enhance
skills
We deploy a live and vulnerable system
You have access to SIEM deployed for you
You discover system and interact with it
You have to harden the system
enhance
skills
We deploy a live and vulnerable system
You have access to SIEM deployed for you
You discover system and interact with it
You have to harden the system
To develop and test correlation rules, analysts have to deploy a test infrastructure. Defbox saves analysts time: a test infrastructure in Defbox is deployed and hacked with one click – no need to deploy and maintain test stands.
Teach your students with real cyber attacks on real infrastructure. Students will get strong practical skills as they use real-world tools to defend a live system.
Look how cyber attacks look in real time. Become a cyber defender, protecting assets from cyber threats.
Each lab is a cyberpolygon or cyberrange - a set of vulnerable virtual machines, connected to the log collection system.
You can interact with the system however you want. Hack it yourself, or SSH into it to protect it from attack.
We add one new lab every two weeks
Here is a list of current labs:
Vulnerable SSH
An SSH-setup with a password-based authentication. Common SSH passwords will be brute-forced in a matter of hours if exposed. Detect SSH password bruteforce.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:04:06
With elastic
00:05:31
Spring4shell
Application written with java-spring framework. Static page from spring tutorial + CVE-2022-22965.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:05:42
With elastic
00:06:58
Giggle Vault Bank
Online bank built with Nginx, django web server and PostgreSQL lab. Users can create and pay invoices using this service. There are basic web vulnerabilities there.
Premium lab
Yes
I can run
No
Number of VM
3
Without elastic
00:06:51
With elastic
00:08:45
DVWA
Damn Vulnerable Web Application. This Lab contains multiple vulnerabilities, which defbox exploits. OWASP TOP 10 is covered here.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:02:40
With elastic
00:04:27
Postgres with default creds
Postgresql database accessible from internet with default creds. Such setup will be exploited within few hours in the wild. Write a rule to detect RCE usage in postgres.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:03:50
With elastic
00:05:37
DNS C2 Tunnel
There is an infected machine in the lab. Discover how the lab is communicating with the C2 server. Made by Gleb.
Premium lab
Yes
I can run
No
Number of VM
3
Without elastic
00:07:53
With elastic
00:08:10
Each lab can be completed in a few hours. Spend a few hours and learn how to defend against a particular threat.
Notes service
Flask application to securely save and retrieve notes. One of it's endpoints can be entrypoint for an RCE, which will be used to establish a reverse shell. Find vulnerable endpoint and create detection rules to mitigate that threat.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:03:34
With elastic
00:04:50
CVE-2024-3094 - SSH RCE
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code The exploit uses sshd to RCE on the system.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:04:15
With elastic
00:05:05
Open RSync
RSync server that has no authentication. Attacker will use that to achieve persistence, detect it.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:02:49
With elastic
00:04:31
RedisWithoutAuth (Beta)
Redis database with enabled anonymous access. We dont store any data there, but exploitation is still possible. Write a rule to detect it when everything will go wrong "Beta" means that attack could be hard (nearly impossible) to detect. We will appreciate any feedback in telegram/discord groups.
Premium lab
No
I can run
Yes
Number of VM
1
Without elastic
00:04:10
With elastic
00:07:09
All components of the lab are connected to ELK
ELK deployed exclusevely for you. Defbox can connect your SIEM system upon request
CollapseFree
Polygons
8SSH access to the polygon
Teacher's personal page
Custom polygons and scenarios
Connecting polygons to your SIEM
Prioritization of tasks in our roadmap
Supporters
Polygons
AllSSH access to the polygon
Teacher's personal page
Custom polygons and scenarios
Connecting polygons to your SIEM
Prioritization of tasks in our roadmap
Enterprise/Universities
Polygons
AllSSH access to the polygon
Teacher's personal page
Custom polygons and scenarios
Connecting polygons to your SIEM
Prioritization of tasks in our roadmap