PurpleCloud – Hybrid and Identity Cyber Range



Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services. Automated templates for building your own Pentest / Red Team / Cyber Range in the Azure cloud! Purple Cloud is a small Active Directory enterprise deployment automated with Terraform / Ansible Playbook templates to be deployed in Azure. Purple Cloud also includes an adversary node accessible over RDP as well as a SIEM, DFIR, & Live Response system (Velociraptor + HELK).


Use Cases

  • Research and pentest lab for Azure AD and Azure Domain Services
  • Security testing of Hybrid Join and Azure AD Joined devices
  • EDR Testing lab
  • PoC / Product Security Lab
  • Enterprise Active Directory lab with domain joined devices
  • Malware / reverse engineering to study artifacts against domain joined devices
  • SIEM / Threat Hunting / DFIR / Live Response lab with HELK + Velociraptor [1, 2]
  • Log aggregator architecture to forward logs to a cloud native SIEM (Azure Sentinel)
  • Data Science research with HELK server, Jupyter notebooks
  • Detection Engineering research with Mordor [3, 4]


Please see the full documentation for details and getting started with installation.

Full Documentation Site