Chapter 3. Cyber polygon as a tool for training cybersecurity professionals

Authors

Bohdan Malitskyi
Uzhhorod National University, Ukraine
https://orcid.org/0009-0000-0857-7320
Oleksandr Cherepov
Uzhhorod National University, Ukraine
https://orcid.org/0009-0000-6570-5931
Vasyl Rizak
Uzhhorod National University, Ukraine
https://orcid.org/0000-0002-9177-0662
Mykhailo Rizak
State Non-Commercial Company «State University «Kyiv Aviation Institute», Ukraine
https://orcid.org/0009-0003-9844-3271
DOI: https://doi.org/10.15587/978-617-8360-16-0.ch3

Keywords:

Cyber polygon, cybersecurity, vulnerabilities, Active Directory, GitLab, Qualys, Metasploitable 2, ethical hacking, risk assessment, team competitions, Kerberoasting, pentesting, web application security, RCE, SMB, privilege escalation, LLMNR, educational process, practical training

Synopsis

The continuous escalation of cyber threats and the evolution of attack methods on information systems necessitate the training of highly skilled cybersecurity professionals who can effectively respond to real-world threats. There is a need for training programs that provide students not only with theoretical knowledge but also with practical experience in countering cyberattacks. Cyber polygons serve as a critical tool in preparing professionals, enabling students to develop vulnerability assessment skills and implement defense strategies in an environment that simulates real-world attack and defense scenarios.

This study is based on the cyber polygon of the Department of Solid-State Electronics and Information Security, which includes a comprehensive suite of training scenarios covering various aspects of cybersecurity. Three key scenarios are outlined in this work. The first involves web application vulnerability scanning using Qualys, allowing students to learn risk assessment and develop recommendations for enhancing security. The second scenario utilizes Metasploitable 2 as a simulation platform for practicing network attack and defense techniques. The third scenario, developed in collaboration with UnderDefense, involves tasks related to GitLab and Active Directory, where students engage in ethical hacking within a corporate infrastructure.

Through the use of the cyber polygon, students gain practical skills in vulnerability detection, risk assessment, and the application of comprehensive protection methods. They also acquire experience in managing Active Directory infrastructure, using LDAP for remote access, analyzing GitLab security, and performing attacks in realistic network environments. Team competitions and work on various scenarios enable students to master both offensive and defensive techniques, including brute forcing, remote code execution (RCE), Server Message Block (SMB), and local privilege escalation (LPE), strengthening their preparedness for careers in cybersecurity.

The training scenarios developed on the basis of the department’s cyber polygon provide students with the necessary experience to work in the field of cybersecurity, deepening their understanding of risks and protection methods. The skills acquired enhance their competitiveness in the job market, equipping them to address information system security challenges in contemporary environments. The cyber polygon not only builds professional competencies but also fosters teamwork and strategic thinking, which are critically important for a successful career in cybersecurity.

References

Dovhan, O. D., Hulak, H. M., Hryn, A. K., Melnyk, S. V. (2012). Metodolohiia zakhystu informatsii. Kyiv: Naukovo-vydavnychyi tsentr Natsionalnoi akademii Sluzhby bezpeky Ukrainy, 184.

Buriachok, V. L., Toliupa, S. V., Anosov, A. O., Kozachok, V. A., Lukova-Chuiko, N. V. (2015). Systemnyi analiz ta pryiniattia rishen v informatsiinii bezpetsi. Kyiv: DUT, 345.

Buriachok, V. L., Toliupa, S. V., Semko, V. V., Buriachok, L. V., Skladannyi, P. M., Lukova-Chuiko, N. V. (2016). Informatsiinyi ta kiberprostory: problemy bezpeky, metody ta zasoby borotby. Kyiv: DUT – KNU, 178.

Hudmen, M. (2019). Zlochyny maibutnoho. Kharkiv: Fabula, 592.

Kisku, D. R., Gupta, P., Sing, J. K. (Eds.). (2016). Advances in Biometrics for Secure Human Authentication and Recognition. CRC, 352.

Lisovska, Yu. (2019). Kiberbezpeka. Ryzyky ta zakhody. Kyiv: Kondor, 272.

Kurban, O. V. (2016). Suchasni informatsiini viiny v merezhevomu on-lain prostori. Kyiv: VIKNU, 286.

Vemuri, V. R. (2019). Enhancing computer security with smart technology. CRC Press, 288.

