https://github.com/secdevops-cuse/CyberRange

The Open-Source AWS Cyber Range
https://github.com/secdevops-cuse/CyberRange

Last synced: 3 months ago
JSON representation

The Open-Source AWS Cyber Range

• Host: GitHub
• URL: https://github.com/secdevops-cuse/CyberRange
• Owner: secdevops-cuse
• Created: 2019-02-16T03:19:24.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2020-08-16T03:01:08.000Z (over 4 years ago)
• Last Synced: 2024-08-01T21:49:36.635Z (7 months ago)
• Language: HCL
• Homepage: https://medium.com/aws-cyber-range
• Size: 44.3 MB
• Stars: 458
• Watchers: 37
• Forks: 90
• Open Issues: 13
• Metadata Files:
  • Readme: README.md
  • Changelog: changelog.md

Awesome Lists containing this project

• awesome-github-repos - secdevops-cuse/CyberRange - The Open-Source AWS Cyber Range (HCL)

README

        
![alt text](img/cyberRange_logo_v2.png "Cyber Range")

[![CircleCI](https://circleci.com/gh/secdevops-cuse/CyberRange.svg?style=svg)](https://circleci.com/gh/secdevops-cuse/CyberRange)

# Overview: 

![Arsenal](https://github.com/secdevops-cuse/badges/blob/master/arsenal/europe/2019.svg)


This CyberRange project represents the first open-source Cyber Range blueprint in the world.

This project provides a bootstrap framework for a complete  offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. 

This project contains vulnerable systems and a toolkit of the most powerful open-source / community edition tools known to Penetration testers, Developers, Malware Analysts, Forensic/Reverse Engineers, ThreatHunters, & more.

![What does it create](img/CyberRange-architecture-v2.png)

![how long does it take](img/how-long-does-it-take.png)

# Get Started

To gain access you must send me your AWS account number so I can share the 30+ Amazon Machine Images (AMIs).  

Use my secure [FormAssembly](https://www.formassembly.com) form -> [CyberRange Sign-Up Form](https://www.tfaforms.com/4729221) 

Then - [Read the Getting Started Guide](tutorials/getting_started.md)




## Range History

### Release Notes: 

 [view the changelog](changelog.md)

v2 - released on Sept 6, 2019

    v2 is simply a collection of the best-in-class tools, most emerging toolsets, and bootstrap frameworks to create an integrated solution capable of enormous growth.

 

     features include: makefile, inspec tests, detection lab integration, commandoVM v2, 

     kali 2019.4 w/ the following opensource github tools: CyberRange, DetectionLab, IntruderPayloads, 

     aws-credential-compromise-detection, aws-nuke, blast-radius, cloudgoat, cloudmapper, packer-windows, 

     pacu, security-monkey-terraform, security_monkey, sites-using-cloudflare, 

     net-creds, Reconnoitre, shell_generator.sh, msploitego, awesome-nodejs-pentest, 

     cloudgoat, hammer, joomscan, learning-tools, LetsMapYourNetwork, 

     php-webshells, PowerHub, PowerSploit, snmpwn, vulhub, ScoutSuite, prowler, 

     pacbot, terraform-aws-secure-baseline, gitleaks, my-arsenal-of-aws-security-tools   

## Range Technology  

CyberRange combines best practices with emerging technologies.

 - Amazon Web Services

 - Kali

 - Nessus

 - Commando-VM - a windows-based penetration testing VM

 - Terraform

 - OpenSourced Vulnerable VM's [See Asset Inventory](asset-inventory.md)

 - using a CI/CD tool to verify builds [CircleCI](https://circleci.com/)

 - Docker / docker-compose 

 - Metasplotiable 2/3 & other open-source vuln vms on VulnHub

 - DetectionLab

 - Inspec - to test the state of your environment, application, system, processes, configurations, etc.

 - Plus Many more things to setup, configure, and experiment with.

 

## Domains of knowledge

This open-source research lab provides a bootstrap learning platform for 

Technologists studying any one of the "Big-3" technology skills.  

1. Cyber Security

2. Cloud Computing

3. DevOps

 

This project supports 7 gigantically broad domains of technical knowledge.

1. Offensive Security

2. SecDevOps

3. Architecture & Engineering

4. Vulnerability, Change, & Configuration Management

5. Quality Assurance

6. Auditing - Processing, Systems, Applications

7. Development - Infrastructure / Web Applications

# Mission Statement

 

The ultimate expectation is to emulate the quality, format, and presentation of 

the [Syracuse University Cyber SEED Labs](http://www.cis.syr.edu/~wedu/seed/Labs_16.04/) while 

creating strategic hubs of Cyber Security Center-of-Excellence Partnerships where the gap

between enterprise experience & academic learning is addressed by focusing training paths on 

people, products, and process. 

## 2020 Research Funding

[AWS Activate]() - AWS Activate Credits 

[AWS OpenSource]() - OpenSource Project Credits

CloudCraft License

### Credits

 - Chris Long - Detection Lab

 - Omar Santos - websploit & docker scripts

 - FireEye - CommandoVM & FlareVM

 - All Github projects

 - Kali Maintainers

 - Tenable Nessus Engineers

 - This project is a fork of [a well-architected terraform AWS framework -> fedekau/terraform-with-circleci-example](https://github.com/fedekau/terraform-with-circleci-example)