/CyberRange

Development repo of the worlds 1st open-source AWS Cyber Range. Medium home - https://medium.com/aws-cyber-range

Primary LanguageHCL

alt text CircleCI

Overview:

Arsenal
This CyberRange project represents the first open-source Cyber Range blueprint in the world.

This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud.

This project contains vulnerable systems and a toolkit of the most powerful open-source / community edition tools known to Penetration testers, Developers, Malware Analysts, Forensic/Reverse Engineers, ThreatHunters, & more.

What does it create how long does it take

Get Started

To gain access you must send me your AWS account number so I can share the 30+ Amazon Machine Images (AMIs).

Use my secure FormAssembly form -> CyberRange Sign-Up Form

Then - Read the Getting Started Guide

Range History

Release Notes:

view the changelog

v2 - released on Sept 6, 2019 v2 is simply a collection of the best-in-class tools, most emerging toolsets, and bootstrap frameworks to create an integrated solution capable of enormous growth.

 features include: makefile, inspec tests, detection lab integration, commandoVM v2, 
 kali 2019.4 w/ the following opensource github tools: CyberRange, DetectionLab, IntruderPayloads, 
 aws-credential-compromise-detection, aws-nuke, blast-radius, cloudgoat, cloudmapper, packer-windows, 
 pacu, security-monkey-terraform, security_monkey, sites-using-cloudflare, 
 net-creds, Reconnoitre, shell_generator.sh, msploitego, awesome-nodejs-pentest, 
 cloudgoat, hammer, joomscan, learning-tools, LetsMapYourNetwork, 
 php-webshells, PowerHub, PowerSploit, snmpwn, vulhub, ScoutSuite, prowler, 
 pacbot, terraform-aws-secure-baseline, gitleaks, my-arsenal-of-aws-security-tools   

Range Technology

CyberRange combines best practices with emerging technologies.

  • Amazon Web Services
  • Kali
  • Nessus
  • Commando-VM - a windows-based penetration testing VM
  • Terraform
  • OpenSourced Vulnerable VM's See Asset Inventory
  • using a CI/CD tool to verify builds CircleCI
  • Docker / docker-compose
  • Metasplotiable 2/3 & other open-source vuln vms on VulnHub
  • DetectionLab
  • Inspec - to test the state of your environment, application, system, processes, configurations, etc.
  • Plus Many more things to setup, configure, and experiment with.

Domains of knowledge

This open-source research lab provides a bootstrap learning platform for Technologists studying any one of the "Big-3" technology skills.

  1. Cyber Security
  2. Cloud Computing
  3. DevOps

This project supports 7 gigantically broad domains of technical knowledge.

  1. Offensive Security
  2. SecDevOps
  3. Architecture & Engineering
  4. Vulnerability, Change, & Configuration Management
  5. Quality Assurance
  6. Auditing - Processing, Systems, Applications
  7. Development - Infrastructure / Web Applications

Mission Statement

The ultimate expectation is to emulate the quality, format, and presentation of the Syracuse University Cyber SEED Labs while creating strategic hubs of Cyber Security Center-of-Excellence Partnerships where the gap between enterprise experience & academic learning is addressed by focusing training paths on people, products, and process.

2020 Research Funding

AWS Activate - AWS Activate Credits AWS OpenSource - OpenSource Project Credits CloudCraft License

Credits