CyberElites
CyberElites
Request demo
Cyber Defense Training Platform · Closed beta

Train cyber defenders in real attack scenarios.

Forge powers immersive, graded cyber ranges across threat hunting, incident response, digital forensics, malware analysis and OT security — hosted in the cloud or fully air-gapped on-prem.

Request a demo
< 10 min
Range deploy
9 domains
Training tracks
6-layer
Tenant isolation
forge.cyberelites.ae/dashboard
LIVE
Search ranges, scenarios, alerts…
JA
Jumaa

Good morning, Jumaa

Wed · 22 May 2026 · 4 ranges live · 0 incidents

Healthy
12+3
Active ranges
47+12
Sessions today
1,284+187
Detections
87%+2pt
MITRE coverage
Sessions · last 14 days↑ 38%
9 May16 May22 May
MITRE coverage
87%
14 / 16 tactics
Active ranges
enterprise-ad-breach12 VMs4 ana.LIVE
corp-soc-drill-q28 VMs3 ana.LIVE
ransomware-1016 VMs0 ana.IDLE
phishing-supply-chain14 VMs0 ana.BUILD
Activity
02:14Phase 3 detected by analyst.jumaa
01:51False positive raised on WS04
01:33Range deployed: enterprise-ad-breach
00:47Scenario authored: lateral-move-v2
-1dAttack chain completed — score 87
The platform

Meet Forge.
Built by SOC operators, for SOC operators.

Declarative scenarios. Real Windows domains. Real Linux servers. Real attack chains. One click to deploy, one click to score, one click to tear down.

scenarios/enterprise-ad-breach.yamlVALID ✓
name: enterprise-ad-breach
difficulty: hard
network:
  realism_mode: full
  subnets:
    - { cidr: 10.20.0.0/16, vlan: dmz }
    - { cidr: 10.30.0.0/16, vlan: corp }
forge:
  - { vm: dc01, image: win-srv-22-ad, role: domain-controller }
  - { vm: ws01, image: win-11-corp,   role: endpoint }
phases:
  - { name: initial-access, technique: T1566.001 }
  - { name: cred-dump,      technique: T1003.001 }
  - { name: lateral-move,   technique: T1021.002 }
scoring:
  weight: { detection: 0.5, triage: 0.3, response: 0.2 }
Features

Everything a serious training program needs.

Forge is more than a range. It's the operating system for the way your team trains, drills, and proves capability.

IT and OT cyber range environments
IT + OT coverage
CLOUD OR AIR-GAPPED

Every environment your team defends. In one platform.

10-minute deployments

Spin up a complete enterprise environment in under ten minutes. Train, drill, tear down. Repeat.

2 hours< 10 min

Sandboxed isolation

Every range runs in its own sealed environment. Trainees can't escape. Damage stays inside.

Integrated SIEM

Real log ingestion, real detections, real-world alerts — built into every range.

MITRE ATT&CK aligned

Every range mapped to ATT&CK techniques. Visualize coverage. Close training gaps.

Realistic noise & FPs

Background traffic, legitimate user activity, false positives — the way real SOCs see the world.

Browser-native access

Stream Windows desktops and Linux terminals to any browser. No installs. No VPN.

Enterprise SSO

Connect to your existing identity provider. Single sign-on for the whole team.

Skill analytics

Per-trainee dashboards. Detection speed, accuracy, coverage. Promote with evidence.

Training tracks

Hands-on ranges across every cyber defense discipline.

Forge is a cyber defense training platform — not a single-purpose range. Pick a domain, pick a difficulty, deploy in minutes — or commission a custom range built to your environment.

Threat Hunting

Proactive adversary detection through hypothesis-driven hunts and behavioral analytics.

APT campaignsPersistence huntsDNS anomaliesBeaconing
Hands-on rangesIntermediate → Expert

Incident Response

Full IR lifecycle drills: detect, contain, eradicate, recover — under realistic time pressure.

RansomwareInsider threatData exfilSupply chain
Hands-on rangesBeginner → Expert

Digital Forensics

Disk, network, and memory forensics across Windows, Linux, and cloud workloads.

Disk imagingMemory analysisPCAPTimeline
Hands-on rangesIntermediate → Expert

Malware Analysis

Static and dynamic analysis. Reverse engineering. Sandboxing and unpacking.

PE analysisYARA rulesSandboxingReverse eng.
Hands-on rangesIntermediate → Expert
FEATURED

OT / ICS Security

Defend industrial control systems — HMIs, PLCs, SCADA, sensors, and field devices.

Modbus / DNP3PLC tamperingHMI defenseField-device attacks
Hands-on rangesIntermediate → Expert

SOC Operations

L1 to L3 progression. Triage discipline, escalation playbooks, alert handling at scale.

Alert triagePlaybooksShift handoverKPIs
Hands-on rangesBeginner → Advanced

Network Defense

Detection engineering, network security monitoring, firewall and IDS/IPS tuning.

Detection rulesNSMZeekIDS/IPS
Hands-on rangesIntermediate → Expert

Cloud Security

Attacks and defenses across cloud platforms — identity, misconfigs, lateral movement.

