Phone: +372 633 3266 | Email:

Trainings and exercises

Cyber CoRe

Cyber CoRe is an exercise in "live fire" mode, where the Blue Teams must defend their respective environments against real time attacks by our experienced Red team. This gives a unique, realistic experience that would help enterprises to cope with cyber threats.

CoRe – "Cooperative Resilience" is a unique format developed by CybExer Technologies in partnership with Ernst & Young (EY) (Netherlands) where various enterprises and government agencies compete in a complex Blue v. Red Team technical cyber security exercise. The exercise provides a full cyber range experience in Computer Network Operations (CNO). Cyber Core allows the organisations to increase collaboration, raise the quality of sharing information, and provides a solid basis for a true public/private partnership.

The goals of the exercise are to build a strong cyber security community, through advanced, highly technical training experience; to demystify complex Cyber Range exercises, by making them accessible and affordable to private sector and government clients; to enhance practical information sharing and threat intelligence between different organizations participating in the exercise and to promote new technologies and approaches in cyber security by integrating such solutions to exercise scenario.

Our fully virtual system allows everybody to take part in the Cyber Core exercises. Usually, a Cyber CoRe is attended by multiple organisations from different countries who send in their own full Blue Teams or individual members to an International Blue Team.

Live-fire exercises

Our flagship trainings are large-scale live-fire, Red vs Blue exercises that are hosted on our proprietary cyber ranges. The scenarios, incidents, and technical artefacts for these exercises are one of the world's most advanced and as close as possible to actual environments.

Live-fire exercise is a cyber incident simulation exercise for technical cybersecurity personnel that aims to develop technical incident response and red teaming skills but also enables the leadership to improve their risk assessment of the overall response capability. It serves as an important input to the strategic development of capabilities and resilience.

Our high-level live-fire trainings are especially realistic as the technical artefacts for exercises are depicting real operational environments. Furthermore, we put significant emphasis on the design of realistic and dynamic scenarios that are based on identified and forecasted trends, our elaborate threat intelligence processes on cyber-attacks and vulnerabilities extracted from different sources, and include threats and scenarios based upon both regional and business sector. This enables cybersecurity professionals to rapidly adapt to an evolving threat landscape.

An exercise in "live fire" mode, which means that the Blue Teams must defend their respective environments against real time attacks by an experienced Red team.

Our approach to the development of material for technical exercises is divided into the attacking phase (i.e. the Red Team Campaign) and the defensive phase (i.e. the Blue Team Campaign).

The Red Team Campaign is based on MITRE ATT&CK which informs the production of a whole range of attacks and vulnerabilities for exercises. Our exercises on most cases include pre-built vulnerabilities that are already known to the attackers but not necessarily known to the defenders. The Blue Team Campaign is based on the principles of NIST Cybersecurity Framework on Identify, Protect, Detect, Respond and Recover. It is often expected that the members of participating Blue Teams to operate in scanning and searching vulnerabilities from their own infrastructure, configure firewalls, perform other system hardening activities, and defensive measures.

Capture the Flag

Capture the Flag (CTF) is a mission-based exercise, where participants need to use specific skills to collect cyber "flags" within the virtual IT environment provided to them via our cyber range. In traditional military exercises, opponents would capture a physical flag in order to win the game. On a cyber range the "flag" is an object such as a file or obtaining access to a system.

Our Capture the Flag (CTF) portfolio consists of two types of solutions: trainings and competitions. In both cases, the participants are faced with a number of cybersecurity missions that need to be solved by employing various cybersecurity skills in a simulated IT environment.

Both CTF trainings and competitions are based on similar content. CybExer's CTF platform uses jeopardy-style CTF: there are tasks with different difficulties which are grouped into categories and every team/individual can choose the tasks they wish to solve based on their own preferences or strategy. The number of tasks available for the participants to solve is configurable and this is the main means on defining the length of the training event as well as the complexity.

For competitions, the participation is usually open to everyone (as opposed to CTF trainings for one organisation). More extensive competitive elements are designed into the CTF event and often live broadcasts with commentaries of the competition are presented to the public. Nonetheless, mixtures of the two types of CTF can be constructed to suit the specific needs of an organisation.

CTF events can vary from few hours with novice target audience up to multiple day events with participants having very advanced skillsets. CybExer is known for delivering Cyber Battle of the Emirates in 2019 and 2020.

Trainings for Executives

It is essential that political leaders, high-ranking officials, advisors, and company executives are proficient in understanding our modern cyber threat landscape and able to deliver effective crisis management processes. Thus, we offer tailor-made trainings for executives.

One of the core competences of ours is conducting complex cyber security trainings and courses at all levels. Effective response to various cyber security threats requires technical capabilities and skills but also appropriate decision-making processes from the management level.

We provide perhaps the most engaging and impactful strategic-level cyber exercises that are tailored for higher decision-making levels from corporate leadership to operational CERT leaders up to the V-VIP trainings at the level of heads of states and ministers. Our exercises and their crisis scenarios have been used both in conjunction with technical exercises such as "Locked Shields" but also as separate events such as EU ministerial meetings during the Finnish and Estonian EU presidencies 2019.

We ensure the quality of content on our trainings by relying on the know-how of our team that consists of highly qualified cyber experts with experience in countering the most complex threats emanating from the cyber space. CybExer provides classroom-type trainings delivered both on-site and online with opportunities for evaluation, independent learning, tutor contact hours and practical activities. All our trainings are hands-on with dedicated technical artefacts and conducted on the STRATEX platform.

Our strategic trainings have two broad objectives or use cases: firstly, to improve individual skills and capabilities such as awareness on cyber threats and crisis management skills. Secondly, to explore and/or assess existing decision-making frameworks and assess various operational aspects (e.g. roles and responsibilities, resources and resource gaps, etc.)

The exercise will motivate participants to discuss and understand the divergent and often-conflicting issues associated with decision-making in a cyber emergency as well as the consequences of the choices made or prescribed by existing regulations. Trainings for executives are also an ideal tool to assess, test and compare relevant regulations, procedures and understanding thereof between various stakeholders. The training is holistic in nature in that all aspects of business and mission-based issues are addressed: technical mitigation, damage assessment, operational issues, public relations, potential attribution, and determination of future attacks.

We use cookies and other technologies to process personal data (including IP addresses) in order to:

  • Develop and improve user experience, the website and the products;
  • Enable the use of the website;
  • Store and/or access information on a device;
  • Apply market research to generate audience insights;
  • Measure ad performance.

Read more from our Privacy Policy and Terms of Services