Overview
The goal of my internship was to provide Orange Cyberdefense with a robust, automated solution for efficiently setting up Red Team environments. The project consisted of analyzing the requirements for offensive security labs, architecting a modular infrastructure using Infrastructure as Code (OpenTofu), and integrating advanced security tools such as Mythic (C2), GoPhish, Evilginx, and Exegol.
We implemented a Python wrapper to automate the deployment and management of up to 255 isolated environments, each equipped with strict firewalling, VPN access, dynamic DNS configuration, and logging. The result was a future-proof platform that drastically reduced setup time and improved security and reproducibility for Red Team engagements.
The assignment emphasized automation, modularity, and security best practices, resulting in a professional solution ready for both internal use and client-facing engagements.
Architecture
The architecture is designed for modularity and security. Each client environment is isolated in its own virtual network, with dedicated servers for C2, phishing, attack, and VPN access. All environments are provisioned automatically using OpenTofu, Cloud-init and ansible, and managed centrally via the Python wrapper.
- Each environment has its own subnet, firewall, and DNS records.
- Centralized VPN gateway provides secure access for operators.
- Reverse proxy (Nginx) routes traffic to internal services securely.
- Logging and monitoring are aggregated for auditing and troubleshooting.
Features
- Automated Deployment: Easily create, list, and destroy up to 255 isolated Red Team environments with a Python wrapper around OpenTofu.
- Strict Firewalling: Automated, role-based firewall policies for every server and environment.
- Proxy & Mail Server: Secure reverse proxy via Nginx and mail delivery via Postfix for phishing simulations.
- Command & Control (C2): Mythic C2 server for managing payloads, implants, and operations, accessible via web interface.
- Phishing Server: GoPhish for designing, launching, and analyzing phishing campaigns, with detailed reporting and group management.
- Evilginx Integration: Advanced phishing with credential harvesting and session hijacking, including wildcard domain support.
- Attack Server: Exegol-based VM/container with a full suite of offensive tooling, accessible by SSH and web browser (noVNC).
- VPN Gateway: OpenVPN and Tailscale for secure, authenticated access to the internal environment.
- Automated DNS & Domain Management: Integration with Cloudflare for dynamic subdomain and DNS record setup.
- Centralized Logging & Security:Logging, password generation, and environment isolation.
Development Process
- Requirements & Research: Analyzed the needs of the Red Team, reviewed current tools, and defined the desired workflow.
- Design & Planning: Outlined the architecture—modular, scalable, and secure—choosing technologies such as OpenTofu, Mythic, and GoPhish.
- Implementation: Developed the Python wrapper, automated infrastructure deployment, integrated all core tools, and created secure access flows.
- Testing & Documentation: Deployed test environments, performed attack simulations, and delivered comprehensive user documentation.
Gallery
Exegol CLI
Exegol GUI
Network setup
Mythic C2
GoPhish
Grafana Mythic Logs
Fake GitHub Login Page
Technologies Used
- OpenTofu
- Python
- Nginx
- Postfix
- Mythic (C2)
- GoPhish
- Evilginx
- Exegol
- OpenVPN
- Tailscale
- Cloudflare
- Grafana & Loki
Skills & Learning Outcomes
- Infrastructure as Code (OpenTofu)
- Automated security environment setup and isolation
- Integration of advanced red team/pentest tools
- Advanced Linux, networking, and firewalling
- Secure access control and VPN management
- Project planning, documentation, and team collaboration
Team Members
- Thomas Deboel (Student)
- Bryan Poleunis (Student)