The World's Premier Penetration Testing Lab in VPN


Features of the Hera Lab:

  • Best of breed Virtualization and Cloud computing
  • Forget shared access: isolated exclusive access per student
  • Forget idle VM's: Different routed networks per lab
  • New labs every month
  • Unmatched flexibility: Flat or On-Demand access
  • VPN access to our High capacity U.S. Datacenter
  • No wait time: instant access
  • New labs every month
  • Win / Linux / BSD systems
  • Play with Firewalls and IDS's
  • VPN access from everywhere
  • Play / Pause your own labs
  • User isolated access to labs
  • High Availability U.S. dacenters
  • Support: Win / *nix / OSX
  • Help via Forum / Chat
  • 100% Practical learning
  • Extremely easy to use

For the new as well as the more experiencied Penetration testers


Hera is a virtual platform which allows experienced penetration testers to build real-world scenarios for peers and students;
this allows them to learn offensive and defensive techniques in a safe and legal manner

With Hera Lab you can:

  • Practice Penetration testing affordably
  • Learn on new scenarios every month
  • Access a multitude of networks and OS's
  • Learn Nessus, Metasploit, nmap...in practice
  • Become a better Penetration tester in less time
  • Use your own attacking box from your own chair
  • Pay only for what you use / like / need



You can enter Hera Lab through two different plans:
  • On-Demand
    You will only be accounted for the time you spend on Hera Lab.
    You can choose between a 20 hours or 35 hours package.
    If you spend 7 minutes on our lab, we will only withdraw 7 minutes!
  • Unlimited For the most demanding, access our labs for 3 or 6 months without any limitations.

Hera Lab has a number of real world scenarios comprising of a multitude of computers connected together just for the purpose of being tested.
Every scenario is meant to allow you to practice particular phases of a Penetration test.
Extremely detailed lab manuals are given for each lab: you will be not only guided through the goals set forth for the lab but also receive detailed solutions so that you can learn what you didn't know.

Are you an experienced Penetration tester? Attempt solving the labs on your own then review the suggested solutions from our instructors.

When you enroll with the On-demand plan you can select a limited number of labs out of the many available. You will use the amount of time purchase to go through these labs.

Do you want all of the labs? Select the FLAT UNLIMITED and you will enjoy all our labs with no limitation.

Fire up OpenVPN client and start using the Labs in seconds.
You can use your own attacking box (Backtrack, Backbox, Ubuntu, MacOS, Windows...), wherever you are!

Enjoy learning on always new real world scenarios devised by our instructors who are penetration testers with years of experience in the field.

Every scenario has: different goals, different network topologies, different OS's and always multiple subnets routed and firewalled. Forget dummy virtual machines, you are going to penetrate complex corporate networks.





"A Masterpiece of Engineering for Penetration testers"

Many Lab Scenarios with Real World Targets, within Actually Routed Networks



For years students have been exposed to many kinds of hands-on training: downloadable vulnerable virtual machines, static physical servers to hack, clumsy shared access to virtual environments and all kinds of attempts to provide real world penetration testing experience.

eLearnSecurity engineers and instructors joined together to face the ambitious challenge of making hands-on Penetration testing training, efficient, flexible and effective under all the point of views.

Thanks to best-of-breed VMware virtualization technology, a partnership with Microsoft and the long experience in making things easy and flexible for our students, we are proud to bring HERA to life, the most advanced Virtual Lab on IT Security available today.

Running in our powerful U.S. datacenters and accessible through VPN, Hera allows our students to face always new scenarios in always different network topologies, without interfering with each other and without any constraints in terms of time: they can enjoy our new revolutionary On-Demand model.

Thanks to our On-Demand model, students can get an amount of hours of lab time to use at any time, to practice on the Labs that our instructors add to the platform every month.





New Labs are added every month

This is a list of Labs available in Hera as of April 14th, 2014. As new labs are added, you will find them here.

Each Lab comes with an extremely detailed Manual including step by step solutions.
Check out a sample (without related solution) here: Download a sample Lab Guide (without solutions)

# Lab Topic Category
1 This is a Box that students can access through RDP to find a full fledged environment with all the software and code samples included in our Exploit development modules of the System Security section of Professional training course.
Students will:
  • Use Dev C++, NASMX and Immunity Debugger to produce, compile and analyze code.
  • Analyze C++ applications vulnerable to Buffer overflows
  • Fuzz and Exploit real world applications
  • Write, encode and customize shellcodes
System Security
2 The student is given an entire /23 netblock as scope of engagement. This is a remote network protected by firewalls and no information is given about its hosts.
As a Penetration tester during the Information gathering phase, the student will have to apply all the appropriate techniques to:
  • Determine hosts that are alive using nmap
  • Enumerate DNS's, hostnames and domain names
  • Perform advanced DNS queries and transfers of zones
  • Detect firewalls
  • Map the remote network

