enhance

cybersec

skills

We deploy a live and vulnerable system

You have access to SIEM deployed for you

You discover system and interact with it

You have to harden the system

whom

Defbox is a platform that helps test and improve practical cybersecurity skills

SOC managers

To develop and test correlation rules, analysts have to deploy a test infrastructure. Defbox saves analysts time: a test infrastructure in Defbox is deployed and hacked with one click – no need to deploy and maintain test stands.

Professors

Teach your students with real cyber attacks on real infrastructure. Students will get strong practical skills as they use real-world tools to defend a live system.

To any users

Look how cyber attacks look in real time. Become a cyber defender, protecting assets from cyber threats.

Do you represent a company or university? Leave us your email and we will get back to you
with our options for SOCs and universities.

Each lab is a cyberpolygon or cyberrange - a set of vulnerable virtual machines, connected to the log collection system.

You can interact with the system however you want. Hack it yourself, or SSH into it to protect it from attack.

We add one new lab every two weeks

Here is a list of current labs:

Vulnerable SSH

An SSH-setup with a password-based authentication. Common SSH passwords will be brute-forced in a matter of hours if exposed. Detect SSH password bruteforce.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:04:06

With elastic

00:05:31

Spring4shell

Application written with java-spring framework. Static page from spring tutorial + CVE-2022-22965.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:05:42

With elastic

00:06:58

Giggle Vault Bank

Online bank built with Nginx, django web server and PostgreSQL lab. Users can create and pay invoices using this service. There are basic web vulnerabilities there.

Premium lab

Yes

I can run

No

Number of VM

3

Startup time

Without elastic

00:06:51

With elastic

00:08:45

DVWA

Damn Vulnerable Web Application. This Lab contains multiple vulnerabilities, which defbox exploits. OWASP TOP 10 is covered here.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:02:40

With elastic

00:04:27

Postgres with default creds

Postgresql database accessible from internet with default creds. Such setup will be exploited within few hours in the wild. Write a rule to detect RCE usage in postgres.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:03:50

With elastic

00:05:37

DNS C2 Tunnel

There is an infected machine in the lab. Discover how the lab is communicating with the C2 server. Made by Gleb.

Premium lab

Yes

I can run

No

Number of VM

3

Startup time

Without elastic

00:07:53

With elastic

00:08:10

Each lab can be completed in a few hours. Spend a few hours and learn how to defend against a particular threat.

Notes service

Flask application to securely save and retrieve notes. One of it's endpoints can be entrypoint for an RCE, which will be used to establish a reverse shell. Find vulnerable endpoint and create detection rules to mitigate that threat.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:03:34

With elastic

00:04:50

CVE-2024-3094 - SSH RCE

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code The exploit uses sshd to RCE on the system.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:04:15

With elastic

00:05:05

Open RSync

RSync server that has no authentication. Attacker will use that to achieve persistence, detect it.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:02:49

With elastic

00:04:31

RedisWithoutAuth (Beta)

Redis database with enabled anonymous access. We dont store any data there, but exploitation is still possible. Write a rule to detect it when everything will go wrong "Beta" means that attack could be hard (nearly impossible) to detect. We will appreciate any feedback in telegram/discord groups.

Premium lab

No

I can run

Yes

Number of VM

1

Startup time

Without elastic

00:04:10

With elastic

00:07:09

Our labs are useful for teaching practical cyber defense skills.
What's inside the lab?

Integrated SIEM
Healthcheck
Timeline
Highlights
Lifecycle

All components of the lab are connected to ELK

ELK deployed exclusevely for you. Defbox can connect your SIEM system upon request

Collapse
leave us your email and we will contact you

Free

Polygons

8

SSH access to the polygon

Teacher's personal page

Custom polygons and scenarios

Connecting polygons to your SIEM

Prioritization of tasks in our roadmap

Supporters

Polygons

All

SSH access to the polygon

Teacher's personal page

Custom polygons and scenarios

Connecting polygons to your SIEM

Prioritization of tasks in our roadmap

Enterprise/Universities

Polygons

All

SSH access to the polygon

Teacher's personal page

Custom polygons and scenarios

Connecting polygons to your SIEM

Prioritization of tasks in our roadmap

Defbox – enhance cybersec skills