| Active Directory Exploits |
Basic |
This scenario introduces a stealthy cyberattack method called AS-REP Roasting, which targets misconfigurations in Active Directory to quietly collect and crack encrypted login data.
Participants take on the role of strategic operators, exploring an unfamiliar digital environment to uncover misconfigurations, extract credentials, and gradually gain deeper access, ultimately reaching full control of the system. |
35 |
Cyber Range: 21
Virtual: 30 |
| Macro Malware Detection |
Basic |
This scenario explores how attackers use malicious macros (small programs hidden in documents) to spread malware and gain remote access.
Participants will learn how these threats have evolved over time and how to detect them using YARA rules, a tool for identifying suspicious patterns. Through hands-on analysis, trainees will uncover hidden payloads and apply YARA rules to spot potential threats. |
45 |
Cyber Range: 1
Virtual: 1 |
| Macro Malware Detection |
Intermediate |
In this scenario, trainees take on the role of detection engineers responding to an incident involving a malicious OpenOffice document carrying a Metasploit payload. Attackers have used a macro-enabled file to deliver and spread their malware.
Participants are tasked with creating a YARA rule that can reliably detect these types of malicious documents. At this level, they will also automate parts of their analysis and detection process using Python, gaining practical experience in building and tuning custom detection logic. |
45 |
Cyber Range: 1
Virtual: 1 |
| SQL Injection Exploits |
Basic |
In this scenario, trainees use a workstation connected to a small practice network and interact with a deliberately vulnerable web application.
Their goal is to find and extract hidden ‘flags’ stored on the server by taking advantage of SQL injection - an attack where crafted input is placed into a website’s data fields to trick the underlying database into revealing more than it should. Through this hands-on exercise, participants learn how insecure handling of user input can expose sensitive information and why secure coding practices are essential. |
30 |
Cyber Range: 1
Virtual: 1 |
| SQL Injection Exploits |
Intermediate |
In this scenario, trainees work from a workstation on a practice network to interact with a vulnerable web application with defenses against SQL injection.
Participants must retrieve hidden ‘flags’ from the server by exploiting SQL injection vulnerabilities, but they will need to adapt their techniques to bypass basic protections and filters. This version deepens their understanding of both attack methods and defensive measures, showing how attackers evolve and how developers and security teams must respond. |
45 |
Cyber Range: 1
Virtual: 1 |
| Defensive Operations |
Basic |
In today’s world of growing cyber threats, having a Security Operations Center (SOC) is essential. A SOC acts as a central hub for detecting, analyzing, and responding to unusual activity in real time. It helps organizations spot threats early, understand what’s happening, and take quick action.
In this exercise, participants take on the role of Blue Team defenders monitoring alerts, recognizing suspicious activity, and confirming that an incident is taking place. The focus is on building core skills and confidence in real-time detection. |
50 |
Cyber Range: 21
Virtual: 30 |
| Defensive Operations |
Intermediate |
In this scenario, participants continue in the role of Blue Team defenders, sharpening their ability to detect cyber threats in real time.
They will work through a common but slightly more involved attack, reviewing logs, alerts, and indicators to identify what is happening and where. With less hand-holding than the basic level, this version pushes participants to apply their fundamentals more independently and think like real-world security analysts. |
60 |
Cyber Range: 21
Virtual: 30 |
| Docker Supply Chain |
Basic |
This scenario simulates a modern DevOps environment where Docker containers are used to deploy many small services on an Ubuntu server.
Participants will investigate a supply chain attack in which an attacker uses a command-and-control tool (Sliver C2) from a Kali Linux machine to hide a malicious beacon inside a Docker image. The image is uploaded to a private internal registry and eventually deployed as part of the normal application, slipping past standard defenses. Trainees analyze system logs, network captures, and Docker artifacts to uncover the breach, trace the malicious image’s origin, and understand how it spread. The exercise emphasizes why verifying container images and monitoring their behavior is critical for securing containerized systems. |
40 |
Cyber Range: 21
Virtual: 40 |
| Evilginx Phishing |
Basic |
In this scenario, participants learn how modern phishing attacks can get around even strong protections like Multi-Factor Authentication (MFA).
Trainees will see how attackers use a tool called Evilginx to sit in the middle of a login process, secretly capturing usernames, passwords, and session cookies. This hands-on demo shows how criminals can hijack accounts even when MFA is in place, and highlights why secure login habits and modern defenses are so important. |
30 |
Cyber Range: 1
Virtual: 1 |
| Exploitation101_EternalBlue |
Basic |
This introductory scenario walks trainees through exploiting EternalBlue, one of the most well-known Windows vulnerabilities in recent history.
