Inquiring Minds Want to Know about Cyber Ranges

At Prometheus Cyber Consulting, cyber ranges are a core part of both our internal training and community outreach efforts. We regularly use platforms like TryHackMe, Hack The Box, and Cyber Range Pro for structured skill-building, red vs. blue team simulations, and CTFs.

Last year, we launched a free cyber training initiative for local youth, using PicoCTF challenges as the foundation. It was an incredible experience-many of the students had never touched a command line before, and by the end of the program, they were solving real-world security puzzles and thinking like ethical hackers. It was inspiring to watch their confidence grow through hands-on learning.

Internally, we also run custom cyber range scenarios for our consultants. One standout exercise was a simulated API attack and defense drill, where teams had to secure a vulnerable API under threat from an APT-style actor. Exercises like these not only sharpen technical skills but also build teamwork and incident response capabilities.

What we love about cyber ranges:
- Realistic scenarios and immediate feedback
- Gamified learning environments that keep learners engaged
- The ability to tailor experiences to our specific training goals

What we find limiting:
- Limited customization options in some platforms
- Cost barriers for smaller teams or non-profit projects
- Some ranges lack depth in simulating enterprise-level infrastructure

Always happy to connect and share ideas-especially with others passionate about hands-on cybersecurity education.

Precious "Greetings From Red Team Offensive"

James Stanger said:

Thank you, Stephen! Yeah, everyone: I've been curious, lately, how folks are feeling about cyber ranges. What are your experiences, and what specific vendors do you use? And, to expand on our above questions just a bit, what features do you and your students appreciate?

Click to expand...

Hol'up - Full Stop, Helm​

Dost my eyes yet decieveth me, or hast the great Dr. James Stanger made his presence known here in the CIN?

Oh and @Stephen Schneiter - "Capture the Flab"?? See and every Partner Summit, I roll into the gym at 0600 for the morning lift. I'm beginning to think this may have to be a more defined thing...

As for Cyber ranges, I've always been constrained to have to build my own, or use freebee environments like Hack the Box or the like. And one of the things I've often found is that you get general concepts down - but the one off specifics that tend to make things interesting tend to get left off, particularly as how threats evolve over time.

Hey James!


I’ve used a variety of cyber range environments depending on the training goals. Here are a few I’ve worked with:

• TryHackMe—Great for beginners and intermediate learners. Some rooms for attacking perspectives: to learn security tools (Hydra, Nmap, OpenVas ...)
• Damn Vulnerable Web Application (DVWA) and Metasploitable2 for testing.
• Wazuh Demo Labs—Useful for blue team/defensive security labs, like SIEM and incident response, with the integration of TIP (Threat Intelligence Platform) like MISP, Vulnerability detector module, IDS/IPS (Suricata and Snort)

What I Like:
- Hands-on practice — It’s the best way to learn and retain technical skills.
- Team-based scenarios — Some ranges offer Red vs. Blue, which simulates real-world teamwork and adversarial thinking.

What I Don’t Like:
- Cost barriers — High-quality cyber ranges can be expensive for individuals without organizational backing.

Try Hackme
Mile2 Cyberrange

Abdelmlak:

James Stanger said:

Yes - the cost barrier is just . . . brutal! And, thank you for the rundown of the "personalities," as it were, of the various environments, based on goals. What is your favorite environment for team-based scenarios?

Best regards,


James
Chief Technology Evangelist, CompTIA
[email protected]

James Stanger - Olympia, Washington, United States | Professional Profile | LinkedIn

Location: Olympia · 500+ connections on LinkedIn. View James Stanger’s profile on LinkedIn, a professional community of 1 billion members.

www.linkedin.com

Click to expand...

Hey James! Thanks for the kind words.


For team-based scenarios, I really enjoy Wazuh Demo Labs. When combined with tools like Suricata, MISP, and vulnerability modules, it offers a great Red vs. Blue experience. It’s especially strong for blue team training and simulating real-world SOC environments.