Khoroshko, V. O., Kryvoruchko, O. V., Brailovskyi, M. M. et al. (2019). Zakhyst system elektronnykh komunikatsii. Kyiv: KNTEU, 164.

Bobalo, Yu. Ya., Dudykevych, V. B., Mykytyn, H. V. (2020). Stratehichna bezpeka systemy “obiekt – informatsiina tekhnolohiia”. Lviv: Lvivska politekhnika, 260.

Hrebeniuk, A. M., Rybalchenko, L. V. (2020). Osnovy upravlinnia informatsiinoiu bezpekoiu. Dnipro: Dnipropetrovskyi derzhavnyi universytet vnutrishnikh sprav, 144.

Prysiazhniuk, M. M., Farmahei, O. I., Chekhovska, M. M. et al.; Ostroukhov, V. V. (Ed.) (2021). Informatsiina bezpeka. Kyiv: Vydavnytstvo Lira-K, 412.

Ostapov, S. Ye., Yevseiev, S. P., Korol, O. H. (2021). Tekhnolohii zakhystu informatsii. Lviv: Novyi Svit–2000, 678.

Kohut, Yu. (2021). Kiberbezpeka ta ryzyky tsyfrovoi transformatsii kompanii. Kyiv: Konsaltynhova kompaniia Sidkon, 372.

Korobeinikova, T. I., Zakharchenko, S. M. (2021). Tekhnolohii zakhystu lokalnykh merezh na osnovi obladnannia CISCO. Lviv: Lvivska politekhnika, 232.

Kohut, Yu. (2021). Kiberteroryzm. Istoriia, tsili, obiekty. Kyiv: Konsaltynhova kompaniia Sidkon, 304.

Panek, C. (2020). Networking fundamentals. Hoboken: John Wiley & Sons, Inc., 319.

Samuel, A. (2021). Network ethical hacking and penetration testing. Los Angeles, 409.

Diogenes, Y., Ozkaya, E. (2018). Cybersecurity – attack and defense strategies. Packt Publishing, 326.

Davis, R. (2020). The art of network penetration testing. Manning Publications, 310.

Herzog, R., O’Gorman, J., Aharoni, M. (2017). Kali Linux revealed: Mastering the penetration testing distribution. Offsec Press, 342.

Parasram, S., Samm, A., Boodoo, D., Johansen, G., Allen, L., Heriyato, T., Ali, S. (2018). Kali Linux – assuring security by penetration testing. Packt Publishing, 527.

Metasploitable 2 Exploitability Guide. Available at: https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide/

Qualys Web Application Scanning Datasheet. Available at: https://cdn2.qualys.com/docs/mktg/was-datasheet.pdf

Qualys Web Application Scanning Getting Started Guide (2024). Available at: https://cdn2.qualys.com/docs/qualys-was-getting-started-guide.pdf

Foreshaw, J. (2018). Attacking network protocols: A hacker’s guide to capture, analysis, and exploitation. San Francisco, 340.

Maiwald, E. (2001). Network security: A beginner’s guide. The McGraw-Hill Companies, 401.

Troncone, P., Albing, C. (2019). Cybersecurity ops with Bash: Attack, defend, and analyze from the command line. O’Reilly Media, 288.

Grimes, R. A. (2017). Hacking the hacker: Learn from the experts who take down hackers. Wiley, 320. https://doi.org/10.1002/9781119396260

Seitz, J., Arnold, T. (2021). Black Hat Python: Python programming for hackers and pentesters. No Starch Press, 216.

Graham, D. (2021). Ethical hacking: A hands-on introduction to breaking In. No Starch Press, 376.

UnderDefense. Available at: https://underdefense.com/about-us/

Metasploitable 2. Available at: https://docs.rapid7.com/metasploit/metasploitable-2/

PROFESSIONAL EDUCATION AND PERSONNEL TRAINING
PROFESSIONAL EDUCATION AND PERSONNEL TRAINING

Downloads

PDF

Pages

59-87

Published

September 19, 2025

Categories

Details about the available publication format: PDF

PDF

ISBN-13 (15)

978-617-8360-16-0

How to Cite

Malitskyi, B., Cherepov, O., Rizak, V., & Rizak, M. (2025). Chapter 3. Cyber polygon as a tool for training cybersecurity professionals. In V. Dmytruk (Ed.), PROFESSIONAL EDUCATION AND PERSONNEL TRAINING (pp. 59–87). Kharkiv: TECHNOLOGY CENTER PC. https://doi.org/10.15587/978-617-8360-16-0.ch3