βBlueCloud - Cyber Range deployment of HELK and Velociraptor! Automated terraform deployment of one system running HELK + Velociraptor server with one registered Windows endpoint in Azure or AWS. A collection of Terraform and Ansible scripts that automatically (and quickly) deploys a small HELK + Velociraptor R&D lab.
βSplunk Attack Range - An amazing attack research and training tool for those who Splunk. It is a tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.
Can be preloaded with data from Attack Data, or other data sets found in the Attack Research section of this guide.
βDetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
βWindowsAttackAndDefenseLab - This is the lab configuration for the Modern Windows Attacks and Defense class that Sean Metcalf and Jared Haight teach.
βInvoke-UserSimulator - Simulates common user behavior on local and remote Windows hosts.
βInvoke-ADLabDeployer - Automated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
βADImporter - The purpose of the script is to create an arbitrary number of user accounts in a simulated AD environment for training and testing.
βPowerShellClassLab - This is a set of Azure Resource Manager Templates that generates an Active Directory lab consisting of a Domain Controller, two Windows servers and a Linux server.
βSysmonSimulator - Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
βhttps://www.microsoft.com/en-us/evalcenter/evaluate-lab-kit - The Windows 10 and Office 365 Deployment Lab Kit is designed to help you plan, test, and validate modern desktops running Windows 10 Enterprise and Microsoft 365 Enterprise apps, managed by Enterprise Mobility + Security. The lab kit is free to download and uses evaluation software.
βPurpleCloud - It deploys a small Active Directory domain in Azure IaaS, using Terraform + Ansible. Joins three Windows 10 endpoints to a domain and includes a Linux Adversary.