Let me know if you'd like more details!


Best,
Abdelmlak

Seriously? I haven't done any labs in Security+ in almost 10 years, much less a cyber range. I tell the students the labs are there if they want to do them. They can reinforce the lecture. But they're certainly not required to pass the exams because CompTIA exams do not test for any specific tools.

Gregory Childers said:

Seriously? I haven't done any labs in Security+ in almost 10 years, much less a cyber range. I tell the students the labs are there if they want to do them. They can reinforce the lecture. But they're certainly not required to pass the exams because CompTIA exams do not test for any specific tools.

Click to expand...

Curious, have any of your students actually taken a liking to the labs or cyber ranges, even if its optional?

precious said:

Curious, have any of your students actually taken a liking to the labs or cyber ranges, even if its optional?

Click to expand...

The topic has never come up in class, with one exception. I was teaching PenTest+ at a military base as part of program of cybersecurity training. Other trainers were teaching CySA+ and other cybersecurity courses. The program was going to end with some blue team/red team exercises.

The rooms provided for training:

Pre-WWII annex buildings with no wired connections and two-prong power outlets that were no longer to code.
Power strips using three-prong to two-prong adapters so they could plug into the power outlets.
A very flaky wifi that worked intermittently and was down for a whole day.
Long folding tables and metal folding chairs.
A dry erase board with no markers or erasers.

Needless to say, we didn't do any labs that week. We barely had internet access. But that was on the client.

Gregory Childers said:

The topic has never come up in class, with one exception. I was teaching PenTest+ at a military base as part of program of cybersecurity training. Other trainers were teaching CySA+ and other cybersecurity courses. The program was going to end with some blue team/red team exercises.

The rooms provided for training:

Pre-WWII annex buildings with no wired connections and two-prong power outlets that were no longer to code.
Power strips using three-prong to two-prong adapters so they could plug into the power outlets.
A very flaky wifi that worked intermittently and was down for a whole day.
Long folding tables and metal folding chairs.
A dry erase board with no markers or erasers.

Needless to say, we didn't do any labs that week. We barely had internet access. But that was on the client.

Click to expand...

Kudos to you for pushing through that setup.... I am sure that your students still gained solid knowledge, even if the hands-on experience had to be put on hold, the blue/red team exercises got a better venue-or at least some working outlets!

James Stanger said:

Yes - the cost barrier is just . . . brutal!

Click to expand...

That's exactly why one of the training providers I work with includes a month of TryHackMe Premium for every student.

It's actually a cost-saving feature for the company as they don't have to run their own infrastructure. They still make their own challenges and VMs, but the rest has been taken care of.

Besides, for them it's a $12-15 payment per student, while for the student it'll feel like a cool bonus.

Gregory Childers said:

Seriously? I haven't done any labs in Security+ in almost 10 years, much less a cyber range. I tell the students the labs are there if they want to do them. They can reinforce the lecture. But they're certainly not required to pass the exams because CompTIA exams do not test for any specific tools.

Click to expand...

Disclaimer, I am a grouchy old bastard.
DoD Bases are all over the place, but having taught at many there is always someone responsible that you can push to make labs work.
An airbase in Alabama had put us in a room with no service. The students had been provided with LTE dongles, but there was no signal. I had the responsible person find us a room in a building that had signal because labs/practice work.
I got fired by a training company that hired me to teach CEH, but when I sat a class taught by one of their trainers this person demoed nothing. I got to be a fly on the wall at break time and listened to students talking about how they had never even seen Linux let alone used it. CEH has almost 2000 slides in 5 days, but that is not an excuse to demo nothing. When I told the Training manager about the student comments, I didn't get invited back.
All of us trainer types have some background, some of our students have none. Although some students will be able to memorize what they need to pass the exam, others will benefit greatly from the practical experience of practice.
Teaching CCNA in St Louis our training manager had built a hands on 2 day lab, complete from VLSM to Access lists. The pass rate for CCNA increased by over 50% for students that completed the lab.
Greg, I'll bet you are like me. With 20years experience (real life, not labs) I passed the original beta Security+ with no objectives. The fact that I had several CNEs a couple MCSEs A= and Net+ and 20 years on the job made it easy even if it was a little grueling, 300 questions if I remember correctly.
I am a huge fan of experience, and always tell students to do the labs unless they already do it at work.
Sorry for the tirade.

