Cyber Ranges

All roads lead to Rome!

Road2Cyber proposes new ways to learn cybersecurity through hands-on training, such as leveraging Cyber Ranges for skills and competence development. We identify and promote available cyber ranges and cyber range-enabled services across Europe to enhance your skills via a practice field within which to validate processes, technologies and skills and competences. Access ECSO’s Cyber Ranges Checklist and use it to define your needs (end users) or tailor your offer (providers).


European Cyber Ranges for Skills and Competence Development

Company: Airbus Cybersecurity

Airbus CyberRange is a multi-role cyber simulation platform. It has been developed to model IT / OT systems composed of tens to hundreds virtual component and play realistic scenarios including real cyber-attacks. As a system integrator, Airbus CyberSecurity designed its CyberRange as a sustainable industrial product, tackling the following objectives: Customizable (IT/OT), easy to operate (VMWare ESX and Docker). Provide Training, Testing (HW/SW), Crisis management.

Company: AIT

AIT’s Cyber Range is a virtual environment for flexible simulation of critical IT and OT systems with complex networks, different system components and users. It provides a secure and realistic environment for analysing and testing incidents in various scalable scenarios without using real production systems. This allows different security processes to be rehearsed for live operation and special incident response processes for cyber incidents to be tested in order to meet the highest security requirements for system architectures and operating processes. The AIT Cyber Range training courses and exercises address the cyber security needs of staff, IT professionals, CERTs/CSIRTs, management and advisory boards in industry, research and government.

Company: AMOSSYS

The AMOSSYS Cyber Range Platform focuses on dataset generation through Cyber Range capabilities (attack simulation, user simulation and software/data provisioning). Based on the AMOSSYS Cyber Range Platform, an honeypot/honeynet use case is also developed. All AMOSSYS Cyber Range Platform components are managed through REST API, thus allowing end users for integration into larger ecosystems. The AMOSSYS Cyber Range Platform also provides normalized formats to allow interoperability with other platforms (Cyber Range, Cyber Products, …).

Company: CDeX

CDeX is a technology company offering advanced solutions in the field of cybersecurity. We have created a complex cyber range platform, offering a fully scalable, automated and hyperrealistic training environment. It allows you to build cyber defence competences and acquire skills in live-fire cyberattack conditions. We support four main sectors, national defence and military, critical infrastructure, business and corporate, and education. Our mission is to make the world a safer place through supporting organizations in hiring and developing the best cybersecurity professionals.

Company: RHEA

RHEA’s CITEF platform’s flexibility allows for the creation of totally customizable cyber ranges scenarios to meet different client needs, including training to anticipate and mitigate cyber attacks, testing infrastructure updates (e.g patches, updates) compliance (e.g. product testing) and R&D activities. It allows the creation and customization of virtual and hybrid scenarios. A large, vendor agnostic library of assets enables users to create environments that truly reflect their own infrastructure, a first step to create digital twins. New assets can be added and customized easily. The already available, rich, scenarios library and related training curricula (with different levels of difficulty) is in constant expansion. Train-the-trainer, custom scenarios and other ad-hoc professional services options are always available and give clients the freedom to build the cyber range configuration to best meet their needs. CITEF is available on-prem or as-a-service. CITEF's technology and RHEA's strong expertise on cyber range solutions were key to being selected by the European Space Agency to build their Space Cyber Centre of Excellence.

Company: Talgen/Nortal

Talgen Cybersecurity is a Nortal Group’s arm focused at a bespoke cybersecurity solutions. Talgen has designed, developed and holds a license for the next-generation NATO Cyber Range platform, a flexible, operationally relevant and representative Digital Twin automation environment that allows integrated simulation, training and collaboration for a wide variety of blue and red team cyber mission exercise areas, enabling practitioners the ability to securely collaborate and refine their tools and tactics on-premise or remote.

