Login
Login Login to your Reflare account

Train on the Attacker’s Latest Playbook — Then Build Your Own

RCTF (Reflare Capture the Flag)

For Red Team leads who need realism, agility, and measurable impact — RCTF gives you monthly breach-derived scenarios and a platform where you can deploy your own Docker-based challenges in minutes.

Strength Over Compliance

Most training checks boxes. This one builds capability.

RCTF turns real-world breaches into multi-stage scenarios you can run safely in the cloud.

Not puzzles. Not theory. Actual attacker tradecraft, translated into an environment your teams can practice in.

  • Timely: New scenarios from recent incidents.

  • Relevant: Reflective of the techniques attackers are using in real operations.

  • Measurable: Clear reporting to show improvement over time.

Timely
Proactive
Impactful
Access Demo

Runs in the Cloud

Serious training without operational drag.

No VMs to provision. No VPN clients to distribute. No tooling conflicts.

RCTF runs entirely in the browser using containerised infrastructure and HTML5-rendered desktops.

Upload a Docker Compose file and the platform automatically deploys all services in an isolated environment — ready for your teams to explore, attack, or defend.

  • Instant access

  • Secure isolation

  • Scales to hundreds of users

Scalable
Reliable
Effortless
Access Demo

Risk-Free Environment

Aggressive practice. No production risk.

Every environment — whether breach-derived or custom — runs in its own isolated container network with a disposable, cloud-rendered desktop.

Nothing touches corporate systems. Nothing persists after teardown.

You focus on running scenarios; the platform handles orchestration, environment security, and cleanup.

Efficient
Secure
Easy
Access Demo

Waving the Flag

Capture the flag — prove the capability.

Each flag represents a meaningful technical milestone: a privilege escalation, a lateral movement path, a detection opportunity, or a containment failure.

This turns each run into concrete evidence of readiness.

Admins get exportable metrics on:

  • Participation

  • Time-to-solve

  • Scenario completion

  • Capability trends over time

Useful for security reviews, audits, and demonstrating improvement.

 
Achievement
Validation
Confirmation
Access Demo

Who it’s for

Red Teams:

 Practice modern TTPs. Run recurring internal CTFs. Validate your assumptions and sharpen your operators.

Blue Teams:

 See attacker behaviour end-to-end. Improve detection paths. Strengthen response playbooks.

Engineering & DevSecOps:

 Understand how real attacks unfold against services, infrastructure, and code. Shift left with hands-on insight.

Contractors & Vendors:

 Verify capability before granting access. Provide a standardised test environment aligned to real threats.

 

The Starter’s Guide to Strengthening Skills with CTF

What teams say

Security Lead,
SaaS (500+ employees)

“Exactly the level of realism we needed in our training programme.”

Head of Engineering,
Fintech

“Our engineers finally saw how modern attack chains actually play out.”

CISO,
Gov Agency

“The cloud isolation made rollout simple and safe.”


 

Challenge yourself against the demo today

Experience RCTF

 

See it. Test it. Judge the realism yourself.

Your demo includes:

  • A breach-inspired multi-stage scenario

  • A full browser-based desktop

  • A safe, isolated network

  • Realistic tools and telemetry

  • An admin view with metrics and reporting

 

 

 

Complete the form to receive your unique access token

FAQs

Will this install tools on our machines?

No. Everything runs in Reflare’s isolated cloud environment. Your users connect via a secure browser session.
Will this install tools on our machines?

What’s in the demo?

A recent breach‑inspired scenario, a set of flags to capture, and the same browser‑based experience paid users get.
What’s in the demo?

How much does it cost?

$65 per user per month. Volume pricing available.
How much does it cost?

Can we track progress?

Yes. Admins see who launched, flags captured, and time‑to‑solve. Exportable CSV for audits.
Can we track progress?