Cyberange — Insights

Cyberange — InsightsThreat intelligence, adversary emulation, DFIR, ICS/OT, and training notes from the Cyberange team.https://cyberange.io/en-INInside a 90-day red team op against a tier-1 Indian airport operatorhttps://cyberange.io/insights/90-day-red-team-tier-1-indian-airport/https://cyberange.io/insights/90-day-red-team-tier-1-indian-airport/A redacted case study mapping a 13-week journey from an external foothold to full Active Directory compromise. Discover how the operator adapted tactics on the fly and what forensic artifacts survived a rigorous CERT-In post-incident review.Wed, 27 May 2026 00:00:00 GMTAdversary emulationred teamaviationairportadversary emulationIndiaCERT-Infield noteCyberange Adaptive Red TeamThe CERT-In six-hour window: what your DFIR runbook needs to sayhttps://cyberange.io/insights/cert-in-six-hour-window/https://cyberange.io/insights/cert-in-six-hour-window/CERT-In Direction 70B (April 2022) requires reporting of certain cyber incidents within six hours of detection. A practical breakdown of what the clock actually measures, what your runbook needs to include, and where most organisations get the timeline wrong.Tue, 26 May 2026 00:00:00 GMTDFIRCERT-Inincident responseregulatoryBFSIIndiaCyberange DFIR ConsultingWelcome to Cyberange Insightshttps://cyberange.io/insights/welcome-to-insights/https://cyberange.io/insights/welcome-to-insights/The publishing home for our practice notes, engagement debriefs, and threat-landscape reads — now open for contributions from student alumni, cohorts, and the wider community.Tue, 26 May 2026 00:00:00 GMTPracticeannouncementeditorialCyberange EditorialWhy we ship real PLCs, not software emulatorshttps://cyberange.io/insights/why-real-plcs-matter/https://cyberange.io/insights/why-real-plcs-matter/A short practice note on the difference between a simulator and a range, and why the difference compounds in operator training, regulator-grade demonstrations, and live red-team engagements.Tue, 26 May 2026 00:00:00 GMTICS / OTphygitalpracticePLCtrainingCyberange Phygital LabsBrowser-based initial access in 2026https://cyberange.io/insights/browser-based-initial-access-2026/https://cyberange.io/insights/browser-based-initial-access-2026/The fastest-growing initial-access surface in the engagement data is the browser session, not the credential. Reverse-proxy phishing kits, OAuth consent abuse, extension supply-chain hijacks, and infostealer-fed cookie marketplaces — what changed, why MFA and password rotation no longer cover the dominant case, and which controls actually move the curve.Fri, 17 Apr 2026 00:00:00 GMTThreat intelligencebrowserinitial accessSSOthreat intelphishingCyberange Threat Intel