Security Competition of Infrastructure Automation Framework -Laforge

Laforge enables rapid development of infrastructure for the purpose of information security competitions. Using a simple and intuitive configuration speech, Laforge oversees a dependency graph and state management and allows for highly productive remote collaboration.

The Laforge engine employs a custom loader to perform multi-dimensional, non-destructive configuration overlay. A fantastic analogy to this is Docker — when you build a Docker container, it assembles up it layers at one time. It is this power that has inspired us to construct Laforge.


  • Cross-platform
  • Mobile — installs as a standalone native executable.
  • Utilize what you enjoy — Bring Your Own Scripting Language (Y)
  • Fast.
  • Construct once, clone to n variety of teams (security contests paradigm)
  • Collaborative — makes working in dispersed groups quite efficient

Laforge is a frame that lets you design and executes security contests in a scalable, collaborative, and fun way! You write configurations in Laforge Config Language and use the CLI tool to inspect, confirm, construct, and link to remote infrastructure with. Historically, it is mostly supported Terraform as it’s”backend” (generates sophisticated terraform configurations), but this is going to be changing rapidly over the coming weeks and months. Laforge currently powers each the infrastructure direction for the National Collegiate Penetration Testing Competition and has supported match deployments of 1400 nodes that are unique.

Why was it created?

Three reasons:

  • Security professionals aren’t the very well versed with operations/infrastructure/DevOps tools. They have a steeper than many learning curves, particularly when requesting volunteers to attempt to figure it out within their off work time. To make it easier for people, we wanted to make a tool that essentially did the hard part for them.
  • As we dug in, we noticed that the widely used automation frameworks accessible had a range of pain points when it came to building security contest infrastructure. There are things which have to occur in safety contests that are not supported in the real universe:
    • wide compatibility with lots of working systems and applications
    • Mass”clone” capability — picture a match infra and clone it 10-20x — one for each team.
    • Flexibility to set up the very same stacks to a broad set of feasible infrastructure — VMWare, AWS, GCP, etc..
  • Because competitions deserve it! We work with some of the most passionate people on such jobs and anything that could make our shared experience better is a win-win in our publication.

Why not present DevOps tools?

No need to go to a flame war over this tool or that. We honestly like them. Our main gripe across the board will be that given how significant they are, it’s difficult to ever be really fantastic atany one of them. We like Terraform and it’s been our primary backend since the beginning.

How does it climb?

We have used the numerous iterations of LaForge to create competition environments with hundreds of total hosts for nearly 30 teams. In short, it can scale as big as your imagination (and funding / resources) allows. Additionally, we’ve used this tool across a team of over 15 volunteer developers each working in their own parts and also have utilized that feedback in the most recent versions.

What about performance?

Based on the complexity of your environment, building LaForge output signal may take minutes or seconds. In the long run you will spend more time spinning up systems from the surroundings of your choice together with Terraform or Vagrant than you may creating the applicable configurations for either of them.

Can it be production-ready?

If by manufacturing, you mean growing live contest surroundings, LaForge has been used for more than three years at a”production” capacity. Should you mean live systems in your business or business, it will probably work well, but use at your own risk.


$ go get

Quick Star

laforge configure
laforge init
Laforge instance 

Object Models

  • Network
  • Script
  • Environment
  • AMI
  • DNS Record
  • Identity
  • Control
  • Remote Document
  • Host

You May Also Like

About the Author: Steve West