Systems and methods are described for modifying one or more advertisements of a webpage or a social media feed to create a simulated cybersecurity attack. Initially, content responsive to a request by a user via a user device to access a webpage or social media feed with one or more advertisements is received. One or more advertisements are detected within the content. An advertisement of the one or more advertisements is modified or replaced with simulated cybersecurity attack advertisements. The webpage or social media feed with the modified advertisement is displayed to the user device. User interactions with the simulated cybersecurity attack content are tracked and training is provided based on user interactions.

The present invention is directed to interactive training, and in particular, to methods and systems for computerized interactive skill training. An example embodiment provides a method and system for providing skill training using a computerized system. The computerized system receives a selection of a first training subject. Several related training components can be invoked, such as reading, watching, performing, and/or reviewing components. In addition, a scored challenge session is provided, wherein a training challenge is provided to a user via a terminal, optionally in video form.

Methods and systems allow a user or operator to easily create cyber-training environments for use in a cyber-training system. In one embodiment, the environments are configured as missions. The missions may have a plurality of features, such as training objectives, a mission storyline, a mission order and mission objectives, relative to a mission environment. The mission environment comprises a virtual environment, such as defined by a virtual network having virtual machines or devices.

A computer-implemented method comprising: receiving a job from a plurality of priority queues, the job including a deliverable and a plurality of commands; performing a correction procedure on the deliverable, wherein the correction procedure comprises, for each of the plurality of commands: transforming a respective command into a structure of keywords, the structure associated with a flow of execution, the structure including a plurality of nodes, the plurality of nodes including a root node and plurality of parent nodes, each parent node of the plurality of parent nodes having at least one child node, each parent node of the plurality of parent nodes including a keyword in the respective command; traversing the structure according to the flow of execution, executing one or more keywords at one or more parent nodes of the plurality of parent nodes; determining an output of the respective command based on the execution of the one or more keywords at the one or more parent nodes of the plurality of parent nodes.

Systems and methods are described for providing training to attendees of a network security training session through use of gamification. A virtual environment is created containing a network topology simulating a deployed network of network security devices for which teams of the attendees are to receive training. A 3D game interface is presented on a display of a computer system of an attendee. Based on a leaderboard server's game state, a problem-solving objective for the training session is presented on the display. The virtual environment facilitates interactions by the attendee with the network security devices via real web interfaces of corresponding full-feature virtual network security appliances in connection with attempts by the attendee to complete the objectives. Upon completion of an objective, the leaderboard server's game state is updated. Based on the game state of a group of objectives a second group of problem-solving objectives is presented to the attendee.

Techniques for collecting telemetry data, indicating usage of a computing-based solution hosted in a computing resource network, to ascertain a stage of progression through an experience lifecycle for the computing-based solution, and to generate data for populating lifecycle templates with content for progressing from the stage to which the user account has progressed to the next stage of the experience lifecycle, to include on a user interface for display on a computing device associated with a user account. A software agent executing on a node in the computing resource network may collect the telemetry data to provide to a Software-Defined Networking (SDN) controller disposed in the same network. The SDN controller may transmit the telemetry data to a service provider network, where the data is utilized to determine lifecycle data for generating a user portal to present on the computing device associated with the user account.

A request may be received for a guided project teaching usage of a network-accessible resource, the guided project including an instruction video explaining the usage of the network-accessible resource. In response to the request, a virtual browser cloud workspace running on a containerized computation environment hosting a virtual browser and remote access software may be provided. An interactive learning environment may be provided that includes a virtual browser interactive window and an instructional window, and the instruction video may be provided within the instructional window. Using the remote access software, bidirectional communication may be provided between the virtual browser interactive window and the virtual browser while the virtual browser is accessing the network-accessible resource, to thereby provide control of the network-accessible resource at the virtual browser interactive window to complete the guided project in conjunction with the instruction video.

A computer-implemented adaptive group training method a computer accessing a virtual system and initiating a group training exercise for training a trainee group comprising one or more trainees, the group training exercise including one or more challenges to the virtual system, each of the one or more challenges including a pre-defined sequence of one or more injectable events; the computer controlling subsequent execution of the group training exercise comprising injecting the injectable events; and the computer evaluating performance of the trainee group during the subsequent execution of the group training exercise, including analyzing actions taken by the trainee group in response to each of the injections, and attributing one or more of the actions taken to a trainee.

Systems and methods are described for providing customized message content to be displayed to a user of an email client, responsive to the user selecting, via a plug-in or agent of the email client, to report an email as a potential phishing email. In examples, the user may be an employee of an organization and the systems and methods may facilitate a determination by the plug-in or agent of the email client that the reported email is one that does not pose a security risk, such as a simulated phishing email sent by the organization itself, or an email sent from a trusted partner of the organization. The systems and methods may facilitate a customization of the message content that is displayed to the user. In examples, the customized message content may be included or specified within one or more SMTP extension headers of an SMTP email.

A demonstration mode control system of a device receives and analyzes audio at the device. This audio includes, for example, a conversation between two or more users, such as an owner of the device and another (secondary) user. The system analyzes the conversation and determines whether a user intent is to have a secondary user of the device assess features of the device. In response to determining that the user intent is to have the secondary user assess the features of the device, the system automatically enters a demonstration mode for the device including running a demonstration program that highlights features of the device. The demonstration mode optionally includes changing device property values for the device to demonstration mode device property values that are expected to best demonstrate capabilities of the device.