Th0th is a self-hosted cyber range built using infrastructure as code (IaC). It exists to practice offensive and defensive techniques, develop custom tooling and detections for Linux and Windows, and to study CVEs & malware safely. Scenarios are automated as much as possible for repeatable, consistent learning.

Example Use Cases

Domain	Tooling
🔴 Offensive	A Kali attacker box, payload & tool development, and C2 — within isolated networks.
🔵 Defensive	Detection engineering: Sysmon + auditd shipped (alert/artifact → collector) into a SIEM.
🐛 CVE testing	Ephemeral environments with clean-baseline snapshots — repeatable and rollback-friendly.

⚠️ Disclaimer

This repository contains infrastructure as code (IaC) and configurations for an isolated malware analysis and penetration testing lab. These files are intended for educational and research purposes only.