Get Real With The CMD+CTRL Cyber Range

Unrivaled in authenticity, the CMD+CTRL Cyber Range takes engagement to a new level. Designed to give teams insight into how connected software functions and fails with respect to security. If teams can’t sniff out insecure practices, they’re likely making the same mistakes – and putting you at risk.

What is a Cyber Range?

The CMD+CTRL Cyber Range is a hands-on training platform that uses insecure software environments to hone security skills. It reflects the complexity and risk of today’s tech stacks: flawed design, defenseless code, and misconfigured deployments – and tempts players to exploit them.

  • Real-World Environments

    Pre-configured environments representing web sites, cloud platforms, and complex mobile and Single-Page Applications (SPA) with rich API functionality. Technically sophisticated, the CMD+CTRL Cyber Range cloud-based with nothing to install. Tools are useful but not required, and supporting assets ensure all skill levels can train.

  • Explore and Exploit Safely

    Players find information disclosures, probe the tech stack, and search source code, URLs, and headers for clues. When an exploit is found, points are awarded by our sophisticated auto-scoring engine. Drop tables and crash servers without disruption – each player has their own instance and can reset at any time.

  • Get Immediate Feedback

    The dashboard shows completed and unsolved challenges, hints used, and other player insights. The always-on scoreboard turns passive participants into determined competitors bursting with confidence.

"We began training with a single cyber range event. It generated so much excitement that teams immediately asked when we're running the next one."
Joe Mineiri, CISO of Orvis

Who is a Cyber Range for

CMD+CTRL helps all stakeholders in the SDLC experience first-hand the impact of poor design, coding, and configuration.

  • Builders

    Think Attack to Harden from Attack

    By recognizing how their mistakes are easily exploited, builders can incorporate security controls at each development phase. For example, knowing an attacker can execute code via a login screen reinforces that mitigations like AntiXSS library or proper input sanitization must be implemented. Mindsets will shift from “Why would anyone do that?” to “Oh, that’s a big problem!”

  • Operators

    Keep the Bad Guys Out

    Once software applications are deployed, IT operations maintain the availability of key services: configure servers, protect APIs, manage access, apply patches, and minimize information disclosure. There are many challenges that reinforce these key security principles that provide defense in depth.

  • Defenders

    Maintain a High Bar

    With ranges that progress in difficulty level, CMD+CTRL is the best way to groom Defenders: pen testers, red teamers, and vulnerability assessors. Easier ranges spot potential talent by gauging their understanding of the OWASP Top Ten. Advanced ranges feature complex environments that force experienced staff to make interlinking decisions.

The CMD+CTRL Difference

Unrivaled in authenticity, CMD+CTRL takes engagement to a whole new level. It is not designed to turn teams into hackers but to gain insight into how connected software functions and fails with respect to security. If teams can’t sniff out insecure practices, they’re likely making the same mistakes – and putting you at risk.

Cloud-based & Turnkey

Cloud-based & Turnkey

No hardware, installation, or configuration needed. CMD+CTRL requires only a browser, and our auto-scoring engine immediately awards points.

Make Security Approachable

Make Security Approachable

Players set their own pace to gather information and conduct attacks (including phishing!) Hints and other interactive elements provide encouragement.

Build Cross-Functional Skills

Build Cross-Functional Skills

Team Mode fosters conversation around the dangers of poorly implemented principles that affect connected software – fail securely, least privilege, secure defaults, etc.

Real-Time Reporting

Real-Time Reporting

Baseline staff competency and spot emerging starts with reporting that includes total score, vulnerabilities found by difficulty and type, recommended courses, and other metrics.

Ideal for all Skill Levels

Ideal for all Skill Levels

Beginner ranges are ideal for awareness building and don’t require expertise or tools.  Cheatsheets, learning labs, and hints ensure everyone can compete and have fun.

Run events with a Click

Run events with a Click

Select a range and duration, and get playing. It’s so easy that we’ve run them at dozens of OWASP events, where CMD+CTRL was chosen over OWASP JuiceShop CTF.