Introduction to Cyber Ranges
The ever expanding need for cybersecurity professionals is apparent, if not overwhelming. Talent pools seem constantly tapped out and even the most stable teams are at risk of losing members to greener pastures. To help solve this expected skills gap, organizations are beginning to look beyond traditional cyber security training paths such as, CBT, ILT, self taught, word of mouth, etc. and looking towards more creative ways to assess and train for cyber security.
About CMD+CTRL Cyber Range
Our CMD+CTRL Cyber Range is part of our Attack and Defend approach to AppSec and is a real life business application platform that helps people learn to think like an attacker and exploit application vulnerabilities. The Cyber Range effectively assesses existing skills and fills any knowledge gaps by teaching real life skills as well as recommending additional training if needed. The Range experience is designed to speed up learning and greatly improve application security knowledge retention.
Why CMD+CTRL Cyber Range?
Determine team member's AppSec skill coverage
Test the skills of your team and determine individual knowledge gaps and training needs.
Protect Security Training Investment
Knowledge from previous training is confirmed and any knowledge loss identified for remediation.
Inspire Appsec commitment
Ideal for all skill levels to make your team want to take Appsec seriously through quality training engagment.
Validate induction of staff
Ensure you hire the right people with the right skills appropriate for your Appsec needs.
Essential Components of a Cyber Range
- Dedicated real life application delivering and maintaining an immersive Cyber Range experience. Improves employee satisfaction through interesting, engaging and immersive experiences retention with free-form, self guided experience that speeds up learning and greatly improves knowledge.
- Lifelike engagement, requiring not just learning about security issues, but also learning the process to identify, build and implement multi-faceted attacks that are encountered in real life. This results in a deep understanding of attack and defend strategies.
- Open ended, “choose your own adventure” style experiences based on a variety of real life applications. This provides relevant scenarios for you to train on.
Run your own Cyber Range Event for Free
- Many styles and types of web site to use:
Mobile Fitness Tracking Application
Comprising 60+ challenges, users can track runs, challenge friends, make purchases, and share data. Participants can use actual phones or an emulator to solve client- and server-side challenges such as finding secrets in mobile code or stored locally on the phone, exploiting debug functionality, and reverse engineering libraries.
ShadowBank – Banking Website
Users can create accounts, transfer funds, buy and sell stocks, request a loan, and a lot more. 50+ vulnerabilities subsume OWASP Top 10, ISO 2700x, as well as popular NIST and CWE standards, and tempt users to break into someone else’s account, buy stocks for free, and transfer negative funds.
Gold Standard Bank – Advanced Banking Website
Everything available in ShadowBank plus account holder and administrative functionality like requesting/approving loans and posting official announcements. 60+ vulnerabilities are “protected” by poorly implemented mitigations like blacklisting and client-side validation – challenging players to crack passwords, chain multiple vulnerabilities, and assemble creative attacks. Gold Standard challenges even the elite.
Shred Retail – eCommerce Website
Users can purchase skateboards and supplies, review products, purchase and redeem gift cards, view past orders, and more. 35+ vulnerabilities allow you to buy a negative quantity, place an order with someone else’s credit card, get a great deal on gift cards, trigger denial of service, and more.
Account All – HR Website
This Web site includes employee, manager, and HR admin roles with distinct privileges and functionality such as submitting timesheets, managing direct deposit, viewing paystubs, submitting performance reviews, and editing confidential user information. Users can exploit 40+ vulnerabilities to view their boss’ salary, modify another user’s account, set Invalid 401(k) contributions and other devious activity.
What people say about our CMD+CTRL Cyber Range:
“Loved how creative it was. Surprisingly interesting.”
“Eye opening to see how SQLi actually works/looks.
All I’d been taught before was the theory and how to mitigate. The chance to hack someone else’s code, usually not possible and not easy to hack your own code.”
“I realized how easy it is to introduce problems with lazy programming practices (e.g. robots.txt).”
“I realized that I have written vulnerable code myself.”
“I realized that this information is not being taught in university and it should be.”
“There is a mix of older and younger developers here. Did you notice that guy on the left side of the room who was answer so many questions, totally engaged. He’s been here for 18 years, it was amazing to see him so interested and having so much fun.”
“Felt like we were a team of hackers trying to get into North Korea or something like that.”
“Most fun, engaging training I’ve ever attended.”