Hacking-Lab Cyber Range

There are not many industries where keeping up to date is as important as cyber security, but giving students and professionals a chance to get hands-on experience is a key factor to increasing cyber resilience. With the Hacking-Lab Cyber Range, staying current is not just easy, it's fun!


The platform is ideally suited for both traditional education and event-based (CTF – capture-the-flag) based trainings. It offers a wide range of content in the most relevant areas of cyber security:

• Web Security / OWASP TOP 10
• Penetration Testing / Red-Teaming
• Exploitation / Covert Channels
• OS Security / Hardening
• Network Security / Data Exfiltration
• Forensics / Advanced Persistent Threats
• Reverse Engineering / Malware Analysis
• Cryptography
• Social Engineering / Phishing
• Open Source Intelligence (OSINT)

Education - Cyber Academy

Students acquire an in-depth understanding of cyber-attacks, hacking, social engineering, detection, incident response, hardening and mitigation through guided learning and applying methods both theoretically and practically. Finally, students can showcase their hands-on cyber security skills.

The platform is used in a wide range of classrooms, from high schools to universities of applied sciences internationally. Several international companies use Hacking-Lab as their core hands-on lab platform in their everyday training environment.

Events – Jeopardy or Attack / Defense CTF Competitions

For the more advanced cyber security specialists, it's now time for some team driven exercises! The Hacking-Lab Cyber Range supports Jeopardy CTF competitions, red vs. blue team battles and attack / defense exercises pitting multiple teams against each other. The Hacking-Lab Cyber Range has been used very successfully in the majority of the finals of the European Cyber Security Challenge.


With event-local and global scores, a healthy bit of competition supports learners to push ever further. Flag-based scenarios can be scored automatically, relieving instructors from time-consuming grading work. Based on scores achieved, an easy-to-use reporting system gives event participants, instructors and their students a good overview of progress made.



The Hacking-Lab Cyber Range is accessible to users via the web 24/7 – without the requirement for a VPN connection. Organizations are typically set up with their own private tenant with individual styling, in which they can create and manage their own curricula and events, add content (theory, challenges & quizzes), administer participants & teachers, and report on users' progress, solutions and ranks.

The Hacking-Lab Cyber Range is actively developed and new features are added continuously. Equally, new content is created by both internal experts and external contributors and released to users on an ongoing basis.

In a typical year, more than 50 completely new challenges are created for different international contests and released for licensed use after the contests have concluded. Additional content is created for trainings and events open to individual subscribers or by the community and is released either after a review or "as is" (with an according note).

Key Facts

  • Hands-on practice-lab with conceptual background
  • Wide range of content in most relevant cyber security areas
  • Fully virtualized dedicated user environments
  • Web-based access (no VPN required)
  • Separate tenants for organizations
  • Automatic flag-based scoring
  • Use of pre-defined or individualized events or curricula



  • Ideal learning environment
  • Wide range of predefined content
  • Guided learning, practice and examination
  • Web-based classroom management
  • Step-by-step instruction guides


  • Different Jeopardy CTF modes
  • Immersive attack / defense module
  • Content for different levels
  • Online scoring and ranking
  • Used in international competition finals!


Further Information


Security Training: Secure Mobile Apps

In the 2-day course (in German) from October 20/21, 2020, you will learn about the most important security problems of mobile apps. Read more

Cyber-Risiken für Vorsorgeeinrichtungen

Am BVG-Seminar 2020 werden die aktuellsten fachspezifische Themen der beruflichen Vorsorge diskutiert. In diesem Jahr wird aber auch ein Blick auf die... Read more

Security Training: Social Engineering

In the 2-day course (in German) from December 1/2, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more



Durch Penetrationstests Unternehmen sicherer machen

Die aktuelle Ausgabe des Magazins «Deutscher Mittelstand» befasst sich in mehreren Artikeln mit dem Thema Cybersicherheit.

In einem dieser Artikel...

Read more

Vulnerability in Mailster

Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more

Secure Payments on th Internet

More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more


Compass Security Blog

Make the most out of BloodHound

During internal assessments in Windows environments, we use BloodHound more and more to gather a comprehensive view of the permissions granted to the different Active Directory objects. In this post,... mehr

Yet Another Froala 0-Day XSS

Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr