Welcome to the OPFORGE project blog — a hands-on portfolio exploring cyber operations, detection engineering, and AI-enabled threat emulation.
Below you’ll find write-ups on the infrastructure, VM build processes, segmentation logic, and automation techniques powering OPFORGE.
Stay sharp, build clean, and emulate purposefully.
🔁 Cloned VMs in the OPFORGE Lab The following VMs are derived from the base templates and customized for their operational roles. Template Clone Role Description base-ubuntu-2204-template opf-red01 Red Team operator + C2 lab base-ubuntu-2204-template opf-log01 Log ingestion + OpenSearch stack base-ubuntu-2204-template opf-ai01 ML/AI detection modeling base-ubuntu-2204-template opf-cloud01 Web app target in DMZRED base-windows10-template opf-mbr01 Domain-joined endpoint (Win10) 🧠 Notes Hostnames and static IPs are applied per segment Each VM is configured with dedicated virtual NICs Cloning process preserves snapshot state and configuration integrity
Clone Map Template Clone Name Purpose base-ubuntu-2204-template opf-red01 Red Team operator box base-ubuntu-2204-template opf-log01 Log pipeline (Zeek, OpenSearch) base-ubuntu-2204-template opf-ai01 Jupyter + anomaly detection base-ubuntu-2204-template opf-cloud01 Targeted web app for attack base-windows10-template opf-mbr01 Domain-joined endpoint Lessons Learned Clone from snapshot, then personalize (hostname, NIC, IP) Use base templates with all dependencies pre-installed Maintain consistency across VM builds using scripting and snapshots
This post documents the process of building and finalizing the Windows 10 Pro 22H2 template for use in the OPFORGE cyber lab environment. 🛠️ Version & Baseline OS: Windows 10 Pro 22H2 (fully patched as of 2025-05-25) Build Source: Clean ISO install (22H2), upgraded from legacy 10240 Purpose: Golden template for domain-joined endpoint clones (opf-mbr01, future victim hosts) 📦 Tool Installation via Script After installation and patching, the following tools were installed using the custom script: ...