So Long Summer of Cyber Ranges - Hello HackTrack!

As the leaves change and the air turns crisp, it’s time to wrap up our Summer of Cyber Ranges — and what a summer it’s been. Over the past few months, the CMD+CTRL Security team and our expanding community of hackers, developers, and security professionals came together to learn, compete, collaborate, and level up through a series of immersive cyber range events.

Our final two events -- Attack in August and Hack to School: A Hacktember to Remember, showcased just how far this community has come since our kickoff back in June. With more than 120 participants across the final two events—and over 300 total across the summer—this series drew a larger, more diverse, and more globally distributed audience than ever before. Together, we’ve built a strong foundation for what’s next.

Attack in August: Raising the Bar

Our summer finale, Attack in August, featured two fan-favorite ranges: Shred and DigiExchange.

• Shred challenged participants with hands-on secure coding and web vulnerability scenarios, pushing them to think like attackers while reinforcing defensive best practices.
  
  
• DigiExchange simulated a modern digital marketplace, testing players’ ability to identify vulnerabilities in complex workflows and third-party integrations.

By reaching out to the broader OWASP community, we welcomed many first-time participants  - reinforcing our shared goal: making security knowledge more accessible to everyone.

The energy at this event was electric. Returning champions like FROSTEDMONOTONY and ElleF once again demonstrated world-class skill, while newcomers—writingfish, nickyc, ByteTheBullet, H3xKun0ichi, and suspiciousdoggo—made an immediate impact on the leaderboards. The mix of seasoned pros and new talent resulted in dynamic interaction and helped drive momentum.

Hack to School: A Hacktember to Remember

A few weeks later, we ushered in fall with Hack to School: A Hacktember to Remember, featuring two different ranges:

• InstaFriends, a social-media-inspired environment filled with privacy pitfalls and cross-site scripting challenges.
  
  
• LetSee, a visually rich range designed to expose accessibility and user experience flaws with real-world impact.

To better accommodate global players, Hack to School ran Friday through Monday, allowing participants across time zones to join at their convenience. The format proved successful, attracting participants from North America, Europe, and Asia who collaborated and shared insights in real time.

While live competition remains a hallmark of CMD+CTRL events, in keeping with our "Hack to School" theme, this event emphasized self-driven learning, enabling participants to explore at their own pace with the aid of: 

• Video walkthroughs
• Detailed guides
• Expert educational content from our Instructor Extraordinaire, Ashley

The result? A more inclusive, flexible learning experience that delivered the fun and competitive energy CMD+CTRL is known for.

Community Expansion and Player Highlights

Across the summer, more than 300 participants joined our cyber ranges, representing a diverse mix of returning players, OWASP members, corporate teams, and independent hackers.

Highlights included:

• Veteran brilliance: Familiar names like FROSTEDMONOTONY and ElleF continued to impress with innovative solutions and mentorship for newer players.
  
  
• Beginner energy: First-time participants such as writingfish, nickyc, ByteTheBullet, H3xKun0ichi, and suspiciousdoggo contributed new perspectives and enthusiasm. 
• OWASP participation: by engaging regional OWASP chapters we expanded our reach to welcome security practitioners from around the world
  

The blend of experience levels fostered a collaborative environment for seasoned pros and beginners to connect and share ideas. Our Slack channel was buzzing throughout the weekend - as players forged connections that will last well beyond the event.

The Borderless Future of Cyber Ranges

A key takeaway from our summer series was the importance of flexibility in creating a hospitable environment for participants across the globe. Cybersecurity has no borders - our community spans the globe. Expanding our event windows to four full days (Friday–Monday), allowed participants across regions and timezones to engage meaningfully.

Removing barriers resulted in a more dynamic and diverse group. The open forum ensured inclusion and welcomed night owls, early risers  and weekend warriors alike. The self-directed play model also proved to be a success. Our comprehensive guides and video walkthroughs empowered players to personalize their learning journeys while still benefiting from expert insights.

From Hack-to-School to HackTrack

Summer may be over, but the fun continues with our monthly CMD+CTRL HackTrack series,  running through the end of the year:

• Monthly events with extended play windows for global accessibility.
• A variety of ranges and challenges designed to mirror real-world attack surfaces.
• Expanded collaboration with regional OWASP chapters to bring hands-on training to local communities.
• Enhanced self-paced options for flexible learning anytime, anywhere.

Follow CMD+CTRL on LinkedIn to stay in the loop on upcoming events and competitions.

Why Cyber Ranges Matter 

Sure, competitive events like Attack in August provide a fun environment for enthusiasts to gather and challenge each other, but they also deliver meaningful skills development. We recently published findings from our study that looked at the impact of 1,000+ cyber range events over 6+ years. We learned that real progress comes from doing: 

• Practice pays off: Repeat cyber range players achieved 126% performance growth over time 
• Early-career talent outpaced seasoned pros: Participants with the least experience (0–3 years) demonstrated faster learning velocity
• There’s a Training “Sweet Spot”: Moderate difficulty challenges keep teams motivated while reinforcing fundamentals
• Blended content wins: Training that combines conceptual learning with hands-on simulated environments (like cyber ranges) delivers stronger outcomes.

Cyber ranges provide a realistic, risk-free environment where professionals and beginners can explore vulnerabilities, experiment safely, and learn by doing. The “lightbulb moments” we witnessed—when participants connected simulated vulnerabilities to real-world challenges—underscore why experiential learning is essential for modern AppSec and DevSecOps teams.

Appreciation and An Invitation

To everyone who participated—returning champions, first-time players, OWASP partners, and our supportive Slack community—thank you! Your enthusiasm, insight, and collaborative spirit made the Summer of Cyber Ranges really sizzle.

We're keeping the summer vibe going with these upcoming HackTrack ranges: 

• October 22nd - Pumpkin Spice and Payloads
• November 12th - Hackvember 
• November 25th - Happy Hacksgiving
• December 24th - Hack Through the Holidays

If you haven’t participated yet, this is a great time to start. Monthly events, flexible scheduling, and a rotating portfolio of themed environments offers something for everyone. Sign up today!

About CMD+CTRL Cyber Ranges

CMD+CTRL is the only cyber range platform purpose-built for application security. By mirroring the flaws, misconfigurations, and errors that attackers exploit in real-world software, CMD+CTRL cyber ranges offer engaging, realistic scenarios that help development and engineering teams build secure applications from the start. Visit www.cmdnctrlsecurity.com/training/cyber-range/ to learn more about our suite of gamified cyber ranges, designed to motivate learners at all levels.