https://github.com/michael-borck/cybersecurity-lab-lateral-movement
Provides Docker-based lab environment for practicing lateral movement techniques in cybersecurity.
https://github.com/michael-borck/cybersecurity-lab-lateral-movement
cybersecurity docker docker-compose edtech ethical-hacking html lab-environment lateral-movement network-security penetration-testing security-lab security-training vulnerability-assessment vulnerable-applications
Last synced: 2 days ago
JSON representation
Provides Docker-based lab environment for practicing lateral movement techniques in cybersecurity.
- Host: GitHub
- URL: https://github.com/michael-borck/cybersecurity-lab-lateral-movement
- Owner: michael-borck
- License: other
- Created: 2025-10-14T04:56:47.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2026-06-25T11:08:12.000Z (17 days ago)
- Last Synced: 2026-06-25T12:21:24.494Z (17 days ago)
- Topics: cybersecurity, docker, docker-compose, edtech, ethical-hacking, html, lab-environment, lateral-movement, network-security, penetration-testing, security-lab, security-training, vulnerability-assessment, vulnerable-applications
- Language: HTML
- Size: 51.8 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# CYB204 Lateral Movement Lab Environment
[](https://github.com/topics/cybersecurity) [](https://github.com/topics/docker) [](https://github.com/topics/docker-compose) [](https://github.com/topics/edtech) [](https://github.com/topics/ethical-hacking) [](https://github.com/topics/html) [](https://github.com/topics/lateral-movement) [](https://github.com/topics/penetration-testing) [](https://github.com/topics/security-lab) [](https://github.com/topics/vulnerable-applications)
This Docker-based lab environment provides a safe, isolated network for practicing lateral movement techniques as part of the CYB204 Ethical Hacking course.
## System Requirements
This lab has been designed to run on low-powered laptops across Linux, Windows, and Mac platforms.
### Minimum Requirements:
- 4GB RAM (8GB recommended)
- 10GB free disk space
- Docker Desktop or Docker Engine installed
- Docker Compose v2.0 or higher
### Tested On:
- Windows 10/11 with Docker Desktop
- macOS (Intel and Apple Silicon)
- Ubuntu Linux 20.04+
## Installation
### 1. Install Docker
**Windows/Mac:**
- Download and install [Docker Desktop](https://www.docker.com/products/docker-desktop/)
- Ensure Docker Desktop is running before proceeding
**Linux:**
```bash
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Install Docker Compose
sudo apt-get install docker-compose-plugin
# Add your user to docker group
sudo usermod -aG docker $USER
newgrp docker
```
### 2. Get the Compose File
The lab images are pre-built and published to GitHub Container Registry (GHCR),
so you don't need to build anything — you only need the `docker-compose.yml`
file. Clone the repo (or just download `docker-compose.yml`):
```bash
git clone https://github.com/michael-borck/cybersecurity-lab-lateral-movement.git
cd cybersecurity-lab-lateral-movement
```
### 3. Start the Lab Environment
```bash
docker compose up -d
```
The first run pulls the pre-built images from GHCR (a few minutes depending on
your connection); subsequent startups are near-instant. The images are
published as multi-architecture, so the correct build is pulled automatically
on Intel/AMD machines and on Apple Silicon Macs.
> **Instructors / developers:** to build the four custom images locally instead
> of pulling them, layer the build override file on top of the base compose:
>
> ```bash
> docker compose -f docker-compose.yml -f docker-compose.build.yml up -d --build
> ```
>
> Pushes to `main` rebuild and republish the images automatically via the
> `.github/workflows/build.yml` GitHub Actions workflow.