Participants will learn, step by step, how the flaw is discovered and used to gain unauthorized access to a system. Along the way, they’ll see how unpatched systems become easy targets and why keeping software up to date is one of the most effective defenses against cyberattacks. |
30 |
Cyber Range: 21
Virtual: 40 |
| Firewall and Network Filtering |
Basic |
In this lab, trainees get hands-on experience with core networking and firewall concepts using a Palo Alto firewall.
Participants will learn how to create and adjust basic firewall rules, segment a network, and manage web traffic through the Palo Alto interface. They’ll also practice monitoring traffic and troubleshooting simple issues. By the end of the exercise, trainees will be able to explain fundamental firewall concepts and apply them to control and protect network traffic. |
90 |
Cyber Range: 21
Virtual: 40 |
| Forensics WingFTP |
Basic |
In this scenario, trainees step into the role of a digital forensic analyst called in after a cyber incident. A company has isolated and shut down a compromised Wing FTP server, then created a copy of it for safe investigation.
Participants will examine the cloned server to uncover the vulnerability the attackers used, identify how they first got in, and confirm their findings by reproducing the attack. As an optional final challenge, they can go a step further and compromise an additional server, capturing a ‘flag’ as proof of success. It’s a practical introduction to how real investigations trace an attack from entry point to impact. |
30 |
Cyber Range: 1
Virtual: 1 |
| Fortified Castle |
Basic |
This scenario introduces the risks of using industrial control systems (ICS) that rely on insecure communication protocols.
Participants will see how a threat actor can gain unauthorized access to industrial devices, change their settings, and interfere with their operation. The exercise raises awareness of how vulnerable ICS environments can be when they are not properly secured, and why protecting these systems is vital to safety and reliability. |
30 |
Cyber Range: 21
Virtual: 40 |
| Fortified Castle |
Intermediate |
This intermediate scenario builds on the basic Fortified Castle exercise, diving deeper into how insecure industrial control system (ICS) protocols can be exploited.
Participants will analyze network traffic in an ICS environment, identify weak or unprotected communications, and carry out more advanced actions to manipulate industrial devices and their states. The focus is on understanding not just that these systems can be attacked, but how attackers move, persist, and cause disruption. Trainees leave with a stronger grasp of ICS-specific risks and defense strategies. |
30 |
Cyber Range: 21
Virtual: 40 |
| Introduction to XSS |
Not applicable |
In this scenario, trainees learn how Cross-Site Scripting (XSS) attacks work by taking on the role of an attacker targeting a custom web application.
Participants can choose their own difficulty level and tackle a series of challenges that demonstrate different types of XSS, such as injecting malicious scripts into web pages and abusing user input fields. As they progress, they’ll see how small coding mistakes can let attackers steal information, hijack sessions, or alter site behavior, and what developers and defenders can do to prevent it. |
90 |
Cyber Range: 21
Virtual: 40 |
| Log4j - Apache Solr |
Basic |
This scenario introduces trainees to the Log4j vulnerability that was publicly disclosed in 2021 and affected many systems worldwide. Using Apache Solr as a real-world example, participants are guided step by step through how the vulnerability can be discovered and successfully exploited.
After seeing how the attack works in practice, participants will apply patches and configuration changes to fix the issue, then verify that their mitigation is effective. The exercise highlights how a single software flaw can be turned into a powerful attack, and why rapid patching and thorough testing are essential for defense. |
35 |
Cyber Range: 1
Virtual: 1 |
| Network Forensics |
Basic |
In this scenario, trainees act as digital forensics analysts investigating a suspected break-in. A client believes an outside attacker gained access to their web server and may have stolen sensitive data.
Participants will analyze captured network traffic and related evidence to reconstruct what happened: how the attacker connected, what they did on the server, and whether data was exfiltrated. By the end, they’ll better understand how network traces can reveal the story of a cyberattack. |
40 |
Cyber Range: 1
Virtual: 1 |
| OWASP Crypto |
Basic |
This scenario focuses on a common security issue involving JSON Web Tokens (JWTs), which are often used for authentication in web applications.
Participants will examine an application that accepts JWTs signed with HMAC but does not properly validate the secret key used to create the signature. This design flaw allows an attacker to forge their own ‘valid’ token and gain unauthorized access to protected resources. Through hands-on tasks, participants will see how this can lead to privilege escalation and data exposure, and learn the principles behind secure token handling. |
20 |
Cyber Range: 21
Virtual: 40 |
| Password Cracking |
Basic |
This scenario introduces password cracking, a common attack method used to guess or uncover passwords and gain unauthorized access to systems or files.
