← Back to projects
Wiretap: Automated Cyber Range & Workshop Platform featured image

Wiretap: Automated Cyber Range & Workshop Platform

A full-stack platform for Penn State's CCSO that automates the deployment and management of complex, multi-team cybersecurity training environments using a custom IaC engine and a Node.js/Vue.js web portal.

Overview

Wiretap is a full-stack, automated cyber range platform engineered to power the hands-on workshops and competitions for the Penn State Competitive Cyber Security Organization (CCSO). The system addresses the critical challenge of rapidly deploying complex, isolated, and consistent virtual environments, eliminating countless hours of manual setup and configuration errors.

The platform consists of two primary components: a user-facing web portal and a powerful backend deployment engine. The Wiretap portal, built with Node.js and Vue.js, provides CCSO members with a centralized, team-based interface to access their provisioned virtual machine instances via an optimized in-browser VNC client. It integrates seamlessly with the organization’s Authentik SSO for secure access. The core of the platform is the Dynamic Infrastructure Deployment Engine, a custom Python-based Infrastructure as Code (IaC) tool that translates simple JSON definitions into comprehensive OpenStack Heat templates and Ansible inventories, enabling the automated creation of entire multi-team cyber scenarios in minutes.

Key Features

  • Unified Web Portal: A modern web interface built with Vue.js and Node.js that serves as the central hub for all workshop participants. It features SSO integration, team-based access control, and provides direct, low-latency VNC access to virtual machines.
  • Custom Infrastructure as Code (IaC) Engine: A Python-based engine that converts a single, human-readable template.json file into a complete OpenStack Heat template and corresponding Ansible inventories, codifying the entire infrastructure for repeatability and version control.
  • Automated Multi-Team Deployment: Provisions identical, isolated network environments for any number of teams from a single definition. This is critical for competitions, allowing for the creation of dozens of identical blue-team networks with a single command.
  • Centralized Ansible Orchestration: Automatically deploys a master Ansible controller instance within each environment. This controller clones specified playbooks from GitHub and uses the auto-generated inventory to configure all other instances, from installing software to creating users.
  • Policy-Driven Secure Networking: Implements a zero-trust network model by default. Network traffic rules between subnets are explicitly defined in the JSON configuration, creating secure, policy-based network segmentation for realistic training scenarios.

Technologies & Implementation

The Wiretap platform is built on a private cloud infrastructure running on a 6-node Kubernetes cluster. OpenStack is deployed on Kubernetes via Ansible, providing the IaaS layer for all virtualized resources.

  • Frontend & User Portal: Vue.js, Node.js, Express.js
  • IaC & Automation Engine: Python, PyYAML
  • Cloud & Orchestration: OpenStack (Heat, Nova), Ansible, Kubernetes
  • Authentication: Authentik SSO

The architecture was designed to separate concerns between resource provisioning and configuration management. I chose OpenStack Heat to handle the declarative creation of core infrastructure like networks, subnets, instances, and security groups. This ensures the underlying topology is correct. Ansible was then layered on top to perform configuration management—installing software, managing files, and setting up users—using the inventories automatically generated by the Python engine. This two-pronged approach provides a robust, scalable, and idempotent deployment pipeline.

graph TD
    subgraph "User Experience"
        A["CCSO Member"] -- "Logs in via Authentik SSO" --> B["Wiretap Portal (Vue.js)"]
        B -- "Accesses Instances" --> C["Wiretap API (Node.js)"]
        C -- "Streams Optimized VNC" --> D["OpenStack Nova VNC"]
    end

    subgraph "Infrastructure Deployment Pipeline"
        E["Workshop Admin"] -- "Writes config" --> F["template.json"]
        F -- "Input" --> G["IaC Engine (Python)"]
        G -- "Generates" --> H["OpenStack Heat Template"]
        G -- "Generates" --> I["Ansible Inventories"]
    end

    subgraph "Private Cloud Backend"
        H -- "Deploys to" --> J["OpenStack on Kubernetes"]
        J -- "Provisions" --> K["VMs, Networks, Security Groups"]
        I -- "Used by" --> L["Central Ansible Controller"]
        L -- "Configures" --> K
    end

    D --> K

Challenges & Solutions

One of the first challenges was providing a seamless user experience for accessing virtual machine consoles. The default OpenStack Nova VNC proxy introduced significant latency, especially for off-campus users, making interactive sessions difficult. To solve this, I implemented optimizations that routed VNC traffic locally for users within the Penn State network, dramatically reducing latency and improving the responsiveness of the console for the majority of our members.

The most significant challenge was ensuring consistency and scalability for large-scale deployments like competitions. Manually creating and configuring dozens of identical multi-machine environments was not feasible. My solution was to architect and build the entire Dynamic Infrastructure Deployment Engine from scratch. By creating a custom IaC abstraction layer, I empowered workshop creators to define complex topologies in a simple JSON file. The engine handles the complex logic of generating Heat templates with static IP assignments, creating dynamic security group rules, and producing perfectly formatted Ansible inventories, turning a multi-day manual process into a reliable, automated task that runs in minutes.

Results & Impact

The Wiretap platform has become the backbone of technical operations for the Penn State CCSO, fundamentally transforming how we conduct training and events.

  • Efficiency: Reduced the time to deploy complex competition environments from days to under 30 minutes, saving hundreds of hours of manual labor per semester.
  • Scalability: Enabled the organization to host larger and more intricate events, including simulations for national competitions like CCDC and CPTC.
  • Consistency: Eradicated configuration drift between team environments, ensuring a fair and standardized experience for all competitors and workshop attendees.
  • Empowerment: Lowered the barrier for members to create and share their own cybersecurity scenarios, fostering a more dynamic and hands-on learning culture within the organization.

{TODO: Add screenshot of the Wiretap instance management dashboard}