IAM abuseStorage misconfigPrivilege escalationWorkload defense
Hands-on rangesIntermediate → Expert

Purple Team

Red and blue working together. Adversary emulation paired with detection development.

Atomic emulationDetection rangeMITRE coverageJoint exercises
Hands-on rangesAdvanced → Expert
Custom rangesOn request

Need something specific? We build ranges to your environment.

Bring your tech stack, threat model, or specific industry regulations — our team designs and ships a tailored range you can drill against. Air-gapped delivery available.

Discuss a custom range
9 domains
Cyber defense tracks
Custom ranges
Built to your environment
Beginner → Expert
Difficulty range
MITRE-aligned
Built on standards
How it works

From idea to graded session in under an hour.

No infrastructure tickets. No 6-week procurement cycles. The cyber range is a Lambda call away.

01

Author

Drag-and-drop a scenario or write YAML. Version it in git. Review like code.

02

Deploy

One click. Forge provisions a private VPC, boots the VMs, wires the SIEM. < 10 min.

03

Train

Adversary runs the attack chain. Analysts triage in their browser. Live telemetry to scoring.

04

Score & teardown

Objective scoring. Per-analyst report. Range torn down in seconds. No idle footprint.

Solutions

Built for the people who actually defend networks.

Four go-to-market tracks. One platform. Pick the one that matches your mission.

National-grade cyber capability building

Air-gapped deployments, sovereign region hosting, classified-network compatibility. Train national SOCs, military cyber units, and CERT teams on realistic adversary tradecraft without sending traffic outside borders.

  • Sovereign / air-gapped deployment options
  • Role-based clearance separation
  • Custom threat actor profiles
  • Compliance-ready audit logs
  • FedRAMP / UAE IA aligned
100%Data residency control
forge.cyberelites.ae/gov live
National SOC · Tier-3 Ops
Analysts active · ranges live
healthy
Detections87%
Response time64%
Coverage92%
FP discipline78%
00:42Phase 3 detected
01:18False positive raised
01:51Lateral movement blocked
02:07Persistence found
Security & trust

Security is the product. We hold ourselves to a higher bar.

When the platform is for training defenders, the platform itself has to be defensible.

Isolation by design

Per-customer AWS accounts. Per-scenario VPCs. Zero trust between tenants. Ephemeral range VMs that never share state.

Identity & access

SAML 2.0 / OIDC federation. MFA mandatory for admin. Just-in-time access for ephemeral training accounts.

Data residency

Deploy to any AWS region. Sovereign regions supported (UAE, EU, US-Gov, China). Training data never leaves your region.

Compliance roadmap

Architected against ISO 27001, SOC 2 Type II, UAE IA. Formal certifications on the 2026–2027 roadmap.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. KMS-managed keys with optional customer-managed keys (CMK).

Immutable audit

Every control-plane action logged to CloudTrail and append-only S3 with object-lock. Tamper-evident records.

ISO 27001Roadmap 2026 Q4
SOC 2 Type IIRoadmap 2027 Q1
UAE IAAligned
GDPRCompliant
Roadmap

Where we're going.

A locked roadmap, published. We bet our reputation on shipping it.

2026 Q2

Forge 2.0 — full platform rebuild

IN-FLIGHT

Multi-tenant SaaS. Cognito SSO. Wazuh-integrated. First production customers onboard.

2026 Q3

Visual scenario builder GA

PLANNED

React Flow drag-and-drop. YAML round-trip. Public scenario marketplace beta.

2026 Q4

Enterprise tier

PLANNED

SAML SSO. Audit export. Dedicated VPC peering. 24×7 support. SLA contracts.

2027 Q1

SOC 2 Type II + ISO 27001

PLANNED

Formal certifications. UAE Information Assurance alignment.

2027 Q2

Regional expansion

PLANNED

KSA, Egypt, EU regions. Localized scenarios and threat-actor profiles.

About CyberElites

Founded by SOC practitioners. Built for the next generation of defenders.

CyberElites is a UAE-based cybersecurity company building the tools we wished we had on the SOC floor. We spent years training analysts on slide decks and disposable VMs — watching real adversaries punch through environments that bore no resemblance to what we trained on.

We built Forge to close that gap. Real environments. Real attacks. Real measurement. And economics that let every organization — from a national SOC to a university classroom — afford to train at the level the threat demands.

Mission

Make hands-on cyber defense training as accessible as a SaaS subscription.

Vision

Every defender trains on Forge before they touch a production SIEM.

Values

Realism over theater. Measurement over assertion. Open standards.

2026
Founded
UAE
Headquartered
CyberElites
cyberelites.ae

A startup with operator DNA. We've been the analyst at 3am chasing an alert. We're building the platform we wish we'd had.

Get started

Ready to see Forge in action?

Book a 30-minute demo. We'll walk you through a live scenario deployment, show you the scoring engine, and discuss what a pilot would look like for your team.

Email
support@cyberelites.ae
Press / partnerships
partners@cyberelites.ae
Headquarters
Abu Dhabi, United Arab Emirates
24h
Response SLA
30 min
Demo length
Hands-on
Pilot evaluation

Prefer email? Write to support@cyberelites.ae. We respond within one business day.