What are Investigations?

Investigations are fully browser-based lab scenarios that require no setup or configuration. Simply launch a lab directly from the platform and get started straight away.

Tasks include:

• Detecting intrusions
• Analysing suspicious files
• Performing network analysis

Every investigation is designed to replicate the kind of defensive work carried out in real-world security roles, helping you build practical skills in a guided, ready-to-use environment.

Important: To see any labs that are related to BTL1, based on the tools or activity you'll be investigating, you can go to the investigations page and search for 'BTL1' on the left-hand menu. 

What are Challenges?

Challenges are hands-on tasks that you download and complete on your local system or within a virtual machine.

They cover a wide range of scenarios including:

• Packet captures
• Memory dumps
• Log analysis

If you prefer a guided environment with no setup required, investigations provide pre-built labs so you can focus on analysis straight away. 

Categories

We host a variety of challenges, spanning from introductory levels to advanced scenarios.

Incident Response — scenarios simulating real-world incidents

Digital Forensics — forensic investigation and evidence analysis tasks

Security Operations — challenges reflecting day-to-day security operations

Reverse Engineering — decoding and reverse engineering applications.

CTF-Like Challenges — Capture the Flag style problem-solving scenarios.

OSINT — intelligence gathering from publicly available sources.

Threat Hunting — identifying and mitigating threats in simulated environments

Threat Intelligence — threat analysis and intelligence gathering scenarios

Free vs PRO Access

Free and PRO users have different levels of access to content whether its a investigation or a challenge. For a full breakdown of what's included in each tier, see Getting Started with BTLO.

Retired Content

Retired challenges/investigations remain available to all users and are a valuable learning resource. They replicate the look and behaviour of active challenges, making them ideal for:

• Exploring different problem-solving approaches
• Practising the techniques required for each challenge category
• Building confidence before attempting active challenges

Please note the following when using retired challenges:

• Points earned from retired content will not be added to your ranking profile.
• Hints are not available for retired challenges.
• The community produces write-ups for many retired content, which you can find through by searching for the related investigation/challenge on the web.
• The BTLO Replay video series on our YouTube channel provides step-by-step walkthroughs of retired labs.

Can I Reset My Completed Investigations and Challenges?

No, the platform does not allow progress resets. This policy exists to protect the integrity of the learning experience for everyone.

• Accountability, encourages you to work through each challenge fully rather than repeating for easy points
• Reflective learning, your history lets you identify areas for growth over time
• Fair competition, resets could allow users to reattempt content solely to achieve higher scores, undermining leaderboard fairness

Difficulty Levels 

Both investigations and challenges are categorised by difficulty:

1. Easy: Ideal for beginners, taking 1 hour or less, even if you're new to the tools.
2. Moderate: Geared towards individuals with day-to-day experience, requiring a couple of hours.
3. Hard: Tailored for advanced players with extensive hands-on experience, demanding intense problem-solving over a few hours.

If you are stuck, revisit the available learning materials or join the Discord Community! It's a free messaging and voice platform where members chat, share progress, and get support across shared channels.

Still need help?

Submit a support ticket and our team will be happy to help.