Dynamic Pentest Lab Framework

In collaboration with Hacking-Lab AG and under the guidance of Ivan Bütler at
the Department of Computer Science, Ostschweizerische Fachhochschule (OST), this
thesis presents the development of the Dynamic Pentest Lab Deployment Generator,
designed to facilitate the creation and deployment of cybersecurity penetration testing
environments. The project addresses the need for flexible, easily deployable lab environments
tailored to specific scenarios, streamlining the process for cybersecurity
professionals and educators.
The framework elaborated, leverages modern infrastructure-as-code tools and cloud
services to automate the deployment of virtual labs. Key components include Terraform
for infrastructure management, Django for backend operations, and Angular
with TailwindCSS and DaisyUI for the frontend interface. A centralized source has
been established via a JavaScript Object Notation (JSON) Model, streamlining extension
and enabling dynamic content hydration for the frontend. This approach
guarantees a scalable and maintainable application.
The fundamental aspects of the framework involve the creation and deployment of labs
to provide snapshots for quicker deployments for end-users, along with the capability
to save and reload pre-designed labs. The lab creation process allows the configuration
of Virtual Machines (VMs) and containers, the establishment of subnets and firewall
rules to control communication, and also supports custom installations using private
repositories or customized Docker images. Additionally, the framework automatically
sets up an OpenVPN Server to facilitate secure access to the penetration testing lab.
These features enable cybersecurity educators to construct complex, customized networked
environments for educational use.
While the project effectively establishes a solid foundation, there remains room for
enhancement, particularly in the realms of access technology and user experience.
Additionally, the integration of the existing deployment manager directly into the
generator application should be considered.
In summary, it can be concluded that a robust foundation has been established for the
framework that leverages existing architecture, thereby ensuring a smooth incorporation
into the Hacking-Lab platform.

Keywords: Pentesting, Hacking-Lab, Infrastructure as Code