Participants step into the role of cyber operators, experimenting with brute-force and dictionary attacks to reveal weak passwords, crack protected documents, and understand how predictable password habits can be exploited. Along the way, they’ll learn how password hashes work and how attackers crack them offline. |
30 |
Cyber Range: 21
Virtual: 30 |
| Password Cracking |
Intermediate |
In this scenario, trainees discover how easily weak passwords can be broken using free, widely available tools.
Through hands-on practice with online password attacks, participants will see how attackers try to guess or test passwords directly against live systems. The exercise highlights how simple or reused passwords can quickly be exposed, reinforcing the need for strong, unique credentials and good password habits. |
35 |
Cyber Range: 21
Virtual: 40 |
| Password Cracking |
Advanced |
In this scenario, trainees see how easily weak passwords can be broken using free, widely available tools in a hands-on lab.
The focus is on password mangling attacks; smart ways attackers twist and modify words (adding numbers, symbols, or patterns) to match real-world password habits. By experimenting with these techniques, participants learn why simple or predictable passwords fail so quickly and why strong, unique passwords are essential. |
45 |
Cyber Range: 21
Virtual: 40 |
| Phishing Awareness |
Basic |
In this scenario, trainees practice spotting simple phishing emails in a safe, controlled environment.
Participants will review a series of messages that contain common red flags, such as suspicious links, spelling mistakes, and unusual requests. They’ll learn to distinguish between legitimate and fraudulent emails and build confidence in reporting potential phishing attempts. |
30 |
Cyber Range: 21
Virtual: 40 |
| Phishing Awareness |
Intermediate |
This scenario challenges trainees with more realistic and polished phishing emails.
Participants will encounter messages that mimic real services, copy corporate branding, and use more subtle tricks to gain trust. They will practice analyzing sender details, links, and message content to uncover hidden warning signs. The goal is to sharpen their judgment so they can recognize phishing attempts that are harder to spot at first glance. |
40 |
Cyber Range: 21
Virtual: 40 |
| Phishing Awareness |
Advanced |
In this advanced scenario, trainees face highly sophisticated phishing campaigns designed to bypass standard awareness.
Participants will examine targeted emails that may be tailored to specific roles, reference real projects, or use convincing pretexts. They will learn to detect nuanced indicators of compromise, evaluate context, and handle complex social engineering attempts. This exercise prepares them to recognize and respond to high-impact phishing attacks in the real world. |
50 |
Cyber Range: 21
Virtual: 40 |
| Privilege Escalation |
Basic |
This scenario demonstrates how attackers can turn small weaknesses into full control of a system.
Participants will work with a system that uses weak credentials and has not been properly configured or updated. They will see how an attacker could first gain low-level access, then ‘climb the ladder’ by exploiting misconfigurations and missing patches to obtain higher privileges. By the end, participants will better understand the importance of strong passwords, secure configurations, and regular updates in preventing privilege escalation. |
30 |
Cyber Range: 21
Virtual: 40 |
| Railway |
Basic |
This sector-specific scenario focuses on cybersecurity in railway systems, where digital technology and physical infrastructure are closely linked. It highlights how attacks on operational technology (OT), the systems that control tracks, signals, and equipment, can be launched through their connections to traditional IT networks.
Participants will carry out an attack on the Modbus protocol, which is used to control the rails, and see how malicious commands can affect a physical railway model connected to the cyber range. The hybrid setup, combining virtual and real-world components, makes the impact of cyberattacks on critical infrastructure tangible and memorable. |
45 |
Cyber Range: 1
Virtual: 1 |
| Vulnerability Management |
Basic |
This scenario focuses on identifying and fixing security weaknesses before they can be exploited.
Participants will use Nessus, a popular scanning tool, to check a Grafana system for vulnerabilities, analyze the results, and confirm that fixes have been applied. It’s a hands-on way to learn how regular scanning and patching help keep systems secure, reliable, and compliant. |
30 |
Cyber Range: 21
Virtual: 30 |
| Web Vulnerabilities in LLM Applications |
Intermediate |
This scenario shows how familiar web application weaknesses are now appearing in systems that use Large Language Models (LLMs).
Participants will explore two key issues: an authentication bypass caused by a misconfigured JSON Web Token (JWT) system, and a prompt injection attack that tricks an LLM into ignoring its instructions. By working through these examples, trainees will see how classic web vulnerabilities and new AI-specific risks can combine, and what that means for securing modern AI-powered applications. |
35 |
Cyber Range: 21
Virtual: 30 |