Company: Tecnalia

Pioneering facilities in Europe, dedicated to training personnel and research, and developing and validating new cybersecurity technologies in a virtual environment (cyber range). New cyber-range infrastructures are advancing to include real industrial control systems that allow the execution of more realistic cyber-range exercises. laboratory)


CYBER RANGES platform delivers the ability to create, share and deliver, realistic hands-on scenario training. The platform can serve both individuals and thousands of simultaneous users, either as a cloud-based application, or an on-premise solution. CYBER RANGES is currently equipped with many of realistic hands-on scenarios, of varying difficulty levels (from novice to complex enterprise setups), and the scenario library is being updated constantly.

Company: Leonardo

A multifunctional on premise operating environment with the aim of creating realistic training scenarios using advanced virtualization techniques. The goal is to test new attack and defense techniques, as well as verify the tools and processes used to protect technological systems. It also supports cooperative, competitive and technology evaluation processes based on the integration with external virtual and physical environments. It can be used to implement a “digital twin” of real infrastructure/system with the possibility to integrate real physical environment also. Cyber Trainer is a platform designed to provide educational contents and training sessions on topics in the Cyber Security field addressed to a heterogeneous audience. It supports users throughout the whole training process: from the identification of training needs, to formal learning, from the practical application of acquired knowledge (through “virtual lab” functionality), to the certification of skills, offering social tools that allow each user to keep up to date on the topics of greatest interest in a continuous and autonomous way. The combination of the above solutions enables the delivery of a range of simulation & training services for a broad range of use cases (Cyber IT and cyber Physical/OT) with different level of complexity.

Company: CybExer Technologies

CybExer Technologies’ NATO-awarded Cyber Range Platform provides realistic environments for exercises, trainings, security/technology testing and other simulations. This highly scalable, flexible and high availability cyber range platform gives the client maximum flexibility for the use of the cyber range. There are no limitations to the number of users, scenario configurations, or number of iterations. The only limitation is the computing power of the underlying infrastructure. Alarge portion of a range’s functionality comes from the content (either virtual or actual hardware-based) it can create, deploy, and manage. CybExer’s platform includes a large target library and features that enable integration of special systems or creating custom scenarios. The platform consists of three key software components for orchestration, automation, and visualisation. ISA - Provides situational awareness on the environments that are deployed on the cyber range. That includes granular visuals on each individual environment, instant updates on their status, detailed timeline view of activities. The solution provides near real-time visualisation and comparison of exercise data. vLM – Handles the deployment and management of game scenarios. It is also used as the development tool for preparing and creating new targets. vLM-UP – Enables the trainees to have access to the virtual machine consoles and perform virtual machine operations like revert to snapshot, reset, power on etc. CybExer’s solution has been tested out and used by many demanding clients such as the NATO, EDA, and various defence forces and ministries. The platform has flexible service models keeping in mind the needs of the client (e.g., SaaS, on-premise hosting, cloud hosting).

Company: CYS4

CYS4 has created a unique Cyber Range platform that helps SOC analysts to recognise and understand SIEM alerts & attack chains upon real-world scenarios. Our cutting-edge exercises teach different methods to detect and immediately catch any possible cyber threats. The experience gained in our labs will take you to the next level. The learning paths are based on the MITRE ATT&CK® Framework. We keep pace with the latest world incidents, carefully analyzing & simulating the attacks, to finally develop the most advanced training content. Students are also allowed to shape their tailor-made growth paths. Our education experience embraces the continuous learning model. Labs & documentation are accessible at any time. The platform fosters the students’ engagement with its Gamification approach; it assigns points, trophies, and certifications, inspiring users to keep learning and stimulating a competitive atmosphere. SOC analysts can benchmark their performance & expertise through indepth analytics, endlessly improving their knowledge.

