Live-Fire Training Environment

Train Hard.
Defend Harder.

The SPS Cyber Range is a fully isolated, realistic environment where security teams develop and sharpen their skills against real adversarial techniques — without risk to production systems. Train your SOC analysts, incident responders, and ethical hackers in scenarios drawn from actual threat intelligence.

Book a Session View Training Programs
50+
Scenario Templates
1,200+
Trainees Certified
8
Active CTF Events/Year
range-session-7f2a
[09:14:22] Range session initialized
[09:14:23] Target: corp-dc01.range.local
[09:14:25] Scenario: APT29 Initial Access
[09:14:26] Spawning adversary VM...
[09:14:31] ✓ Environment ready
[09:14:32] Alert: Spear phish delivered
[09:14:45] Analyst 03 investigating...
root@analyst03:~$
Session Progress APT29 Scenario
Initial AccessPersistenceExfil

Scenario Library

Realistic Adversarial Scenarios

All scenarios are built from real threat intelligence and updated as the threat landscape evolves.

ExpertAPT Campaign

APT29 Cozy Bear — Spear Phish to Crown Jewels

Replicate the full APT29 kill chain: spear phishing with malicious document, LSASS credential dumping, Golden Ticket attack, lateral movement to domain controller, and exfiltration.

KerberoastingDCSyncCobalt Strike
Duration: 4–8 hours · Teams: 2–6 analysts
AdvancedRansomware

LockBit 3.0 Ransomware Incident Response

Respond to an active LockBit encryption event. Triage, containment, eradication, recovery, and post-incident review under time pressure while preserving forensic evidence.

DFIRVolatilityFTK Imager
Duration: 6–10 hours · Teams: 3–8 analysts
IntermediateWeb Attack

OWASP Top 10 Web Application Attack Chain

Exploit a vulnerable banking web application using SQL injection, authentication bypass, IDOR, and SSRF to access the internal payment API. Then switch sides and defend.

SQLiBurp SuiteSSRF
Duration: 3–5 hours · Teams: 1–4 analysts
AdvancedCloud Attack

AWS Account Takeover via Misconfigured S3

Discover exposed AWS credentials in a public S3 bucket, escalate IAM privileges, pivot to Lambda functions, and exfiltrate RDS database contents — then remediate and harden.

AWS CLIPacuCloudTrail
Duration: 4–6 hours · Teams: 2–5 analysts
BeginnerSOC Fundamentals

First Alert — SOC Analyst Bootcamp

Perfect for new SOC analysts. Work through 20 simulated SIEM alerts covering common attack patterns, false positive identification, and proper escalation procedures.

QRadarSplunkAlert Triage
Duration: 1–2 days · Individual or team
ExpertOT/ICS

SCADA Attack — Power Grid Disruption

Based on real ICS/SCADA attack patterns from documented energy sector incidents. IT to OT pivot, PLC manipulation, and emergency incident response in an isolated power grid simulation.

IEC 61850ModbusSCADA
Duration: 1–2 days · Senior teams only
Request Full Scenario Catalog →

Training Programs

Structured Learning Paths

From first-year SOC analyst to CISO-level tabletop facilitation — structured programs for every stage of your security career.

Foundational

SOC Analyst Foundations

Comprehensive 5-day program for aspiring and junior SOC analysts. Covers SIEM fundamentals, alert triage, incident classification, and basic threat hunting.

  • SIEM navigation (QRadar, Splunk, Sentinel)
  • Log analysis and event correlation
  • Alert triage and false positive reduction
  • Incident documentation and escalation
  • Introduction to MITRE ATT&CK
  • Hands-on range exercises (20+ scenarios)
5 days · Max 16 participants · Certificate awarded
Enquire →
Professional

Incident Response Specialist

7-day deep-dive into digital forensics and incident response. Trainees respond to multiple full-scale simulated incidents across the range environment.

  • DFIR methodology and evidence handling
  • Memory forensics with Volatility
  • Disk imaging and artifact analysis
  • Network forensics and packet analysis
  • Malware analysis fundamentals
  • Full incident simulation exercises
  • Legal and chain-of-custody requirements
7 days · Max 12 participants · DFIR certificate awarded
Enquire →
Advanced

Ethical Hacking Practitioner

Hands-on offensive security program for security professionals transitioning to red team roles. Practical exploitation in the range with guided methodology.

  • Reconnaissance and OSINT techniques
  • Exploitation frameworks (Metasploit, custom)
  • Web application attack techniques
  • Active Directory attack and defense
  • Post-exploitation and persistence
  • Report writing and client communication
  • CTF challenges throughout program
10 days · Max 10 participants · ECEH certificate awarded
Enquire →
Executive

CISO Tabletop Exercise Facilitation

Half-day or full-day facilitated exercises for leadership teams. Walk your board, C-suite, and crisis response team through realistic breach scenarios to test decision-making, communication protocols, and recovery plans.

  • Custom scenario design based on your sector and threat profile
  • Facilitated by former CISOs and incident command veterans
  • After-action report with gap analysis and recommendations
  • Regulatory and insurance compliance documentation
Request Facilitation →

Competitions

Capture the Flag Events

SPS hosts 8 CTF competitions per year — open competitions for individual practitioners and corporate team events for enterprise clients. All challenges are custom-built from real attack scenarios and structured around the MITRE ATT&CK framework.

🏆

Open CTF

Quarterly competitions open to individuals and teams globally. Challenges across web, forensics, reverse engineering, crypto, and network.

🏢

Corporate CTF

Private CTF events hosted exclusively for enterprise clients. Custom scenarios built around your industry vertical and threat profile.

🎓

University Track

Annual university cybersecurity competition with scholarships and SPS internship opportunities for top performers.

🤝

Red vs Blue

Bi-annual live-fire red vs blue team competitions. Attackers attempt to breach; defenders monitor and respond in real time using production SIEM tools.

Register for Next CTF

Top Performers

Q1 2025 Leaderboard

Live
1
ShadowHex
Individual · UAE
4,750
2
CipherForce
Team · Saudi Arabia
4,180
3
RootKit0x7
Individual · Pakistan
3,900
4
ByteBreakers
Team · Egypt
3,620
5
DFIR_Queen
Individual · Jordan
3,270

Simulated for illustration. Register to participate in real competitions.

Next Open CTF

June 14–16, 2025

48-hour competition. 200+ participants from 30+ countries. $15,000 prize pool.

Register Now →
Enterprise Licensing

Your Own Dedicated Cyber Range

Enterprise clients can license a dedicated, isolated cyber range environment pre-loaded with your technology stack and customized scenarios built around your specific threat profile. Unlimited usage for your security team, integrated with your existing SOC tooling.

  • Dedicated infrastructure — no shared environment
  • Mirrored replica of your production technology stack
  • Custom scenario development based on your threat intelligence
  • Integration with your existing SIEM and SOAR platforms
  • Unlimited seat access for your security team
  • Quarterly scenario refreshes with new threat actor TTPs
  • SPS-facilitated training workshops on demand
Request Enterprise Proposal →
72%
Reduction in mean time to respond after 3-month training program
94%
Of range-trained analysts outperform peers in live incident response
3x
Faster incident containment in organizations with regular cyber range training
$0
Risk to production systems during training — fully isolated environment