Architect Plugins
Plugins are the building blocks of every lab. They install software, configure networking, set up Active Directory, drop pre-built vulnerabilities, or stand up entire roles like a domain controller or an attacker workstation. Pick a category below to browse the plugins available in each.
Actions
The workhorse — scripts, logins, network, RDP, AD tweaks. Small, focused plugins you stack on a machine.
Browse actions 02Roles
Composite builders — DCs, attack boxes, redirectors, fileservers. One plugin, a whole machine role configured.
Browse roles 03Applications
Installers — Office, browsers, dev tools, C2 platforms, ICS simulators. Drop these on a VM to install software.
Browse applicationsDefenses
EDR/NSM stacks — Elastic, Security Onion, Zeek, Liarbird. Stand up the blue side of your lab.
Browse defenses 05Attacks
C2 + offensive tooling — Cobalt Strike, Mythic, Sliver, BloodHound. Everything red team needs ready-to-go.
Browse attacks 06Vulnerabilities
Pre-built weakness configs — Kerberoasting, unquoted service paths, RCE-ready services. Plant a flag for students to find.
Browse vulnerabilities