CMD+CTRL Cyber Range
The missing piece in your security training toolbag
Cloud-based & Turnkey
No hardware, installation, configuration or cumbersome scoring. CMD+CTRL requires only a browser and our auto-scoring engine immediately awards points.
Make Security Approachable
Players set their own pace to gather information and conduct attacks (including phishing!) Hints and other interactive elements provide encouragement.
Build Cross-Functional Skills
Team Mode fosters conversation around the dangers of poorly implemented principles that affect connected software – fail securely, least privilege, secure defaults, etc.
Real-time Reporting
Baseline staff competency and spot emerging starts with report that include total score, vulnerabilities found by difficulty and type, recommended courses, and other metrics.
Ideal for all Skill Levels
Beginner ranges are ideal for awareness building and don’t require expertise or tools. Cheatsheets, learning labs, and hints ensure everyone can compete and have fun.
Run events with a Click
Select a range and duration, and get playing. It’s so easy that we’ve run them at dozens of OWASP events, where CMD+CTRL was chosen over OWASP JuiceShop CTF.
Use as a practice range, run a competitive or awareness event, or manage talent
- Identify Rockstars. One client had someone from Finance join the security team after a competition.
- Find talent in remote areas. Fortune 300 outdoor apparel retailer in Maine recruits local college students.
- Improve collaboration. Blue-chip ISV runs monthly team events with a range specific to its cloud platform.
- Meet the hiring bar. Pen Testing broker uses real-time assessment capabilities to hire qualified contractors.
- Make training cool. The global brand ran 20+ tournaments worldwide after previous lackluster training.
Each had a waiting list and it won a coveted internal security award.
Meet our Ranges!
With ranges that vary in tech stacks and complexity, players become immersed in familiar environments and learn by doing (and having fun.)
Our flagship Cyber Range with Web and OWASP Top Ten challenges for all skill levels. Vulnerabilities range from basic cross-site scripting (XSS) to moderately complex Password Cracking and SQL injection (SQLi) attacks. more >>
Beginner-level range with rich eCommerce functionality. Covers OWASP Top Ten, business logic attacks, known vulnerable software, Open Source Intelligence (OSINT) reconnaissance and others. more>>
Beginner/intermediate-level range with a distinct employee, manager, and HR admin privileges. Heavy focus on data protection, escalation of privilege, vertical authorization attacks, and horizontal authorization attacks. more>>
Beginner/Intermediate-level range that tempts you to uncover hidden data and access content you shouldn’t be able to. Features several APIs and includes advanced SQLi and path traversal attacks. more>>
Intermediate-level range that includes poorly implemented mitigations (e.g. blacklisting and client-side validation) making exploits more challenging. Great for those who need to understand filter evasion, cryptography and advanced SQLi. more>>
Intermediate/advanced-level modern Single Page Application (SPA) with a heavy focus on APIs. A variety of challenges require a proxy which include encryption, password cracking, scripting, and path traversal. more>>
Advanced range with a user and admin functionality. Features 4 levels of binary exploitation challenges that require injecting script into PDF headers to be later processed by the system. Includes advanced evasion techniques and crypto (HMAC replay) attacks, XML Injection. more>>
An advanced range that uses a real phone or emulator to solve client-side and server-side challenges and crypto puzzles. Focus on crypto, mobile reverse engineering, buffer overflows and API attacks that require multiple steps to exploit. more>>
