This is the presentation of the SecDevOps-Cuse/CyberRange project. A project which aims to provide security researchers with a bootstrapped solution for building a personal research lab full of vulnerable assets, researcher tools, and well-known technologies like Nessus, Metasploit, FlareVM + many more...

1. SecDevOps@Cuse
Cyber Range
An Open-Source AWS-based
Offensive/Defensive Learning Environment
For Every Cyber Security Researcher
GitHub: Secdevops-cuse/CyberRange
Fork of: fedekau/terraform-with-circleci-example

3. What & How Much?

4. Demo’s First
Create the assetsShow what’s going to be setup / created

5. Technologies used
AWS
Git-Secrets
Terraform
Inspec
Kali
Packer
Chocolatey
Cloud-Init
Vulnerable Assets:
- Metasploitable 2 & 3 windows
- Metasploitable 2 nix
- Vulnhub vms
- Damn Vulnerable*
Researcher assets:
- Commando
- Kali
- Remnux
- Flarevm
- T-Pot
- DetectionLab*
- HoneyPot Network*

6. Terraform - Environments / Region Example
./terraform
environments/
├── eu-west-2
└── us-east-1
eu-west-2/
├── main.tf
├── terraform.tfvars
├── variables.tf
└── versions.tf

7. Environment - Main.tf
● Setup provider
● Setup staging-state
● Setup s3 backend
● Setup the infrastructure
Variables.tf

8. Terraform Tip - Securing Credentials
Access Keys:
Bad:
provider "aws" {
region = "eu-west-1" # Ireland region, change as you wish
access_key = "1234567890"
secret_key = "1234567890"
}
Good:
provider "aws" {
region = "${var.region}"
shared_credentials_file = "${pathexpand("~/.aws/credentials")}"
}

9. Infrastructure & Region - Main.tf

10. Infrastructure *aaS
network/
├── eips.tf
├── gateways.tf
├── output.tf
├── routes.tf
├── subnets.tf
├── variables.tf
└── vpc.tf
secdevops/
├── attackers.tf
├── aws_ami.tf
├── aws_key_pairs.tf
├── ctf.playground.tf
├── honeyPots.tf
├── malware.tf
├── output.tf
├── security_groups.tf
├── security_groups_rules.tf
├── targets.nix.tf
├── targets.windows.tf
├── tenable.tf
├── variables.tf
└── variables.tf.template
├── assets
│ ├── network
│ └── secdevops
├── cloud-init
│ ├── awsinspector.setup.yml
│ ├── bootstrap.commando.yml
│ ├── bootstrap.flarevm.yml
│ ├── bootstrap.windows.yml
│ ├── docker.setup.yml
│ ├── docker.targets.yml
│ ├── docker.tools.yml
│ ├── fbctf.setup.yml
│ ├── kali.yml
│ ├── tpot.setup.yml
│ └── windows.bootstrap.yml
├── main.tf
├── output.tf
└── variables.tf

11. CircleCI Build Workflow
Configuration file: .circleci/config.yml
Build, Plan, Apply Checks
Note: terraform v0.12 was just released 5/23
Issue #21515: Apply Graph bug -> plan --out files are not being applied correctly. Workaround exists, impacts CI.
Issue #21582: Apply --target does not create all network dependencies

12. CircleCI Workflow

13. AWS-Nuke
Tips:
● Leveraged a dedicated Organization / Account ID
● 1 Region at a time
● Carefully review Dry-Run output
● Update white-list of required assets often
● Initialize early / Purge often

14. Next Phases of R&D

15. Inspec Tests
Malware Lab - https://github.com/ytisf/theZoo
https://www.malware-traffic-analysis.net/
https://cuckoo.sh/docs/installation/guest/linux.html
https://github.com/aol/moloch
https://github.com/killswitch-GUI/Fuzz-FFmpeg
Future Research

16. Future Research
Packer:
http://jen20.com/2015/04/02/windows-amis-without-the-tears.html
https://operator-error.com/2018/04/16/windows-amis-with-even/
Compiler Explorers:
https://godbolt.org/
HoneyPot Network - https://github.com/threatstream/agave