CMD+CTRL Cyber Range Security Training

CMD+CTRL CYBER RANGE TRAINING

Time to Get Real!

Prepare Teams Differently for the Cybersecurity Battle

CMD+CTRL is a hands-on training platform that uses insecure software environments to hone security skills. It reflects the complexity and risk of today’s tech stacks – flawed design, defenseless code, and misconfigured deployments – and tempts players to exploit them.

Unrivaled in authenticity, CMD+CTRL takes engagement to a whole new level. It is not designed to turn teams into hackers, but to gain insight into how connected software functions and fails with respect to security. If teams can’t sniff out poorly implemented practices, they’re likely making the same mistakes.

Ditch the stick. Get teams stoked about security naturally.

Build Situational Awareness

Traditional training builds knowledge, but it’s only when humans experiment and adjust that they have those a-ha moments that drive behavior change

Create Excitement Like No Other

Real technologies, automated scoring, easter eggs, and other gratification elements keep players immersed. Good luck pulling them away.

Accurately Assess Security Skills

We don’t rely on pattern matching or pre-determined answers. Players connect their own dots for success. Reports unmask rock stars – they’ll likely surprise you.

How Does it Work?

cmdctrl_callout

PLUNGE into the Real-World.
Pre-configured environments span simple Web sites, complex Mobile and Single-Page Applications (SPA) with rich API functionality, and cloud platforms. While technically sophisticated, it’s cloud-based with nothing to install. Tools are useful but not required. Help assets ensure all skill levels can compete.

EXPLORE and Exploit.
Find information disclosures, probe the tech stack, and view HTML source, URLs, and headers for clues. Upon exploit, points are immediately awarded by our sophisticated auto-scoring engine. Drop tables and crash servers without disruption – each player has their own instance and can reset at any time.

BUILD an Attitude.
The dashboard shows completed and unsolved challenges, hints used, and other player insight. The always-on scoreboard turns passive participants into determined competitors bursting with confidence.

Who is it for?

CMD+CTRL helps all stakeholders in the software pipeline experience the impact of poor design, coding, and configuration:

Builders - Think Attack to Harden from Attack

By recognizing how their mistakes are easily exploited, builders can incorporate security controls at each development phase. For example, knowing an attacker can execute code via a login screen reinforces that mitigations like AntiXSS library or proper input sanitization must be implemented. Mindsets will shift from “Why would anyone do that?” to “Oh, that’s a big problem!”
Operators - Keep the Bad Guys Out

Once software applications are deployed, IT maintains availability of key services: configure servers, protect APIs, manage access, apply patches, and minimize information disclosure. There are many challenges that reinforce these key security principles that provide defense in depth.
Defenders - Maintain a High Bar

With ranges that progress in difficulty level, CMD+CTRL is the best way to groom pen testers, red teamers, and vulnerability assessors. Easier ranges spot potential talent by gauging their understanding of the OWASP Top Ten. Advanced ranges feature complex environments that force experienced staff to make interlinking decisions.

"We began training with a single cyber range event. It generated so much excitement that teams immediately asked when we’re running the next one."

Joe Mineiri, CISO of Orvis