Overview
Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services. Automated templates for building your own Pentest / Red Team / Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node accessible over RDP as well as a SIEM, DFIR, & Live Response system (Velociraptor + HELK).
Use Cases
- Research and pentest lab for Azure AD and Azure Domain Services
- Security testing of Hybrid Join and Azure AD Joined devices
- EDR Testing lab
- PoC / Product Security Lab
- Enterprise Active Directory lab with domain joined devices
- Malware / reverse engineering to study artifacts against domain joined devices
- SIEM / Threat Hunting / DFIR / Live Response lab with HELK + Velociraptor [1, 2]
- Log aggregator architecture to forward logs to a cloud native SIEM (Azure Sentinel)
- Data Science research with HELK server, Jupyter notebooks
- Detection Engineering research with Mordor [3, 4]
Documentation
Please see the full documentation for details and getting started with installation.