Cart
Register
Sign in

Our partners

We partner with top-tier tools and platforms to deliver cutting-edge, instructor-led cybersecurity training that bridges the gap between theory and real-world defense.

LabLabee

LabLabee is a hands-on training platform focused on telecom and cloud-native technologies. It offers immersive, real-world labs covering 5G, cloud, networking, and Kubernetes, enabling engineers and students to build practical skills through interactive simulations. The platform is fully browser-based and is designed to close the gap between theory and practice in telecom and IT education. LabLabee serves enterprises, training centers, and universities looking to upskill teams and deliver next-gen infrastructure expertise.

Explore LabLabee
Read more

Hack The Box

Hack The Box is a human-focused platform dedicated to developing top cybersecurity talent and building high-performing security teams through hands-on training and workforce development. We’re proud to partner with Hack The Box as an authorized training provider, not only delivering instructor-led courses, but also creating tailored training content built around their globally recognized certifications. This collaboration enables us to craft immersive, real-world learning experiences that align with current industry needs and evolving cybersecurity threats.

Explore Hack The Box
Read more

CYBER RANGES

With next-generation simulation technology and deep-dive cyber-range environments, CYBER RANGES delivers realistic, adversary-driven exercises across Red, Blue, and Purple Team disciplines. From off-the-shelf scenarios mapped to MITRE ATT&CK, to fully custom enterprise-grade simulations, they enable training that builds technical muscle memory, sharp decision-making, and scalable readiness. Through our partnership, we combine their scalable environments with Cyber Helmets’ expert-led training to deliver hands-on readiness that mirrors real-world threats.

Explore CYBER RANGES
Read more

HackTricks

HackTricks is a globally recognized cybersecurity resource, offering detailed insights into hacking techniques, cloud security best practices, and methodologies. It serves as a go-to platform for security professionals seeking the latest cybersecurity knowledge and research. By combining Cyber Helmets’ immersive training approach with HackTricks’ comprehensive security knowledge base, this collaboration helps IT professionals identify vulnerabilities, prevent cloud misconfigurations, and respond to cyber threats effectively.

Explore HackTricks
Read more

Smithy Security

Smithy is an innovative security automation platform designed to integrate seamlessly into enterprise development pipelines. By bridging the gap between security and delivery, it ensures best practices are consistently applied at scale. This collaboration combines Cyber Helmets’ expert-led training with Smithy’s automation capabilities, enabling organizations to upskill their teams while operationalizing those skills. It empowers enterprises to accelerate software delivery and achieve stronger, more consistent security outcomes.

Explore Smithy
Read more

K8Studio

K8Studio is a team of passionate Kubernetes experts dedicated to simplifying Kubernetes management for development teams and companies worldwide. Their mission is to provide innovative, intuitive tools that enhance the efficiency and productivity of Kubernetes operations. This partnership marks a major step forward in how we teach and learn Kubernetes security. K8Studio is the default lab environment for all Cyber Helmets Kubernetes and cloud security training.

Explore K8Studio
Read more

Vishr.ai

Vishr.ai is an AI-powered voice threat simulation platform designed to train people to recognize and respond to real-world vishing attacks. By combining synthetic voice generation, behavioral AI, and adaptive learning, Vishr.ai delivers highly realistic training experiences that build true capability, not just awareness. As part of our partnership, their platform is integrated into Cyber Helmets’ training programs to help organizations strengthen human defense where it’s needed most: the moment a malicious call comes in.

Explore Vishr.ai
Read more

Shellter Project

Cyber Helmets proudly partners with Shellter Project, creators of Shellter Elite—the industry’s most advanced AV/EDR evasion platform. Shellter is a dynamic shellcode injection tool designed for red teamers and advanced adversaries, enabling the creation of stealthy loaders that evade modern detection engines. This collaboration brings battle-tested evasion techniques directly into our red team and advanced adversary simulation training. By integrating Shellter’s cutting-edge tooling with our hands-on labs and real-world scenarios, we equip practitioners with the stealth, precision, and tactics needed to bypass modern defenses and elevate their offensive security skills.

Explore Shellter Project
Read more

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.