Lab Builder has a selection of pre-configured, ready-to-use machines that are managed and provided by Immersive.

• DFIR Machine, a remote desktop that is pre-configured with a wide range of Digital Forensics and Incident Response tools to support investigation, containment, and recovery tasks for your lab.
• Kali Linux Machine, a remote desktop that runs Kali Linux, a powerful Linux distribution. It comes pre-loaded with a number of security tools for offensive security labs.
• RE/Malware Machine, a remote desktop that is designed for static and dynamic malware analysis in a controlled lab environment. It comes preloaded with reverse engineering and behavioral analysis tools.

Adding a Template Machine

To add a template machine:

1. From the navigation bar, click Manage > Create Lab.
2. On the top of the Lab Builder Dashboard, click + Create a new custom lab.
3. On the left-hand Lab properties panel, click Add system.
4. On the Systems page, in the Templates section, click Add on one of the following options:
   • Kali Linux: Ready to use Kali Linux machine that can be used as a Desktop machine when building a CTF (Capture the Flag) lab.
   • Incident Response Machine: Ready-to-use Incident Response Machine that contains a number of tools to use in IR scenarios.
   • RE/Malware Machine: This machine provides a number of tools that can be used in reverse engineering and malware analysis.
5. You can view a list of the tools available on these machines by checking the Pre-installed software section.

Adding your own files

The ability to add your own files is a powerful feature within the machine templates. It allows you to select a template machine and add your own files in *.zip or *.tar format. This means if you have learning material you wish to use in a lab (such as logs, malware, or scripts), you can simply add these to the machine in the lab without needing to build your own machine.

Imagine you have some network captures in a PCAP format that you want your analysts to investigate with Wireshark, and answer questions as part of internal upskilling. You would just need to select the Incident Response Machine (which has Wireshark installed) and add the PCAP to the machine.

To add your own files:

1. After you've added a template to your lab, click Edit.

   

   This window allows you to configure the system name and add files.

   

2. In the Upload a file section, click Upload and select your compressed lab files. This section also mentions the location where these files are deployed within the lab.

   • Lab files must be compressed into a *.zip or *.tar format.
   • When a system is deleted, these supporting files are not accessible again.

   Note: It is a good practice to have an instructional task informing the user where to find them and what to do with them. For example, Open the PCAP files located at /home/lab-user/Desktop/supporting-files/network-capture.pcap with Wireshark.

3. Click Save changes.