Features

CMD+CTRL Cyber Range

The missing piece in your security training toolbag

Cloud-based & Turnkey

Cloud-based & Turnkey

No hardware, installation, configuration or cumbersome scoring. CMD+CTRL requires only a browser and our auto-scoring engine immediately awards points.

Make Security Approachable

Make Security Approachable

Players set their own pace to gather information and conduct attacks (including phishing!) Hints and other interactive elements provide encouragement.

Build Cross-Functional Skills

Build Cross-Functional Skills

Team Mode fosters conversation around the dangers of poorly implemented principles that affect connected software – fail securely, least privilege, secure defaults, etc.

Real-time Reporting

Real-time Reporting

Baseline staff competency and spot emerging starts with report that include total score, vulnerabilities found by difficulty and type, recommended courses, and other metrics.

Ideal for all Skill Levels

Ideal for all Skill Levels

Beginner ranges are ideal for awareness building and don’t require expertise or tools.  Cheatsheets, learning labs, and hints ensure everyone can compete and have fun.

Run events with a Click

Run events with a Click

Select a range and duration, and get playing. It’s so easy that we’ve run them at dozens of OWASP events, where CMD+CTRL was chosen over OWASP JuiceShop CTF.

Ready for CMD+CTRL's power? Our clients were!

Use as a practice range, run a competitive or awareness event, or manage talent

  • Identify Rockstars. One client had someone from Finance join the security team after a competition.
  • Find talent in remote areas. Fortune 300 outdoor apparel retailer in Maine recruits local college students.
  • Improve collaboration. Blue-chip ISV runs monthly team events with a range specific to its cloud platform.
  • Meet the hiring bar. Pen Testing broker uses real-time assessment capabilities to hire qualified contractors.
  • Make training cool. The global brand ran 20+ tournaments worldwide after previous lackluster training.
    Each had a waiting list and it won a coveted internal security award.

Meet our Ranges!

With ranges that vary in tech stacks and complexity, players become immersed in familiar environments and learn by doing (and having fun.)

CMD+CTRL: The missing piece in your Cybersecurity training toolbag

Our flagship Cyber Range with Web and OWASP Top Ten challenges for all skill levels. Vulnerabilities range from basic cross-site scripting (XSS) to moderately complex Password Cracking and SQL injection (SQLi) attacks.
more >>

Beginner-level range with rich eCommerce functionality. Covers OWASP Top Ten, business logic attacks, known vulnerable software, Open Source Intelligence (OSINT) reconnaissance and others.
more>>

Beginner/intermediate-level range with a distinct employee, manager, and HR admin privileges. Heavy focus on data protection, escalation of privilege, vertical authorization attacks, and horizontal authorization attacks.
more>>

Beginner/Intermediate-level range that tempts you to uncover hidden data and access content you shouldn’t be able to. Features several APIs and includes advanced SQLi and path traversal attacks.
more>>

Intermediate-level range that includes poorly implemented mitigations (e.g. blacklisting and client-side validation) making exploits more challenging. Great for those who need to understand filter evasion, cryptography and advanced SQLi.
more>>

Intermediate/advanced-level modern Single Page Application (SPA) with a heavy focus on APIs. A variety of challenges require a proxy which include encryption, password cracking, scripting, and path traversal.
more>>

Advanced range with a user and admin functionality. Features 4 levels of binary exploitation challenges that require injecting script into PDF headers to be later processed by the system. Includes advanced evasion techniques and crypto (HMAC replay) attacks, XML Injection.
more>>

Forescient is a real, intentionally vulnerable AWS cloud environment that features a front-end website, virtual servers, AWS accounts, and major AWS cloud services. Challenges are mapped to the MITRE ATT&CK framework and reflect key security challenges that plague enterprises’ cloud operations: more>>

This ultra-realistic cyber range is built as a real AWS cloud-native application and perfectly emulates a cloud-based file storage solution. InfiniCrate challenges Cloud Developers, Cloud Engineers, and DevOps Engineers to use, and share with their teammates, every shred of security knowing they have in order to find InfiniCrate’s vulnerabilities. more>>
"CMD+CTRL is ideal for anyone involved in keeping data secure - from developers to IT and even CISOs. Its user-friendly approach is just what the government needs to help maintain a secured resilient nation "
- Marie DiTrapani, Director of Government and Defense Programs, IDGA