag — students don't need to set up VirtualBox, Kali, or Docker. They open a browser and start. (3) Faculty get an instructor dashboard with completion data per student, per lab, per week — no spreadsheet tracking required.
Total students, active users this week, sign-ins this week, lab completions this week, never-started students, dormant students, top performers, streak leaders, per-lab assignment progress with completion %, and a live feed of recent completions. You can also assign specific labs to your college so students see a curated curriculum, and download a CSV report at any time.
Yes. Students who finish a learning path get a verifiable certificate they can post on LinkedIn or attach to a résumé. The certificate has a unique ID and a public verification page so recruiters can confirm authenticity.
Two options. (1) The college admin creates student accounts in bulk from the dashboard — students get a username + temporary password they change on first sign-in. (2) Students self-sign up with a college email domain you whitelist, and they're auto-attached to your college. Either way, every student account is tied to your college's seat pool.
Completely safe. Every vulnerable target runs inside an isolated sandbox we host. Students attack our environments — never real third-party systems — using the same legal-practice setup that platforms like HackTheBox and TryHackMe use. There is no way for a lab to escape its sandbox or affect anything outside it.
OWASP Top 10 web vulnerabilities (SQL injection, XSS, CSRF, IDOR, command injection, file upload, directory traversal, broken authentication), JWT attacks, API security, recon and subdomain enumeration, Linux fundamentals, networking basics, and more. We add new labs every week and you can request topics that fit your syllabus.
Yes. We can put together a structured learning path that matches a B.Tech / B.E. cybersecurity elective, a one-semester course, or a 5-day workshop. Tell us the contact hours and learning outcomes you need to hit and we'll line up the labs.
Less per seat than our individual Pro plan, and the rate drops further with larger batches. We don't publish a fixed list price because every college's needs are different (number of students, semester vs full year, custom curriculum). Email sales@cyfotok.com with a rough headcount and we'll send a quote within the same day. Yearly billing is the default and includes the instructor dashboard, all current labs, certificates, and every new lab released during the term.
No. The first labs assume only that students have used a computer and know what HTML and a browser are. Each lab teaches the underlying concept (e.g. how a SQL query works) before asking students to exploit it. Many of our college users are first-year B.Tech students.
Yes. We offer a Lab Creator role for faculty who want to build internal-only or shareable labs. Reach out and we'll grant access to the lab authoring tools.
Every college account includes a 30-minute kickoff call with our team to set up the dashboard, walk faculty through the platform, and assign the first cohort of labs. We're also available on email and WhatsApp during the term.
Yes. Everything runs in the browser — no installs, no VPN, no campus-only network. As long as a student has an internet connection, they can practice on their phone, laptop, or college lab machine.
30-minute demo. We walk through the dashboard, your syllabus, and answer everything. No commitment, no slideshow.
╴╴ free pilots for one batch · responses within 4 hours ╴╴