cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Robert
Newcomer II

Building a cyber range

Folks

 

I wondered if anyone had any good advice best practice for someone starting from scratch to build a cyber range for training and research purposes.

 

Regards

Robert

5 Replies
Baechle
Advocate I

Robert,

 

Building a “Cyber Range” can be simple or complex depending on what you want to do. 

 

For a Red-Team Attack Range

To get started, the most basic range can be a computer running MetaSploitable images in a handful of VMs:

https://www.youtube.com/watch?v=orYbXHm_UXY

 

To add infrastructure, you can create virtual network infrastructure devices by running the Cisco IOS instances inside VMware:

https://www.youtube.com/watch?v=MtQ2XRCv4u8

 

For a Blue Team Defense Range

You could start with the HoneyNet Project and add nodes to participate.  Pretty much you’re running live systems with Sebek or something similar to dump off live interactions for you to watch or replay.

 

https://www.ukessays.com/dissertation/examples/information-technology/honeynet.php

 

An interesting alternative would be to try to run MetaSploitable systems with Sebek running to watch people on intentionally vulnerable machines.

 

Sincerely,

Eric B.

Robert
Newcomer II

Thanks I came across the Open Cyber Challenge Platform (OCCP) which looks interesting.

 

Open Cyber Challenge

jameseirvingi
Viewer

Caute_cautim
Community Champion

HI All

 

You could also review current ones, and see how they run them?

 

https://www.ibm.com/services/security-operations-center

 

https://newsroom.ibm.com/2022-02-23-New-IBM-Cybersecurity-Hub-to-Help-Asia-Pacific-Organizations-Bui...

 

Or if you are lucky hire yourselves a truck with a Command Center?

 

Regards

 

Caute_Cautim

miltonwhite
Viewer

In recent years, we've seen a rise in high-profile cyber-attacks on law firms. In 2016, the Panama Papers leak, which exposed confidential information of high-profile clients of a Panamanian law firm, made headlines across the world. This is just one example of the type of damage that can be done if a law firm's Cybersecurity uae is breached.