How browser labs work
Backend spins up isolated container per lab session. Frontend shows vulnerable app in iframe or panel. Tutorial panel beside target. Flag submission validates exploit success.
Advantages over VM-based labs
Works on Chromebook, college lab PC, low-RAM laptop. No Hyper-V/VirtualBox conflicts on Windows. Instant start — no 10-minute VM boot. Mobile-friendly for reading tutorials.
Limitations
Browser labs focus on web/API vulnerabilities, not full OS privilege escalation or kernel exploits. Graduate to HTB VMs when you need OS-level practice.
Cyfotok browser lab catalog
SQL injection, XSS, CSRF, IDOR, command injection, file upload, directory traversal, JWT attacks, broken auth, subdomain recon — all browser-accessible.