Skip to content

Welcome



Threat emulation and detection for your laptop

Collection of open source tools working together to enable a reasonably capable machine to serve as a local cyber range.

Thremulation.io | Github | Twitter | Slack


Thremulation Station is an approachable small-scale threat emulation and detection range. It leans on Atomic Red Team for emulating threats, and the Elastic Endpoint Agent for detection.

TL;DR

If you're ready to skip the reading and jump into things, head to the Quickstart / Installation section.

There are a lot of tools and moving pieces, but the main building blocks are:

  • Virtualbox
  • Vagrant
  • Elasticsearch
  • Kibana
  • Elastic Endpoint Agent
  • Atomic Red Team
  • Caldera

Project Goals

Our goal from the very beginning has been to provide the following:

  1. lightweight range that can operate on a laptop with a minimum of 4 threads and 8G of RAM
  2. support the big 3 host operating systems (initial linux path is RHEL-based)
  3. present users a smooth path to execute threats and observe them with Elastic
  4. provide a singular TUI (Station Control) that can be used to manage all aspects

Note

You'll be introduced to ./stationctl early in the Getting Started section and use it to deploy boxes, get status, manage and clear data, and much more. A full reference guide is located at support / stationctl.