Home / Business / Laforge — Security Competition Infrastructure Automation Framework

Laforge — Security Competition Infrastructure Automation Framework

Laforge enables rapid development of infrastructure for the purpose of data security contests. Utilizing a straightforward and intuitive configuration speech, Laforge oversees a dependence graph and state management and permits for highly productive distant collaboration.

The Laforge engine uses a custom loader to perform multi-dimensional, non-destructive configuration overlay. A fantastic analogy for this is Docker — when you construct a Docker container, it assembles it up layers at a time. It is this power that has motivated us to build Laforge.


  • Cross-platform
  • Portable — functions as a stand-alone native recorder.
  • Utilize what you enjoy — Bring Your Own Scripting Language (Y)
  • Quick.
  • Build once, clone to n variety of teams (security contests paradigm)
  • Collaborative — makes working in dispersed groups quite efficient

Laforge is a framework which lets you design and implements security competitions in a scalable, collaborative, and fun way! You compose configurations in Laforge Config Language and use the CLI tool to inspect, validate, build, and connect to remote infrastructure with. Historically, it’s primarily supported Terraform as it is”backend” (generates sophisticated terraform configurations), but that will be changing quickly over the forthcoming weeks and weeks. Laforge currently forces all of the infrastructure managers for the National Collegiate Penetration Testing Competition and has supported game deployments of 1400 unique nodes.

Why was it created?

Three reasons:

  • Safety professionals aren’t the most well versed with operations/infrastructure/DevOps tools. They have a steeper than the most learning curve, especially when requesting volunteers to try and figure it out within their off work time. To make it easier for people, we wanted to make a tool that basically did the hard part for them.
  • As we dug in, we discovered that the commonly used automation frameworks accessible had a number of pain points when it came to constructing security contest infrastructure. There are things that have to occur in safety competitions that aren’t supported in the actual world:
    • wide compatibility with lots of working systems and software
    • Mass”clone” capability — picture a game infra and clone it 10-20x — one for every group.
    • Flexibility to deploy the very same stacks to a wide set of feasible infrastructure — VMWare, AWS, GCP, etc..
  • Because competitions deserve it! We work with some of the most passionate people on such projects and anything that can make our shared experience better is a win-win in our book.

Why not current DevOps tools?

It’s not necessary to go into a flame war within this tool or that. We frankly like them. Our main gripe across the board is that given how fragmented they are, it’s difficult to be really good at any of them. We like Terraform and it’s been our principal backend since the beginning.

How can it scale?

We have used the various iterations of LaForge to create competition environments with countless complete hosts for nearly 30 teams. In short, it can scale as big as your imagination (and funding/tools) allows. Additionally, we’ve used this tool across a team of over 15 volunteer programmers each working in their own components and also have utilized that opinions in the most recent versions.

What about performance?

Depending upon the complexity of your environment, building LaForge output signal may take seconds or minutes. In the long run, you will spend more time turning up systems from the environment of your choice together with Terraform or Vagrant than you may create the applicable configurations for both of these.

Is it production-ready?

If by manufacturing, you mean developing live contest environments, LaForge has been used for more than three years at a”production” capacity. If you intend live systems at your business or business, it will probably work nicely, but use at your own risk.


$ go get github.com/gen0cide/laforge/cmd/laforge

Quick Start

laforge configure
laforge init
Laforge instance 

Object Models

  • Network
  • Script
  • Environment
  • AMI
  • DNS Record
  • Identity
  • Command
  • Remote Document
  • Host

About Julio Gray

Check Also

Rootstealer – Trick To Inject Commands On Root Terminal

  Rootstealer is an example of a new assault using X11. This tool is used …

Powered by keepvid themefull earn money