Company: DIATEAM, a Cy4gate company

A platform that enables organisations to virtualise IT & OT infrastructure to deliver cyber combat training, to prototype & develop system/network, to conduct testing , assessment and benchmarking by offering

Virtualization, emulation and simulation of IT, IOT & OT/ICS infrastructures

Complete action learning/training platform Safe & secure, reality based environment

Hybrid capacity allowing to interconnect real equipment

Our Cyber Training Solution offers Cyber Awareness & Cyber Training (Defensive & Exercise and Crisis Management) Our Cyber Lab Solution offers Deployment Testing Benchmarking Analysis, Prototyping Designing Pentesting, Patch Management Security assessment, Digital Twin & Deception network DIATEAM has international customers working both in private and public sectors

Ministries of Defense

Major companies Industrial & IT sectors Universities/Academies, Digital schools, Tech education Maritime, Industrial, Energy, Banking and Healthcare sectors


Company: DETER/DeterLab

Built with emulab it provides a state-of-the-art scientific computing facility for cybersecurity researchers engaged in research, development, discovery, experimentation, and testing of innovative cyber-security technology. To date, DeterLab-based projects have included behaviour analysis and defensive technologies including DDoS attacks, worm and botnet attacks, encryption, pattern detection, and intrusion-tolerant storage protocols. Did not seem like an active project.

Company: EDU Range

This range is very appropriate for cybersecurity education market. They provide the code via github and you can host the range on your own server on the cloud or laptop.

Company: hackrocks

hackrocks is a Cyber Security Training platform with laboratories, challenges, competitions Capture The Flag (CTF) and much more. hackrocks is focused on the training of technical profiles through hands-on scenarios like Attack vs Defense or Jeopardy competitions. With a unique method, hackrocks can provide a white label platform with different scenarios or even create custom ones on demand.



Company: KYPO Cyber Range

CONCORDIA H2020 released the KYPO Cyber Range platform as open sources. Very focused on education as well, removing the high cost of most cyber range solutions. You need open stack and openID connect provider to install platform.

Company: NTNU (Norwegian University of Science and Technology)

The Norwegian Cyber Range (NCR) is an arena for testing, training, and practicing cyber security. In NCR, users and systems are exposed to realistic events in a safe environment. The NCR offers training and testing across various levels of abstractions, from strategic decisionmaking perspective into low-level operational training.

Company: CINI

PAIDEUSIS is a cyber-range mainly oriented to cybersecurity education, training and research; it is also used to host CTF competitions. PAIDEUSIS provides users with scenarios to address both hardware security issues, such as side-channel attacks and hardware trojans, and software security topics. Scenarios are built mixing emulation and real devices, so that users can be involved in hardware security activities that cannot be done by means of simulation. The cyber range is fully accessible remotely, allowing to reach a much larger pool of users that would be otherwise impossible to involve given the physical nature of hardware security topics. Future development includes the introduction of scenarios concerning OT environments. It is also possible to get in touch with CINI to cooperate in the design and implementation of fully customized scenarios.


Realistic Global Cyber Environment (later RGCE) is a fully functional live cyber range. RGCE brings together a realistic global world and real organization environments in an isolated sandbox which utilizes modern ways to combine virtualization techniques, physical devices, and business specific systems. The cyber range provides realistic Internet, corporate environments, threat actors’ attack campaigns, automated user simulation, and tools and technologies for training and exercise purposes as well as research and development. It is also possible to create tailored environments for organization’s specific training, exercise, or research and development needs.

Company: UNIGE CRACK Multidomain CyberRange (CRACK MCR)

UNIGE CR is the Cyber Range developed and hosted by the Computer Security Laboratory (CSECLab - at the University of Genoa. CRACK MCR fosters education, training, and testing by providing multi-domain scenarios that integrate, among others, complex IT/OT infrastructures, a simulated Cloud Computing environment, mobile devices, and Security Operation Centers (SOC) facilities. It also focuses on maritime cybersecurity by interfacing with the ShIL-Ship-In-theLoop research infrastructure ( to simulate microgrids and port assets and provide an accurate ship digital twin through a realistic full bridge simulator. To create, deploy, and refine such rich and heterogeneous scenarios, CRACK MCR relies on opensource frameworks exploiting automation, verification, and testing capabilities, e.g., CRACK - Cyber Range Automated Construction Kit ( and LiDiTe-Lightweight Digital Twin Environment ( CRACK MCR also offers the infrastructure components to manage the scoring and the situational awareness dashboards and automates some of the yellow team activities. It operates for hands-on activities during institutional courses and for hosting Capture-The-Flag competitions and Cyber Defence exercises. Lastly, it is extensively used for testing in the field of maritime cyber security with the involvement of seafarer operators as well. Such an activity made it possible to discover novel cyberattack techniques against ships' sensors and equipment and develop effective countermeasures.

