Security Competition of Infrastructure Automation Framework

Laforge enables rapid development of infrastructure with the goal of data security competitions. Using a straightforward and intuitive configuration language, Laforge oversees a dependence graph and state management and permits for exceptionally productive remote collaboration.

The Laforge engine uses a customized loader to perform multi-dimensional, non-destructive configuration overlay. A good analogy to this is Docker — once you construct a Docker container, it assembles up it layers at one time. It is this power which has inspired us to construct Laforge.


  • Cross-platform
  • Portable — installs as a standalone native executable.
  • Use what you enjoy — Bring Your Scripting Language (Y)
  • Fast.
  • Construct once, clone to n number of teams (security competitions paradigm)
  • Collaborative — makes working in distributed groups very efficient

Laforge is a framework which lets you design and executes security competitions in a scalable, collaborative, and fun manner! You write configurations in Laforge Config Language and use the CLI tool to inspect, confirm, construct, and connect to remote infrastructure with. Historically, it’s mostly supported Terraform as it’s”backend” (produces sophisticated terraform configurations), but that will be changing quickly over the coming weeks and weeks. Laforge currently powers each the infrastructure direction for the National Collegiate Penetration Testing Competition, and it has supported game deployments of >1400 unique nodes.

Why was it created?

Three reasons:

  • Security professionals aren’t the most well versed with operations/infrastructure/DevOps tools. They have a steeper than many learning curves, particularly when requesting volunteers to attempt to find it out within their off work time. To make it simpler for people, we wanted to make a tool which essentially did the hard part for them.
  • As we dug in, we discovered the commonly used automation frameworks available had a number of pain points as it came to constructing security competition infrastructure. There are items that need to occur in safety contests which are not supported in the actual universe:
    • wide compatibility with tons of working systems and applications
    • Mass”clone” capability — picture a match infra and clone it 10-20x — one for every group.
    • Flexibility to set up the same piles to a wide set of feasible infrastructure — VMWare, AWS, GCP, etc..
  • Because competitions deserve it! We work with some of the most passionate people on such projects and anything that can make our shared expertise better is a win-win in our publication.

Why not present DevOps tools?

No need to go into a flame war within this tool or that. We honestly like them. Our main gripe throughout the board is that given how significant they are, it’s hard to ever be really good at any one of them. We like Terraform and it’s been our primary backend since the start.

How does it scale?

We have used the numerous iterations of LaForge to create competition environments with hundreds of complete hosts for nearly 30 teams. Simply speaking, it can scale as big as the imagination (and funding/resources) allows. Additionally, we’ve used this instrument across a team of over 15 volunteer programmers each working in their own components and have used that feedback in the most recent versions.

What about performance?

Depending on the complexity of your environment, building LaForge output signal may take seconds or minutes. In the end, you will spend more time turning up systems from the environment of your choice with Terraform or Vagrant than you will generate the relevant configurations for either of them.

Is it production-ready?

If by production, you mean growing live contest surroundings, LaForge has been used for more than three years at a”production” capacity. If you mean live systems at your company or business, it will likely work well, but use at your own risk.


$ go get

Quick Star

laforge configure
laforge init
Laforge example 

Object Models

  • Network
  • Script
  • Environment
  • AMI
  • DNS Record
  • Identity
  • Command
  • Remote File
  • Host

You May Also Like

About the Author: Alyssa Howard