Network Security
3 The student has to first perform host discovery against the remote network and then:
  • Use nmap to perform advanced TCP/UDP port scanning and determine open, closed and filtered ports
  • Determine the OS running on each host
  • Detect services running on each port
  • Perform 100% stealth port scans through Idle Scan
  • Use tools like Hping to craft packets, analyze response and find zombies for Idle Scan
  • Determine the role of each machine in the remote network
Network Security
4 Assessing vulnerabilities and exploiting them is the subject of this lab.
The student has to:
  • Master the use of Nessus to perform thorough Vulnerability scans
  • Determine an attack plan for the entire network
  • Exploit each machine with the most appropriate technique
  • Use Metasploit to gain access to the remote machines
  • Gain password hashes for all the users of the remote machine
  • Use advanced technique such as Pass-the-hash to exploit the entire network
Network Security
5 The student is exposed to a complex remote network with workstations accessible from the internet and a coporate intranet, made of multiple subnets, that the target organization wants to protect.
The student, is asked to prove that data can be extracted from the the Database Server residing within a DMZ of the organization.
The student will:
  • Perform Privilege escalation against different targets
  • Use different technique to maintain access to exploited machines
  • Harvest data, credentials and documents from the Organization Intranet
  • Map the internal network from remote
  • Determine the role of each internal machine
  • Perform a thorough investigation to work out a plan to penetrate the DMZ
  • Exploit weak authentication in protocols and services used in the Intranet
  • Infiltrate internal subnets through Pivoting using Metasploit
Network Security
6 Challenge your acquired skills against a real world corporation.
Infiltrate the corporate network by knowing nothing about it. Apply client side exploitation and web application attacks to obtain root access to one of the corporate networks.
The student will:
  • Perform a Blind penetration test
  • Apply sophisticated client-side exploitation against corporate workstations
  • Apply advanced web application attacks
  • Map the internal network from remote
  • Escalate privileges
  • Maintain access on the remote corporate network
Network Security
7 Mastering Nessus is the objective of this Lab. The student will become familiar with Nessus, and know exactly how to exploit its full potential.
The student will:
  • Perform a thorough vulnerability assessment of a network
  • Decide which plugins apply in different scenarios
  • Optimize scans through different configurations
  • Perform authenticated scans throughout the network for maximum results
  • Integrate Nessus and Metasploit
  • Perform automatic exploitation through Metasploit from Nessus results
Network Security
8 The purpose of this lab is to teach how to sniff, steal and crack credentials as well as how to obtain a shell on remote hosts. As a penetration tester the student has to first discover all alive hosts and then, through ARP poisoning, he must sniff all the communication within the network. Using Cain&Able, student will sniff and crack RDP, VNC, FTP credentials.
  • Perform ARP Poisoning attacks
  • Steal different protocols credentials
  • Crack passwords
  • Obtain a shell on different hosts
  • Bypass OS, Firewall and application security controls
Network Security
9 Access confidential documents in restricted shares within the organization network. You will exploit NetBIOS shares and null sessions.
The student will learn how to:
  • Test NetBIOS/SMB shares
  • Exploit weak passwords
  • Exploit null sessions
  • Find confidential documents
  • Gain access to corporate machines
Network Security
10 The student has to perform a penetration test from within the corporate network. He has to attack a real router, sniff all the data from within the organization, analyze the traffic and steal credentials.
The student will:
  • Attack the router through ARP poisoning
  • Sniff the switched network
  • Extract files and data from the network
  • Steal credentials
  • Map and explore network resources
  • Identify and Access sensitive data
Network Security
11 Access the corporate network using social engineering techniques and client side exploitation. The student will exploit a corporate workstation using the CVE-2012-4681 (java_jre17) and then gather information in order to find and exploit Linux Servers within the DMZ.
The student will learn how to:
  • Perform client-side exploitation against corporate workstations
  • Steal e-mails credentials
  • Map the organization internal network
  • Pivot to other networks
  • Fingerprint servers through pivoting
Network Security
12 The student is connected directly to the LAN network of the organizzation and he has to perform an internal Penetration Test. The network administrator stated that he has implemented a very strong password policy that is impossible to penetrate.
You have to perform:
  • Host discovery and Network Mapping
  • DNS resolution using Shell Script
  • Exploiting patched and non-patched machines using SMB Relay Attack
  • Manipulate network traffic with DNSspoof
Network Security
13 The student is going to do an internal Penetration Test and he is connected directly on the target organization LAN. The student knows that on each machine thre is a software firewall installed and that just few ports are opened.
You have to:
  • Scan the network and find vulnerable services
  • Discover a valid username and password
  • Obtain information with tools such as nmap, netdiscovery, snmpenum, hydra and metasploit
  • Get a shell on one of the remote machine
14 The purpose of this lab is to practice different privilege escalation techniques against a Windows 7 machine. The student can use different Metasploit modules, as well as manually create and upload a working exploit.
The student will learn how:
  • Use privilege escalation modules implemented into Metasploit
  • Create and use a privilege escalation exploit and manually gain SYSTEM privileges
  • Gather clear text password and accounts stored on the machine using tools such as mimikatz and incognito
15 The purpose of this lab is to practice different privilege escalation techniques against a Windows 7 machine. The student have to find wrong service configuration that may allow to escalate privileges on the remote machine.
The student will learn how:
  • Identify services configurations
  • Exploit vulnerable service implementation in order to escalate privileges to SYSTEM
  • Create and inject payload into existing binaries
16 Create your own exploit using several encoding tool and techniques and then test if different Antivirus programs identify your payload as a malicious threat.
You have to perform:
  • Create an exploit with msfpayload
  • Use msfencode to encode your exploit
  • Use veil to create and encode your exploit
17 In this lab you can practice with all the Ruby scripts explained in the training course Penetration Testing Professional.
You have to:
  • Extract information from nmap outputs
  • Create a Ruby TCP / UDP scanner
  • Create raw sockets
  • Forge packets
18 Challenge your Ruby programming skills against a real vulnerable service. The student has to detect a buffer overflow vulnerability affecting a remote service and write a working exploit with Ruby. Once the exploit is ready, the student will have to convert it into a working Metasploit module.
The student will learn how:
  • Find vulnerabilities on remote service
  • Create a Ruby exploit
  • Create a custom Metasploit module