Company: UNINA Docker Security Playground

The Docker Security Playground is a framework that allows for the creation of container-based interactive scenarios based on complex network infrastructures. It can be leveraged for hands-on training in the cybersecurity field. Docker is the adopted container technology, which is lightweight and allows to: (i) reproduce real-world networking scenarios; (ii) build ad-hoc network playgrounds involving vulnerable nodes/services and malicious users/tools; (iii) provide lab participants with low-cost, COTS-based, easily reproducible networking tools. The platform is available at: It is also shipped with a list of interactive laboratories that cover a variety of security related topics, each one to be explored with a hands-on, offensive approach: The former repository contains labs that cover the basics for aspiring penetration testers, such as Scanning and Enumeration techniques, useful tools as well as exploitation techniques. The latter is made up of hacking labs and Capture The Flag challenges, such as those presented at Arsenal Black Hat 2018 (Las Vegas) and 2019 (London).

Company: Vigrid

Vigrid(1) is an extension of the GNS3(2) (Graphical Network Simulator) tool adding industrialization for massive usage. Over an ergonomic and easy to use GUI (web or heavy client), anyone can use gns3 to create projects hosting virtual machines over Qemu or docker. Each project works on its private network but can bind to real interfaces to communicate with the real world if needed. GNS3 also includes features such as network link control (disturbance, bpf filtering...), console access to VM with mouse & clean keyboard control. Vigrid combines available best open source technologies to open GNS3 to a new universe. On the network side, Vigrid extends GNS3 to a Cyber Range Blue/Red Team design with various network configuration mixing user and admin LANs. Network layers are ready for new features : load balancing, new LANs for other uses... About emulation, Vigrid also adds capabilities to emulate mostly any CPU (x86/amd64 but also ARM, PowerPC etc), offering new virtual machines such as Android, Pi, IoT. This also includes shared GPU access for VM. This includes the power to emulate commercial hardware from many vendors. For more industrial usages, Vigrid provides its own NAS technology able to support thousands of running projects/VM at a time with snapshot and massive diskless cost cloning features. Over this design, it becomes possible to use an unlimited heterogenous bare-metal servers to host GNS3 project clones. Organized as a library, projects can also be stored for a later usage or sharing. Through a simple WWW GUI, Vigrid will permit clientless console access to VM, project/node/links control and all functions related to snaping shot & cloning. Permanently evolving, GNS3 & Vigrid will soon offer RBAC (currently tested in alpha version) which is a strong need requested by its many users. Other parallel projects also benefit to Vigrid are ongoing, such as 'Puppet Master', a framework using Caldera to scenarize actions of discrete agents hidden into Vigrid projects. Vigrid is opensource, free and its only purpose is to help as many as possible. Many new ideas have been technically validated and all contributors are welcome to join the adventure. Vigrid is already used in multiple different usages: presales demos, tests, trainings, engineering, forensics/audits, events, etc. As host of Orange Group "Capture The Flag" events, Vigrid permits each team on the hundreds to work on its own private network and virtual machines to face more complex challenges than usual with equal chances.



Company: WithSecure

WithSecure™ Playground is a global, on-demand SaaS platform for hands-on cybersecurity training, research and Capture The Flag exercises. Its versatile labs and curated courses canbe used to train both offensive and defensive teams, such as developers, pen-testers, and threat hunters, from novice to advanced. Playground labs are ondemand, dedicated sandboxed training environments. For example, Attack Detection Lab is built for attack detection and security operation personnel and offers a full corporate environment with an Active Directory forest, workstations and servers, where the learners are guided through simulating attackers' TTPs and analysing the evidence left to hunt for attack traces. Playground training content is organised into learning pathways. Users can progress through different levels of our standard pathways – application security, attack detection, and penetration testing – developing confidence and competence along the way. Custom pathways can be designed for specific needs, with support of experienced WithSecure consultants.