// LAB ENVIRONMENTS

Labs

Hands-on lab environments for malware analysis, threat hunting, and security research. Built for reproducibility.

Active

CAPEv2 Malware Sandbox

Production malware analysis environment running on AWS EC2 with KVM/QEMU nested virtualization. Windows 10 guest VM for automated behavioral analysis, memory forensics, and network capture.

AWS EC2 m8i.2xlarge KVM/QEMU Win10 Guest
Active

OSINT Collection Framework

Automated reconnaissance pipeline combining passive DNS, certificate transparency, subdomain enumeration, and web archive analysis for attack surface mapping.

Python Docker API Integrations
In Progress

Threat Intel Aggregator

Custom threat intelligence platform that correlates IOCs across multiple feeds, enriches with context, and produces actionable alerts with MITRE ATT&CK mapping.

ELK Stack MISP STIX/TAXII
In Progress

Network Traffic Analysis Lab

Isolated network environment for analyzing captured traffic, detecting C2 communications, and developing network-based detection signatures.

Zeek Suricata Wireshark
Planned

RE Workstation

Dedicated reverse engineering environment with Ghidra, x64dbg, and custom scripts for static and dynamic analysis of malware binaries.

Ghidra x64dbg IDA Free
Planned

Honeypot Network

Distributed honeypot deployment across cloud providers to collect real-world attack telemetry, credential dumps, and malware samples.

T-Pot Cowrie Multi-Cloud
// INFRASTRUCTURE

Lab Architecture

infrastructure.txt
┌─────────────────────────────────────────┐
XLabs Cloud Infrastructure
├─────────────────────────────────────────┤
│ │
[AWS EC2] ──── CAPEv2 Sandbox │
│ │ ├── KVM/QEMU Host │
│ │ ├── Win10 Guest VM │
│ │ └── Network Bridge │
│ │ │
[Apache] ─── Web + Research Portal │
│ │ └── Let's Encrypt TLS │
│ │ │
[Route53] ── xlabs-drones.com │
│ │
└─────────────────────────────────────────┘