If you are looking for a 100% practical lab for Web Application Security please click here




With the Flat model you can enroll in the lab for 90 or 180 days. Once you purchase the lab, you have up to 90 days to activate lab access.

For example, if you purchase today, you can activate the lab time on March 18 at the latest, that is 90 days from today.

Let's say you purchase 90 days package and you activate it on March 05, you will use your lab from March 05 to June 03.
Easy and Flexible!

During lab time you will be able to use the Lab 24/7 without any limitation.

You will also access ANY new lab that our instructors will publish on the platform during your account activity.
What if you cannot commit to use the lab for a full month? How many times things at work suddenly get hectic ? With other solutions you just waste your money. With our On-Demand model you just relax and take care of your learning whenever you are free to do so.

The On-Demand model is the revolutionary model that sets you free from time constraints and lets you fully exploit the learning potential provided by Hera.

With this model, you purchase an amount of hours (multiple of 60 minutes) that you can use at any time (max 1 year from purchase). Every time you will use Hera Lab, your account will track the minutes spent and will only account for them.

The On-demand model entitles you to select a limited number of labs from all the ones available the day you are enrolling.

Who gives you such a flexible, hassle-free and high quality learning experience?

    Flat On-Demand


Each with different goals

Including new ones
Select the ones you like

Time available

Time you can spend on Hera

90 or 180 consecutive days 20 or 35 hours
Use when you want

New Labs

New labs every month

yes To be acquired separately


Do you need help?

yes yes

Enroll now:




100% practical training in vpn



Francesco Stillavato
Francesco Stillavato is a security researcher and trainer at eLearnSecurity. He holds a Masterís degree in Information Security at University of Pisa. He's co-author of Penetration Testing Course Professional v3.
Currently involved in Network and Mobile Security research in eLearnSecurity R&D labs in Pisa, he's the manager of the Hera Lab project devising new scenarios and integrating new network topologies and operating systems within Hera infrastructure.


Bruno Caseiro
Bruno Caseiro is a Sr. Security Consultant with over 12 year's experience in information technology and security implementations. Bruno has performed many consultative engagements including penetration testing, vulnerability assessment, security design, malware analysis, and incident response.

Bruno currently works for McAfee and eLearnSecurity where he is the author of some of the Hera Labs. He also holds certifications like CISSP, CPT (Certified Penetration Tester), CCFE (Computer Certified Forensics Examiner), CEH, CompTIA Security+, MCSE Security, McAfee Certified Network Security Platform, McAfee Certified Assessment Specialist Network et al.





If you have questions that you don't find answered here please contact us.


How can I Enroll?

Please click here to see plans available and sign up



What software/hardware requirements are there?

You will need to use OpenVPN client that comes pre-installed in Backtrack 5 and that can be freely downloaded for Windows, Linux, and OSX. Please refer to OpenVPN client for requirements.

An internet connection speed of at least 128Kbit/s is recommended.


How do you provide support?

You have to know that we never leave you alone.

We provide a detailed Lab guide to set you up with OpenVPN and first usage of our lab (However it is really simple to use).

If you encounter technical issues or have questions regarding billing or for any question not related to the lab objectives, you can use Email and Live chat.

For support during your lab we have a nice and friendly dedicated forum where you can share ideas and ask for help to our instructors and fellow students.



What if I need more time for my lab? Can I extend it?

Sure. You can buy a new Flat or On-demand package at any time. The new lab time will be available in your account in matter of seconds after the purchase. Same applies if you acquire new labs.



What happens when there's a new lab?

If you have signed up with the Flat Unlimited plan you will find it in your account free of charge.
If you have signed up with the On-Demand plan you will need to buy a new set of labs (and eventually more hours) and select the new labs that you would like to do.

Please note: if you are enrolled in our Professional Penetration testing course with Bundled Hera, you will have ALL labs for FREE even with the On-Demand plan.



Can I request a refund if labs are too difficult for me?

Hera Lab is not included in our Money back guarantee program.