### 4. Verify All Containers Are Running
```bash
docker-compose ps
```
You should see 8 containers running:
- secutils
- workstation
- ubuntu-desktop
- ldap
- mysql
- telnet
- juice-shop
- dvwa
## Lab Architecture
### Network Configuration
- **Subnet:** 172.20.0.0/24
- **Network Name:** cyb204_net
### Container IPs and Services
| Container | IP Address | Services | Purpose |
|-----------|------------|----------|---------|
| secutils | 172.20.0.10 | Attack tools | Primary attack client with nmap, impacket, etc. |
| workstation | 172.20.0.20 | SSH (22), SMB (139/445) | Linux target with shared resources |
| ubuntu-desktop | 172.20.0.30 | SSH (22) | Ubuntu target with config files |
| ldap | 172.20.0.40 | LDAP (389) | Directory service target |
| mysql | 172.20.0.50 | MySQL (3306) | Database target |
| telnet | 172.20.0.60 | Telnet (23) | Telnet service target |
| juice-shop | 172.20.0.70 | HTTP (3000) | Vulnerable web application |
| dvwa | 172.20.0.80 | HTTP (80) | Damn Vulnerable Web App |
### Default Credentials
**Workstation:**
- labuser / Password123
- admin / Admin123!
- root / RootPass123
**Ubuntu-Desktop:**
- user1 / User123
- developer / Dev2023!
**Telnet:**
- telnetuser / Telnet123
- guest / guest
**MySQL:**
- root / root123
- dbuser / dbpass123
**LDAP:**
- Admin DN: cn=admin,dc=cyb204,dc=local
- Password: admin123
## Quick Start Guide
### Access the Attack Container (secutils)
```bash
docker exec -it secutils /bin/bash
```
### Basic Commands
**Scan the network:**
```bash
nmap -sP 172.20.0.0/24
```
**Detailed service scan:**
```bash
nmap -sV 172.20.0.20
```
**Check container IPs:**
```bash
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'
```
**Access other containers directly:**
```bash
docker exec -it workstation /bin/sh
docker exec -it ubuntu-desktop /bin/bash
```
**View web applications:**
- Juice Shop: http://localhost:3000
- DVWA: http://localhost:8080
## Lab Exercises
Follow the exercises in `week09-worksheet-movement.docx` to:
1. Enumerate the network
2. Dump credentials from Linux systems
3. Exploit trust relationships via SSH and SMB
4. Practice remote code execution
5. Understand lateral movement techniques
## Troubleshooting
### Containers won't start
```bash
# Stop all containers
docker-compose down
# Remove old containers and networks
docker-compose down -v
# Rebuild and start fresh
docker-compose build --no-cache
docker-compose up -d
```
### Out of memory errors
```bash
# On Docker Desktop: Increase memory allocation in Settings > Resources
# Minimum 4GB recommended, 6-8GB ideal for all containers
# Stop unnecessary containers
docker-compose stop juice-shop dvwa
```
### Can't connect between containers
```bash
# Verify network exists
docker network ls | grep cyb204
# Check container IPs
docker network inspect cyb204_net
```
### Permission denied errors
```bash
# Linux users: ensure you're in docker group
sudo usermod -aG docker $USER
newgrp docker
```
## Stopping the Lab
### Stop all containers (preserves data):
```bash
docker-compose stop
```
### Stop and remove containers:
```bash
docker-compose down
```
### Complete cleanup (removes everything):
```bash
docker-compose down -v
docker system prune -a
```
## Security Notes
**IMPORTANT:** This lab environment contains intentionally vulnerable systems and should ONLY be used for educational purposes in an isolated environment.
- Do NOT expose these containers to the internet
- Do NOT use these configurations in production
- All passwords are intentionally weak for educational purposes
- Practice ethical hacking principles at all times
## Resource Usage
Typical resource usage with all containers running:
- **Memory:** 2-4GB RAM
- **CPU:** 10-20% on modern systems
- **Disk:** ~2GB for images
To reduce resource usage, stop unused containers:
```bash
docker-compose stop juice-shop dvwa
```
## Support
If you encounter issues:
1. Check the troubleshooting section above
2. Review Docker logs: `docker-compose logs `
3. Verify Docker Desktop is running and allocated sufficient resources
4. Contact your instructor with error messages and system specifications
## License
This lab environment is created for educational purposes for CYB204 Ethical Hacking course.