Level 1 of 5
Network Map — Spot the Threats
🤖
Welcome to CyberRange-7, your simulated school network.
Every dot on this map is a real device — router, servers, laptops, IoT cameras.
Three of them are already showing signs of compromise or suspicious activity.
Click each device to inspect it, then select the 3 you think are threats.
Normal
Suspicious
Compromised
Click a device on the map to inspect it.
🔍 Task: Select the 3 devices showing suspicious or compromised behavior
(0/3 selected)
Click any device on the map for details
Level 2 of 5
Traffic Inspector — Flag the Bad Packets
🤖
This is a simplified packet capture — 30 packets from the last 3 minutes on the school network.
Click any packet to expand its details and my analysis.
Flag the suspicious ones using the 🚩 button.
Goal: flag ≥ 8 of 10 bad packets with ≤ 2 false alarms.
| Time | Source | Destination | Proto | Port | Payload Preview | Flag |
|---|
Click a row to see Cipher's full analysis
Level 3 of 5
Firewall Builder — Lock It Down
🤖
The firewall currently allows everything — that's why the attack got in.
Add DENY rules to block the traffic you flagged in Level 2.
Then hit Run Test to simulate 15 connections and see how your ruleset performs.
Rules are evaluated first-match — order matters!
Firewall Rules (first match wins · drag to reorder)
Run the test to see results
Your rules will be tested against 15 simulated connections —
a mix of legit school traffic and the attack patterns you found in Level 2.
Level 4 of 5
Attack & Defend — Live Incident Response
🤖
The real attack begins now. An AI attacker will launch a 4-stage intrusion
on the school network. Watch the alert log, watch the health bar, and use your
response tools on the right to contain each stage.
Right tool, right stage. You have 5 minutes.
Time Remaining
5:00
Attack Stages
ALERT LOG
--:--:--
Waiting for attack to begin...
Warning: The attack starts immediately. Be ready to respond.
Response Toolkit
Level 5 of 5
Security Incident Report
🤖
Every real cybersecurity incident ends with a written report.
SOC analysts, incident responders, and forensics teams all document what happened, how they responded,
and what to do differently next time. This is your capstone — fill it out based on everything you did in this lab.
CyberHeroesHQ — Cyber Range 7
SECURITY INCIDENT REPORT
What category of attack was this? (e.g., APT, ransomware, data exfiltration, insider threat)
Which device or vulnerability did the attacker use first?
List the devices or systems that were compromised or impacted.
Describe what happened in order: recon → phishing → lateral movement → exfiltration.
What did you do to contain the attack?
What should the school do to prevent this from happening again?
🛡️
Network Defender
Badge Earned.
Badge Earned.
You mapped the threat landscape, inspected live traffic, configured a firewall, contained a multi-stage attack, and wrote a professional incident report. That's real SOC analyst work.
+250 XP
XP Awarded · Network Defender Badge Unlocked
Cyber Career Connection
What you just did maps directly to SOC Analyst and Incident Responder work roles in the NICE Cybersecurity Workforce Framework. The CISA Cybersecurity Workforce Demand Report projects 500,000+ unfilled cybersecurity jobs by 2027 — skills like these are exactly what employers are hiring for.