This CyberRange project represents the first open-source Cyber Range blueprint in the world.
This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud.
This project contains vulnerable systems and a toolkit of the most powerful open-source / community edition tools known to Penetration testers.
It simply provides a researcher with a disposable offensive / defensive AWS-based environment in less than 5 minutes.
To gain access you must send me your AWS account number so I can share the 30+ Amazon Machine Images (AMIs).
Use my secure FormAssembly form -> CyberRange Sign-Up Form
Then – Read the Getting Started Guide
view the changelog
v2 – released on Sept 6, 2019 v2 is simply a collection of the best-in-class tools, most emerging toolsets, and bootstrap frameworks to create an integrated solution capable of enormous growth.
features include: makefile, inspec tests, detection lab integration, commandoVM v2,
kali 2019.4 w/ the following opensource github tools: CyberRange, DetectionLab, IntruderPayloads,
aws-credential-compromise-detection, aws-nuke, blast-radius, cloudgoat, cloudmapper, packer-windows,
pacu, security-monkey-terraform, security_monkey, sites-using-cloudflare,
net-creds, Reconnoitre, shell_generator.sh, msploitego, awesome-nodejs-pentest,
cloudgoat, hammer, joomscan, learning-tools, LetsMapYourNetwork,
php-webshells, PowerHub, PowerSploit, snmpwn, vulhub, ScoutSuite, prowler,
pacbot, terraform-aws-secure-baseline, gitleaks, my-arsenal-of-aws-security-tools
CyberRange combines best practices with emerging technologies.
- Amazon Web Services
- Commando-VM – a windows-based penetration testing VM
- OpenSourced Vulnerable VM’s See Asset Inventory
- using a CI/CD tool to verify builds CircleCI
- Docker / docker-compose
- Metasplotiable 2/3 & other open-source vuln vms on VulnHub
- Inspec – to test the state of your environment, application, system, processes, configurations, etc.
- Plus Many more things to setup, configure, and experiment with.
Domains of knowledge
This open-source research lab provides a bootstrap learning platform for Technologists studying any one of the “Big-3” technology skills.
- Cyber Security
- Cloud Computing
This project supports 7 gigantically broad domains of technical knowledge.
- Offensive Security
- Architecture & Engineering
- Vulnerability, Change, & Configuration Management
- Quality Assurance
- Auditing – Processing, Systems, Applications
- Development – Infrastructure / Web Applications
The ultimate expectation is to emulate the quality, format, and presentation of the Syracuse University Cyber SEED Labs while creating strategic hubs of Cyber Security Center-of-Excellence Partnerships where the gap between enterprise experience & academic learning is addressed by focusing training paths on people, products, and process.
SEED Funding / Training Programs
AWS Educate – Free cloud training for students w/ edu address
AWS EdStart – $500 in AWS Credits for startup’s
Program Solicitation NSF 17-573 aims to make advancements in informal STEM learning.
Graduate Research Fellowship Program (GRFP) – SU’s Master of Cyber Security program requires a bit more funding, this is opensource – win,win,win.
America’s Seed Fund – a creative outlet
- Chris Long – Detection Lab
- Omar Santos – websploit & docker scripts
- FireEye – CommandoVM & FlareVM
- All Github projects
- Kali Maintainers
- Tenable Nessus Engineers
- This project is a fork of a well-architected terraform AWS framework -> fedekau/terraform-with-circleci-example