┌─ NEXT DROP ────────┐ │ malware | packets │ │ cloud | AD attacks │ └────────────────────┘
coming_soon --scenario malware-triage
More soon
Next labs
Malware triage, packet forensics, cloud security, AD-style attacks.
In progressBrowser cyber range
Boot as many lab machines as the scenario needs inside the browser. Students investigate real incidents without cloud ranges, backend graders, or install weeks.
defender> tail -n 80 /var/log/web/access.log 10.0.0.210 POST /upload?name=cache-raven.phtml 10.0.0.210 GET /cache/fragments/cache-raven.phtml?task=id defender> checkwebshell decoys intact : yes Lab status : PASS
Why colleges care
┌─ BLUEWALL ─────────┐ │ pkt → alert → DROP │ │ snort + iptables │ └────────────────────┘
alert tcp any any -> 10.0.0.10 80
IDS + firewall
Catch hostile traffic. Write the rule. Block only what matters.
Launch lab┌─ SHADOWSHELL ──────┐ │ logs → IOCs → fix │ │ webshell IR │ └────────────────────┘
/cache/fragments/shell.phtml?task=id
Webshell IR
Follow logs, find the shell, preserve decoys, contain the attacker.
Launch lab┌─ NEXT DROP ────────┐ │ malware | packets │ │ cloud | AD attacks │ └────────────────────┘
coming_soon --scenario malware-triage
More soon
Malware triage, packet forensics, cloud security, AD-style attacks.
In progressBrowser-native polymorphic cyber labs can remove much of the setup, local VM, and cloud infrastructure burden from cybersecurity courses. Students open a webpage instead of installing hypervisors, importing VM images, debugging NAT networks, or waiting for a hosted range. Because lab values randomize across runs, the same scenario can be repeated for skill-building without turning into a static answer-sharing exercise.
The model combines five cost buckets: student setup time, TA/faculty support, hosted range/platform cost, cheating/rework, and hardware pressure. The numbers are intentionally transparent so a school can replace assumptions with its own rates.
| Bucket | Mid-case assumption | Reason for including it |
|---|---|---|
| Student setup | 8h saved × $20/hr | Traditional VM labs often create install, import, patching, and network-debug time. |
| TA support | 4h saved × $25/hr | Less local setup means fewer environment-specific troubleshooting sessions. |
| Hosted range | $180/student/year | Example public cyber-range pricing includes a $15/user/month plan. |
| Answer sharing | 2h/student equivalent at $70/hr | Polymorphic IPs, filenames, commands, and flags reduce static-solution reuse. |
| Device pressure | 10% avoid a $1,500 upgrade | Browser labs reduce the need for high-RAM virtualization-capable student laptops. |
| Program size | Student setup | TA support | Hosted range | Cheating/rework | Device pressure | Total saved | Per student |
|---|---|---|---|---|---|---|---|
| 100 students | $16,000 | $100 | $18,000 | $14,000 | $15,000 | $63,100 | $631 |
| 500 students | $80,000 | $200 | $90,000 | $70,000 | $75,000 | $315,200 | $630 |
| 2,000 students | $320,000 | $400 | $360,000 | $280,000 | $300,000 | $1,260,400 | $630 |
Static labs are easy to overfit. Once a filename, IP, flag, or command sequence leaks, students can follow an answer key. A polymorphic lab changes evidence per run: attacker IPs, benign clients, shell names, route paths, command parameters, markers, persistence files, and flags. This makes repeat practice useful instead of repetitive.
The lab is a static project: HTML, CSS, JavaScript, v86, BIOS/kernel/rootfs images, and scripts. That means the same lab can be hosted from a normal website and repeated without spinning up a new cloud VM for every learner.
A future product could be priced well below the modeled value delivered. For example, a $10–$20/student/month range is still small compared with the modeled savings, especially when setup time and hardware pressure are included. Institutional pricing could also work as a flat program license for departments. These numbers should be refined after vendor-by-vendor pricing research.
This is draft positioning, not a public pricing claim. Vendor-by-vendor research should happen before publishing exact comparison numbers.