Automating GOAD and Live Malware Labs

This blog presents a blueprint for an automated, scalable cyber-range combining Ludus (for multi-VM lab deployment) and Elastic Security (EDR/SIEM/XDR) to simulate and validate detection of real-world attacks. The guide includes deployment steps that intentionally install a functional backdoor (CVE-2024-3094), demonstrates exploitation techniques (PrintNightmare, Kerberoasting, MSSQL xp_cmdshell, scheduled tasks), and shows how Elastic’s detection rules, Event Analyzer, Session Viewer, Attack Discovery, AI Assistant, and Workflows can be used to detect, investigate, and automate responses to those attacks.