AWS Cyber Range — The Ultimate Cyber Lab Overview
The goal of this page is to provide a location for all of the core tools & product usages of the Cyber Range v2. Due to Windows Licensing, registration is required for access to the AMI’s — the registration form is below.
34+ Additional Tools on Kali — scroll down…
Demo:
In 33 seconds — the Cyber Range is goes through the setup, testing, and deletion of the standard range. There are many more options in the menu as well as the ability to configure / use vagrant & the cycling of create, test,destroy is a bit longer in real-life.
The creation takes 5-minutes. Testing is relatively quick as well
Those are tutorials will be placed in a separate wiki and linked to this page when available.
Github:
The official location of the project is in Github. This medium portal serves as its official content publishing platform.
Company Support & Free-Tier Tooling
Let’s face it — Tools are a key component of speed in any successful project. This project provides an open-source cyber range framework of tools to help you ramp up quickly across offensive security, defensive security, security intelligence, and reverse engineering.
This project simply would not exist without the support of the companies/individuals who appreciate open-source tool development. I can echo that for products who offer “Free-Tier” tooling. This list includes links to those licenses.
As this project continues to evolve, I believe it is appropriate to briefly identify repositories, authors, and corporate supports…
Tenable
Tenable has provided me an w/ an unique opportunity to educate, then share my knowledge.
They sponsored the initial public presentation of the Cyber Range to the Bsides London Security Community in June 2019. As well as sponsoring the upcoming BlackHat Arsenal demo in Dec. 2019.
There are many reasons why Tenable is #1 on this list, #1 in the market, & the #1 company providing the “strongest current offering” — these are not just my words —below is the visual from an independent Forrester Research study.
I very much believe in the product, process, and the people — the 3-P’s that Marcus Lemonis (aka. TheProfit) builds successful businesses around. I believe the Tenable Culture supports and embraces the 3-P’s.
Tenable is a sponsor of many industry leading Cyber Security Conferences across the world. The Tenable Research organization also has a very respectable foundation of technical publications, conference presentation content, and contributions. I’d strongly encourage you to browse through my peers deep-research & write-ups — their knowledge, articulation, and capabilities is simply inspiring.
If you’ve read this far you know the Cyber Range is full of Open-Source tools.
Some tools included in the Range have free licenses available. I’ve included a slightly dated Nessus binary on the Kali instance. You can install Nessus, and use a free Nessus-Essentials license to start learning about the how the world’s best vulnerability management tool identifies Cyber Exposures.
I’ve created roughly 20 VulnHub assets in AWS, including multiple Metasploitable assets — purposely vulnerable systems & webapps.
I’ve included a quick link below to help you get the free essentials license.
Educational License
JetBrains IDE — With a Student address you have the full access to all of their products for a year.
Tenable for Education
I currently have individuals from roughly 20 universities in the Cyber Range ListServ. If you are an educator or Cyber Range Administrator — then I believe the Tenable for Education is something you should inquire about. I truly believe the ability to understand Vulnerability Management is one key domain of reducing your Cyber Exposure. The tooling is simply the way to do it quicker, faster, cheaper, and more accurately.
Form Assembly
The leader in enterprise data collection & the provider of the Cyber Range Registration Form.
This is truly a great tool to have in your toolkit. It is a dynamic Form Building that I need to outline at some point. It provides an enormous amount of functionality with 20+ 3rd party integration points — including Online Payment Provider Integration compliance, to SalesForce, Web Services, and Accounting systems.
The ability to create a form, connect it to a system, quickly publish it, while successfully normalizing and securing the ingestion and transferring of data is an enormous asset.
With wide-ranging integrations & enterprise-level secure data compliance the FormAssembly Forms are an awesome experience.
Terraform:
Terraform is a key orchestration tool of the Cyber Range. This can create everything or just a couple of things. It all depends on what you tell Terraform to do.
Vagrant:
This is a well-known DevOps Tool. In anticipation of the BlackHat Arsenal, I started added Vagrant functionality. The goal simply was to provide a way to startup/shut-down/destroy systems. Vagrant can’t create all the network-y assets that Terraform can, however when we combine the 2 tools — we have the ability to create, save, restart, and destroy persistent states.
I believe this helps researchers by providing a Cloud Lab that can be shutdown to minimize cost when not in-use.
Slides of the first public release:
Before I continue with the list of tools, let me offer you an opportunity to review the recorded presentation and/or associated slides. The YouTube recording provides a 35-min discussion about the tools, technologies, and concepts within the project.
If you don’t have time for the presentation, then simply review the SlideShare 16-pg presentation from the initial release.
I’ll plan to update this article with content in the future as I believe a well-organized index of publications, presentations, and tools is enormously helpful.
Aside from the filler-word/specific-word repetition, the initial presentation of the #BSides #London YouTube Recording above provides an excellent overview of the tools and technologies which the Range provides to all users and educators.
The goal with the medium space is to cultivate the content into a progressive stream of educational content that will help everyone from the Novice to the Expert.
Architecture Overview
The GitHub is going to be the location of the latest & greatest content.
Continuous Integration / Continuous Delivery
Build Pipelines are critical in application development. We can add unit, integration, behavior, security, performance, and load testing — plus any other custom tests — to the tooling that performs automated checks.
This project uses the CircleCi platform.
Inspec.io
Automated testing and auditing is a key milestone. These tests are not currently part of the build pipeline simply because to automated testing of the Cyber Range requires assets to be created and tested against.
However this is available to each administrative end-user of the Cyber Range. The 30 second demo above outlines the make checkLab scenario which performs a series of inspec related tests.
Product Integrations
The Cyber Range represents an open-source conglomerate with formal and informal partnerships to promote the best.
For Example, FireEye — I personally connected with Blaine, one of the FireEye Engineers, after the BlackHat Vegas Arsenal Presentation 2019. I reconnected with him recently & I’m proud to say he was willing to sponsor this Cyber Range Project w/ official Commando / FlareVM laptop Stickers!
These FireEye VM’s are core components of the range so I am sharing a few links to their Blogs
T-Pot: Security Intelligence / HoneyPot Platform
This platform is awesome. It provides a complete threat intelligence analysis platform and is updated quite often, if not daily.
Detection Lab
This project is authored by Chris Long. I reached out to him on Github to create awareness of the Cyber Range initiative & to obtain official DetectionLab sponsorship for the BlackHat Arsenal.
He quickly responded, expressed his support / interest and suggested we reconnect on future activities.
Open-Source Tools on the Kali box:
The BlackHat Security Conferences provide you with an awesome networking experience. Over the last few years I’ve collected a list of open-source tooling which I am studying, actively using, or are on my “To Do” list.
All of these tools are located on the Kali instance as a part of the Cyber Range Kali box. In the future updates to this Medium Post I plan to reorganize and document some of the tools below but for the time being I’m just providing the initial list.
