Cyber-Security Training for IT-Administrators

Successful cyber security attacks usually come from banal roots: IT professionals who do not adequately secure their systems due to a lack of knowledge or a certain " carelessness ". But security means more effort in everyday work: hardening systems before deployment, regular patching, different accounts for different tasks and systems (Role Based Access Model), different passwords for those different accounts, and so on.

Many IT professionals have heard such advice and instructions ... and still don't follow them because they simply don't have the insight. You can change that only if you let your administrators and developers take a look out of the dark side of power..

Top Trainer

Top Trainer

Two virtual coaches convey all content in a kind of "Capture the Flag" game. As a cloud service or in your LMS. Worldwide.

Hacking LAB

Hacking LAB

The participants hack Linux and Windows systems in the LAB with the most modern attack tools. Up to level Domain Admin.

Best learning success

Best learning success

Anyone who has personally tried out how easy it is to hack systems will no longer question security measures.

Cyber Security LAB E-Learning – the facts

The content was created by incident response experts and successfully implemented and optimized in classroom training courses over many years. All scenarios are based on real APT attacks by current hacker groups and are therefore highly relevant.

In the e-learning, the participants receive the knowledge of how professional attackers act (duration approx. 2.5 hours). Each chapter allows them to execute the learned knowledge themselves in a LAB environment (several Windows and Linux systems), taking on the role of the attacker and following a typical "kill chain". The exercises in the LAB environment last depending upon speed of the participant altogether approx. 2 - 3 hours.

  • Scan of the environment with nmap and development of the infrastructure map of the LAB.
  • Detection of vulnerabilities using Nessus Report.
  • Exploitation of Linux vulnerabilities (SSH Bruteforce) with Hydra.
  • Exploitation of Windows vulnerabilities (SMB Port 445) with Eternalblue (NSA Tool) in Metasploit.
  • Lateral Movement by "Pass the Hash" with Mimikatz and psexec
  • Understanding RDP Hopping and Shellshock with Meterpreter

In each chapter the participants have to achieve goals and document them in the e-learning module ("Capture the Flag"). The subsequent chapters explain the reasons why the attack was so successful. Most of the reasons can be found in the " misbehavior " of IT employees:

  • insufficient hardening,
  • missing patching,
  • use of weak passwords,
  • use of the same passwords on different systems,
  • one account can be used for many systems,
  • use of accounts with far too many rights,
  • etc.

Modern cyber spies usually do not attack the headquarters first, where they suspect strong security measures and trained staff. They attack branch offices and subsidiaries because the security level there is usually lower and a "flat network" without segmentation promises fast access to the core systems. Previously, these locations could only be sensitized and trained at extremely high costs.

Highly efficient training worldwide at the same cost

The combination of e-learning and LAB allows you to train your administrations worldwide at the same cost, especially in the regions that attackers see as attractive targets.

The main problem of the security awareness of IT professionals lies in the lack of insight and personal involvement. Security measures make everyday work more complicated and nobody knows why. For this reason, policies and rules of conduct are usually inadequately implemented.

The Cyber Security LAB E-Learning offers the participants the opportunity to take the view of an attacker. The intensive exploration of current attack tools and the practical implementation in the LAB results in a very high level of personal involvement and understanding for the required security measures. This is the basis for behavior change.

Through the combination of multimedia e-learning and LAB environment, the Cyber Security LAB E-Learning works on the two most successful levels of the classical learning pyramid, because people learn:

  • 10 percent of what they read,
  • 20 percent of what they hear,
  • 30 percent of what they see,
  • 50 percent of what they see and hear,
  • 90 percent of what they do in person.

The Cyber Security LAB E-Learning consists of three components:

  1. A LAB portal that gives participants access to the LAB (and, in the case of a cloud solution, to e-learning).
  2. A multimedia e-learning module with 11 chapters and a final test. The e-learning module is SCORM compatible and can either be integrated into your own learning management system (LMS) or provided as a cloud service.
  3. An LAB environment consisting of several prepared Windows and Linux systems with up-to-date attack tools. There, the participants can put the knowledge they have learned into practice.

Each customer receives an individual LAB environment for its participants.


The e-learning module is available in German and English, further languages can be realized by subtitling on request.

he LAB Portal and the LAB Environment are available in English.


The Cyber Security LAB E-Learning is licensed by training participant. The price for a training participant (all inclusive: E-Learning license, LAB infrastructure, operation, software licenses, etc.) is depending on the volume between 80,- and 250,- EUR net plus VAT and is thus a fractional amount of a comparable classroom training.


The Cyber Security LAB E-Learning can be booked in monthly steps. The minimum duration is 1 month. Since the LAB with operation in Microsoft Azure and further license fees is a significant cost factor, a duration between 1 - 3 months is recommended.


The training is designed in a way that no individual adaptations to customers are necessary. Minor adaptations can be made on request, for example:

  • Customer logo instead of IS-FOX logo
  • Appointment of security contact persons (SOC, CERT, Defense Center, ISO, etc.)
  • Integration of relevant customer documents and guidelines (hardening guides, incident response processes, etc.)

Further questions? Request a demo?

Then call us on (+49 89 890 63 62-0) or send us a message.

Data protection note: how do we handle your data