The document describes the setup of an open-source AWS-based cyber range for offensive and defensive cybersecurity training, utilizing tools like Terraform, Kali, and various vulnerable assets. It outlines the infrastructure organization and configuration, emphasizes the importance of securing access keys, and provides tips for using CircleCI and AWS Nuke. Future research directions and resources for malware analysis and honeypot networks are also mentioned.

1. SecDevOps@Cuse
Cyber Range
An Open-Source AWS-based
Offensive/Defensive Learning Environment
For Every Cyber Security Researcher
GitHub: Secdevops-cuse/CyberRange
Fork of: fedekau/terraform-with-circleci-example

3. What & How Much?

4. Demo’s First
Create the assetsShow what’s going to be setup / created

5. Technologies used
AWS
Git-Secrets
Terraform
Inspec
Kali
Packer
Chocolatey
Cloud-Init
Vulnerable Assets:
- Metasploitable 2 & 3 windows
- Metasploitable 2 nix
- Vulnhub vms
- Damn Vulnerable*
Researcher assets:
- Commando
- Kali
- Remnux
- Flarevm
- T-Pot
- DetectionLab*
- HoneyPot Network*

6. Terraform - Environments / Region Example
./terraform
environments/
├── eu-west-2
└── us-east-1
eu-west-2/
├── main.tf
├── terraform.tfvars
├── variables.tf
└── versions.tf

7. Environment - Main.tf
● Setup provider
● Setup staging-state
● Setup s3 backend
● Setup the infrastructure
Variables.tf

8. Terraform Tip - Securing Credentials
Access Keys:
Bad:
provider "aws" {
region = "eu-west-1" # Ireland region, change as you wish
access_key = "1234567890"
secret_key = "1234567890"
}
Good:
provider "aws" {
region = "${var.region}"
shared_credentials_file = "${pathexpand("~/.aws/credentials")}"
}

9. Infrastructure & Region - Main.tf

10. Infrastructure *aaS
network/
├── eips.tf
├── gateways.tf
├── output.tf
├── routes.tf
├── subnets.tf
├── variables.tf
└── vpc.tf
secdevops/
├── attackers.tf
├── aws_ami.tf
├── aws_key_pairs.tf
├── ctf.playground.tf
├── honeyPots.tf
├── malware.tf
├── output.tf
├── security_groups.tf
├── security_groups_rules.tf
├── targets.nix.tf
├── targets.windows.tf
├── tenable.tf
├── variables.tf
└── variables.tf.template
├── assets
│ ├── network
│ └── secdevops
├── cloud-init
│ ├── awsinspector.setup.yml
│ ├── bootstrap.commando.yml
│ ├── bootstrap.flarevm.yml
│ ├── bootstrap.windows.yml
│ ├── docker.setup.yml
│ ├── docker.targets.yml
│ ├── docker.tools.yml
│ ├── fbctf.setup.yml
│ ├── kali.yml
│ ├── tpot.setup.yml
│ └── windows.bootstrap.yml
├── main.tf
├── output.tf
└── variables.tf

11. CircleCI Build Workflow
Configuration file: .circleci/config.yml
Build, Plan, Apply Checks
Note: terraform v0.12 was just released 5/23
Issue #21515: Apply Graph bug -> plan --out files are not being applied correctly. Workaround exists, impacts CI.
Issue #21582: Apply --target does not create all network dependencies

12. CircleCI Workflow

13. AWS-Nuke
Tips:
● Leveraged a dedicated Organization / Account ID
● 1 Region at a time
● Carefully review Dry-Run output
● Update white-list of required assets often
● Initialize early / Purge often

14. Next Phases of R&D

15. Inspec Tests
Malware Lab - https://github.com/ytisf/theZoo
https://www.malware-traffic-analysis.net/
https://cuckoo.sh/docs/installation/guest/linux.html
https://github.com/aol/moloch
https://github.com/killswitch-GUI/Fuzz-FFmpeg
Future Research

16. Future Research
Packer:
http://jen20.com/2015/04/02/windows-amis-without-the-tears.html
https://operator-error.com/2018/04/16/windows-amis-with-even/
Compiler Explorers:
https://godbolt.org/
HoneyPot Network - https://github.com/threatstream/agave