Hands-on cybersecurity training, without the VM farm.
Reflare Hydra gives every learner an isolated Linux or Windows desktop in the browser - at scale, with assessment built in.
A full Kali or Windows server environment opens in a browser tab in seconds. No install, no VPN, no local setup, no "it works on my machine." You bring the curriculum; Hydra runs the infrastructure.
In production with enterprise, government and academic security programmes
officers in a metropolitan police cyber unit train on Hydra
THE PROBLEM
Stop running a VM farm to teach security.
Hands-on training means giving people real machines. Do it yourself, and someone burns every cohort creating accounts, distributing credentials, rebuilding broken images, chasing version drift, cleaning up afterwards — then bolting a scoring system onto the side.
Hydra is that infrastructure, managed. Provisioning, networking, isolation, persistence, cleanup, scoring and assessment are handled. Your team works on content and outcomes, not plumbing.
What can you run on Reflare Hydra?
Anything that needs a real, interactive computing environment. Hydra is content-agnostic: the platform provides the machine, your Docker images define what's on it.
Digital forensics
Windows and Linux investigation environments — memory captures, disk images, Volatility, network artefacts. The full toolchain, not a stripped-down VM.
Offensive security
Pwn, web and crypto exercises with real debugging stacks (gdb, ptrace) — isolated per learner so binary exploitation stays inside the session.
SOC & incident response
Log analysis, alert triage and incident-response workflows on realistic environments — the day job, rehearsed safely.
Active Directory attack & defence
Multi-host Windows environments with real domain joins, so attack paths and detection are practised on the real thing.
CTF competitions
The full lifecycle: challenge deployment, team management, scoring, hints and leaderboards — your content or Reflare's.
Custom corporate programmes
Bring your own scenarios and curriculum. Scenario-as-code, versioned in your repo. You write it; Hydra runs it.
Four things your team stops worrying about.
True isolation, per learner
Every learner gets their own container and network. No shared sandbox where one person can break — or peek at — another's lab. Even a container escape lands on a node that holds nothing of value.
Real environments, not facsimiles
Full Windows server. Real Linux. Real kernels, real syscalls, real network stacks. Security tooling expects a real OS — so give it one.
From a pilot to org-wide
The same control plane runs your five-person evaluation and your largest annual programme. Capacity is a question of hardware, not a rebuild.
AI assessment, built in
Not a separate quiz tool. Hydra grades free-text answers across competency domains, flags skill gaps and gives managers a dashboard — inside the same platform.
AI ASSESSMENT
How does Hydra assess skills?
Hydra includes an AI-powered assessment platform that goes well beyond multiple choice. Learners answer domain-specific questions — including free-text, where they explain concepts or work through scenarios — and an AI evaluates each response for accuracy, completeness and depth.
Results break down across competency domains. For a SOC analyst, that means network analysis, log analysis, incident response and threat intelligence — each scored, with skill-gap analysis, a recommended learning path, and a career-readiness signal such as SOC Tier 1. Scoring takes about a minute. Training managers see individual and group analytics in a dashboard.
How does Reflare Hydra work?
One control plane, one browser surface, real machines behind both. The learner opens a browser and gets a live environment; everything else is managed for them.
Learners connect in the browser. No client, no plugin, no VPN — works on locked-down endpoints.
Hermes brokers the session and persists work between sittings; instructors can shadow or broadcast.
Atlas provisions isolated Linux containers; Styx provisions real Windows server. Policy-driven networking per learner.
AI scoring and reporting for instructors and managers, in the same platform.
Linux launch time: under 10 seconds
Windows launch time: roughly 2 minutes
Storage: CephFS distributed storage
Remote desktop: Guacamole-class display protocol
Performance: responsive even with Burp Suite and other heavy Java tooling
Linux environments launch in under ten seconds; Windows in roughly two minutes. Browser desktops are delivered over a Guacamole-class display protocol, so heavy tooling stays smooth.
Where does the data live, and how is it isolated?
Hydra's core runs on Reflare-controlled hardware, not US public cloud, so student data, content and platform state sit outside US jurisdiction, the point that matters most to European and Japanese buyers weighing the US CLOUD Act. You can run Hydra on-premises or in your own cloud account.
The architecture is split on purpose: the application that holds user data is separated from the nodes that run environments, and the two talk over signed, encrypted tokens. The environment nodes hold nothing sensitive, so even a full compromise of one exposes no user data. Nodes are patched hourly and watched by a monitor that can wipe a node on anomaly.
What Hydra doesn't do (yet)
Mobile is limited. A full desktop needs a real screen; tablets work, phones don't.
Authoring is technical. A new scenario is a Docker image plus metadata, there's no drag-and-drop builder yet.
Reflare Hydra vs Hack The Box, TryHackMe and Immersive Labs.
Most platforms are content you consume. Hydra is infrastructure you build on. That's the difference an institution feels.
| Hydra | Hack The Box | TryHackMe | Immersive Labs | |
|---|---|---|---|---|
| Run your own content & curriculum | Yes | Limited | Partial | Limited |
| White-label (your brand & domain) | Yes | No | No | Partial |
| Real Windows + Active Directory | Yes | Partial | Partial | Partial |
| Built-in AI skills assessment | Yes | No | No | No |
| On-prem / data residency control | Yes | No | No | Limited |
| Built for | Institutions | Individuals | Beginners | Enterprise risk |
Three ways to start. All of them end in a conversation.
Hydra is priced against a real programme, not a sticker. Tell us what you're running and at what scale, and we'll come back with the right shape.
Pilot
A single cohort to evaluate Hydra against your existing programme.
up to ~50 learners
Linux + Windows, curated scenarios
assessment included
Programme
A running training programme — recurring cohorts, your scenarios, your branding.
recurring cohorts
full library + custom scenarios
Hydra-hosted or your cloud
custom rubrics + LMS export
Enterprise
Org-wide deployment — multiple programmes and teams, often on-premises.
your custom images
on-prem · SSO · audit
data residency · SLAs · dedicated contact
Frequently asked questions
Can we bring our own training content?
Yes. Hydra is content-agnostic. A scenario is defined in a Docker image plus metadata, so you can run your own curriculum — or Reflare's — on the same platform.
Does it support Windows and Active Directory?
Yes — real Windows server with persistent storage per learner, including domain joins for Active Directory attack and defence scenarios.
Can we run it on our own infrastructure?
Yes. Hydra can be hosted by Reflare, deployed in your own cloud account, or run on-premises for full data-residency control.
How fast do environments launch?
Linux environments launch in under ten seconds. Windows environments typically take around two minutes.
Is there a fixed content library like Hack The Box?
No — and that's deliberate. Hydra is infrastructure, not a catalogue. Content comes from you or from Reflare, which is what makes white-labelled, institution-specific programmes possible.
How is Reflare Hydra priced?
Against your programme and scale, not a per-seat sticker. Tell us what you're running and we'll propose the right shape.