Cyber Range Lab

Overview

The Cyber Range Lab is a completely isolated network environment where you can safely simulate attacks, analyze malware, and build AI-powered defenses without any risk to real systems. Each student gets their own VPC (Virtual Private Cloud) with multiple VM instances playing different roles — vulnerable servers, attacker machines, network sensors, and a SIEM stack. Traffic is fully captured for analysis. You'll build ML-based intrusion detection systems, train malware classifiers, and conduct red team/blue team exercises where one team attacks and the other defends using AI tools.

What You'll Do in This Lab

Deploy and configure network security monitoring with Suricata and Zeek
Build ML-based intrusion detection systems from network flow data
Analyze malware samples in a sandboxed environment
Train phishing detection models on real email datasets
Conduct red team/blue team exercises — attack and defend with AI tools
Build automated SOAR playbooks that respond to AI-detected threats

Lab Workflow

1

Launch

Start the Cyber Range. An isolated VPC with 4-6 VMs is provisioned: attacker, targets, network sensor, SIEM, and your analysis workstation.

2

Reconnaissance

Explore the network. Identify running services, open ports, and potential vulnerabilities. All traffic is captured by the network sensor.

3

Attack Simulation

Run provided attack scripts to generate realistic malicious traffic — port scans, brute force attempts, lateral movement, data exfiltration.

4

Collect Data

Pull network flow data, log files, and packet captures from the SIEM. Prepare datasets for ML model training.

5

Build Detection

Train ML models to detect attacks in the captured data. Evaluate detection rate, false positive rate, and detection latency.

6

Defend

Deploy your ML detector in real-time mode. Run new attack simulations and verify your detector catches them.

Hardware & Environment

Network	Isolated VPC — no external internet access from target VMs
VMs	4-6 e2-medium instances (attacker, targets, sensor, SIEM, analyst)
SIEM	Elastic Stack (Elasticsearch + Kibana + Filebeat)
IDS/NSM	Suricata 7.x + Zeek for network traffic analysis
Packet Capture	Full PCAP on all network segments, accessible via Wireshark
Session Length	3-4 hour sessions, VPC state resets between sessions

Frequently asked questions about this lab

What is the Cyber Range Lab? +

Isolated network environment for AI-powered cybersecurity training. Students build intrusion detection systems, analyze malware, and conduct red/blue team exercises in a safe sandbox.

Which courses use this lab? +

This lab is included in: AI for Cybersecurity.

What hardware does this lab run on? +

Isolated GCP VPC + Security Command Center. Network: Isolated VPC — no external internet access from target VMs; VMs: 4-6 e2-medium instances (attacker, targets, sensor, SIEM, analyst); SIEM: Elastic Stack (Elasticsearch + Kibana + Filebeat); IDS/NSM: Suricata 7.x + Zeek for network traffic analysis.

What software comes pre-installed? +

Comes pre-loaded with Elastic SIEM, Suricata / Zeek, Wireshark, MITRE ATT&CK Navigator, Custom attack simulation tools. No local installs or dependency setup required — open your browser and start working.

Can I bring my own datasets and code into this lab? +

Yes. Datasets can be uploaded directly or synced from Google Cloud Storage. Notebooks and source files have built-in Git integration so you can push work to your own GitHub or GitLab repos.

Do I need to enroll in a course to use this lab? +

Yes. Lab environments are provisioned per-student as part of an AI Labs course enrollment. Browse the courses linked above to find programs that include this lab.