Paul Willy said:

Disclaimer, I am a grouchy old bastard.
DoD Bases are all over the place, but having taught at many there is always someone responsible that you can push to make labs work.
An airbase in Alabama had put us in a room with no service. The students had been provided with LTE dongles, but there was no signal. I had the responsible person find us a room in a building that had signal because labs/practice work.
I got fired by a training company that hired me to teach CEH, but when I sat a class taught by one of their trainers this person demoed nothing. I got to be a fly on the wall at break time and listened to students talking about how they had never even seen Linux let alone used it. CEH has almost 2000 slides in 5 days, but that is not an excuse to demo nothing. When I told the Training manager about the student comments, I didn't get invited back.
All of us trainer types have some background, some of our students have none. Although some students will be able to memorize what they need to pass the exam, others will benefit greatly from the practical experience of practice.
Teaching CCNA in St Louis our training manager had built a hands on 2 day lab, complete from VLSM to Access lists. The pass rate for CCNA increased by over 50% for students that completed the lab.
Greg, I'll bet you are like me. With 20years experience (real life, not labs) I passed the original beta Security+ with no objectives. The fact that I had several CNEs a couple MCSEs A= and Net+ and 20 years on the job made it easy even if it was a little grueling, 300 questions if I remember correctly.
I am a huge fan of experience, and always tell students to do the labs unless they already do it at work.
Sorry for the tirade.

Click to expand...

The training program was located at this site for political and funding reasons. Typically, they would conduct this cohort in Arkansas at a base that has the correct setup and has done it for years. This particular year, it was relocated to Virginia Beach because some high-up muckety muck needed funding, and this was the easiest way for them to accomplish this. They relocated the training from its original base to a new one just for the funding dollars.

And then proceeded not to give a crap if they had the resources they needed.

I strongly agree that students learn better with hands-on experience. I assign the labs as evening homework. CompTIA has made the labs almost foolproof because they spoon-feed the students in the labs with detailed, step-by-step instructions. However, CompTIA certifications are, at their core, vendor-agnostic certifications. They're not being tested on the tools of the trade. Mostly, it's vocabulary, concepts, and procedures. I don't like it, but countless students exam cram on their own and manage to pass exams that should be well beyond their experience level.

I demo things as much as I can in the context of the lectures. I give them a tour of the CVE site, the Mitre ATT&CK framework, the CVSS calculator. I demo Wireshark, Nmap, and various other tools. I show them how to use command line in both Windows and Linux. I highly recommend that they sign up for TryHackMe and HackTheBox accounts or a free AWS or Azure account. I tell them to "be curious" and "break stuff."

Part of the reason I stopped doing actual labs during class has to do with the way CompTIA has changed the labs over the years. They used to require individual workstations to be set up with a specific lab configuration. Now, all the labs are using virtual machines, with step-by-step instructions. Students don't have to think anymore. They just follow the instructions. The labs are so easy that even people with zero experience can complete the labs without supervision. All of the training is prepackaged, with online courseware, virtual labs, and practice exams. Something easy to replicate for the masses. Eventually, they'll get rid of all of us technical trainers because they will view us as unnecessary costs. It's not about the student experience anymore. It's about maximizing revenue.

Greg you are absolutely correct.
Out to pasture describes me.
At age 72, after 30 years of corporate training, I am doing an adjunct role for a local junior college and loving it.
I get to grade students on their Packet Tracer Labs, easy peasy.

Has anyone used Hack The Box? https://www.hackthebox.com/ I like their overall "culture" It may be worth looking into.