Hands-on cybersecurity training, without the VM farm.
Reflare Galena gives every learner an isolated Linux or Windows desktop in the browser - at scale, with assessment built in.
A full Kali or Windows server environment opens in a browser tab in seconds. No install, no VPN, no local setup, no "it works on my machine." You bring the curriculum; Reflare Galena runs the infrastructure.
In production with enterprise, government and academic security programmes
officers in a metropolitan police cyber unit train on Reflare Galena
THE PROBLEM
Stop running a VM farm to teach security.
Hands-on training means giving people real machines. Do it yourself, and someone burns every cohort creating accounts, distributing credentials, rebuilding broken images, chasing version drift, cleaning up afterwards, then bolting a scoring system onto the side.
Galena is that infrastructure, managed. Provisioning, networking, isolation, persistence, cleanup, scoring and assessment are handled. Your team works on content and outcomes.
What can you run on Reflare Galena?
Anything that needs a real, interactive computing environment. Reflare Galena is content-agnostic: the platform provides the machine, your Docker images define what's on it.
Digital forensics
Windows and Linux investigation environments: memory captures, disk images, Volatility, network artefacts. The full toolchain on a real machine.
Offensive security
Pwn, web and crypto exercises with real debugging stacks (gdb, ptrace), isolated per learner so binary exploitation stays inside the session.
SOC & incident response
Log analysis, alert triage and incident-response workflows on realistic environments. The day job, rehearsed safely.
Active Directory attack & defence
Multi-host Windows environments with real domain joins, so attack paths and detection are practised on the real thing.
CTF competitions
The full lifecycle: challenge deployment, team management, scoring, hints and leaderboards, your content or Reflare's.
Custom corporate programmes
Bring your own scenarios and curriculum. Scenario-as-code, versioned in your repo. You write it; Reflare Galena runs it.
Four things your team stops worrying about.
True isolation, per learner
Every learner gets their own container and network. No shared sandbox where one person can break, or peek at, another's lab. Even a container escape lands on a node that holds nothing of value.
Real environments throughout
Full Windows server. Real Linux. Real kernels, real syscalls, real network stacks. Security tooling expects a real OS, so give it one.
From a pilot to org-wide
The same control plane runs your five-person evaluation and your largest annual programme. Scaling up is a hardware question, with no rebuild required.
AI assessment, built in
Reflare Galena grades free-text answers across competency domains, flags skill gaps and gives managers a dashboard, all inside the same platform.
AI ASSESSMENT
How does Reflare Galena assess skills?
Reflare Galena includes an AI-powered assessment platform that goes well beyond multiple choice. Learners answer domain-specific questions, including free-text, where they explain concepts or work through scenarios, and an AI evaluates each response for accuracy, completeness and depth.
Results break down across competency domains. For a SOC analyst, that means network analysis, log analysis, incident response and threat intelligence: each scored, with skill-gap analysis, a recommended learning path, and a career-readiness signal such as SOC Tier 1. Scoring takes about a minute. Training managers see individual and group analytics in a dashboard.
How does Reflare Galena work?
One control plane, one browser surface, real machines behind both. The learner opens a browser and gets a live environment; everything else is managed for them.
Learners connect in the browser. No client, no plugin, no VPN. Works on locked-down endpoints.
Hermes brokers the session and persists work between sittings; instructors can shadow or broadcast.
Atlas provisions isolated Linux containers; Styx provisions real Windows server. Policy-driven networking per learner.
AI scoring and reporting for instructors and managers, in the same platform.
Linux launch time: under 10 seconds
Windows launch time: roughly 2 minutes
Storage: CephFS distributed storage
Remote desktop: Guacamole-class display protocol
Performance: responsive even with Burp Suite and other heavy Java tooling
Where does the data live, and how is it isolated?
Galena's core runs on Reflare-controlled hardware outside US public cloud, so student data, content and platform state sit outside US jurisdiction, the point that matters most to European and Japanese buyers weighing the US CLOUD Act. You can run Galena on-premises or in your own cloud account.
The architecture is split on purpose: the application that holds user data is separated from the nodes that run environments, and the two talk over signed, encrypted tokens. The environment nodes hold nothing sensitive, so even a full compromise of one exposes no user data. Nodes are patched hourly and watched by a monitor that can wipe a node on anomaly.
What Reflare Galena doesn't do (yet)
Mobile is limited. A full desktop needs a real screen; tablets work, phones don't.
Authoring is technical. A new scenario is a Docker image plus metadata, there's no drag-and-drop builder yet.
Reflare Galena vs Hack The Box, TryHackMe and Immersive Labs.
Most platforms are content you consume. Reflare Galena is infrastructure you build on. That's the difference an institution feels.
| Reflare Galena | Hack The Box | TryHackMe | Immersive Labs | |
|---|---|---|---|---|
| Run your own content & curriculum | Yes | Limited | Partial | Limited |
| White-label (your brand & domain) | Yes | No | No | Partial |
| Real Windows + Active Directory | Yes | Partial | Partial | Partial |
| Built-in AI skills assessment | Yes | No | No | No |
| On-prem / data residency control | Yes | No | No | Limited |
| Built for | Institutions | Individuals | Beginners | Enterprise risk |
Three ways to start. All of them end in a conversation.
Galena is priced against a real programme. Tell us what you're running and at what scale, and we'll come back with the right shape.
Pilot
A single cohort to evaluate Reflare Galena against your existing programme.
up to ~50 learners
Linux + Windows, curated scenarios
assessment included
Programme
A running training programme: recurring cohorts, your scenarios, your branding.
recurring cohorts
full library + custom scenarios
Galena-hosted or your cloud
custom rubrics + LMS export
Enterprise
Org-wide deployment: multiple programmes and teams, often on-premises.
your custom images
on-prem · SSO · audit
data residency · SLAs · dedicated contact
Frequently asked questions
Can we bring our own training content?
Yes. Reflare Galena is content-agnostic. A scenario is defined in a Docker image plus metadata, so you can run your own curriculum, or Reflare's , on the same platform.
Does it support Windows and Active Directory?
Yes. Real Windows server with persistent storage per learner, including domain joins for Active Directory attack and defence scenarios.
Can we run it on our own infrastructure?
Yes. Reflare Galena can be hosted by Reflare, deployed in your own cloud account, or run on-premises for full data-residency control.
How fast do environments launch?
Linux environments launch in under ten seconds. Windows environments typically take around two minutes.
Is there a fixed content library like Hack The Box?
No, and that's deliberate. Reflare Galena is infrastructure that you bring content to. Content comes from you or from Reflare, which is what makes white-labelled, institution-specific programmes possible.
How is Reflare Galena priced?
Against your programme and scale. Tell us what you're running and we'll propose the right shape.