Cyber Sense

1-click Experiment Setups

Spend less time on tedious experiment setups and more time conducting your experiments. Whether it is replicating an experiment conducted by another researcher before or reusing a particular network topology, it all can be done with a click of the mouse.


Our solution enables increased research speeds by providing researchers with the necessary tools and resources to conduct their experiments in the cloud. We provide compute clusters on demand without large capital investments.

Data and Data Repository

Browse, search and contribute to our large collection of datasets contributed by other researchers like you. From data ranging from internet traffic data to mobile app data, find and use what you want to conduct and validate your research.

Your Security Is Our Priority

As a cybersecurity lab, security is of our utmost concern. All experiment session are encrypted and carried out in a contained environment, separated from other experiments, as well as the internet.


With plans of federation with other testbed networks, more research opportunities will arise.

DFIRtriage – Công cụ thu thập bằng chứng kỹ thuật số cho ứng phó sự cố trên Windows

Giới thiệu

Công cụ DFIRtriage được viết bằng ngôn ngữ Python bởi tác giả Travis Foley có chức năng thu thập chứng cứ phục vụ mục đích điều tra trong lĩnh vực truy tìm manh mối chứng cứ số. Nó thực sự hữu ích cho hoạt động phản ứng sự cố dựa trên Windows.

DFIRtriage thu thập dữ liệu từ máy tính mà nó được thực thi. Do đó, để thu thập được thông tin từ các máy chủ từ xa, các tập tin của DFIRtriage sẽ cần được sao chép vào máy tính mục tiêu, sau đó được thực hiện thông qua shell từ xa. (ví dụ: SSH hoặc PSEXEC)

Tất cả những gì bạn cần để bắt đầu thu thập thông tin có giá trị là đặt 2 tập tin trong cùng một thư mục trên máy tính mục tiêu (máy tính cần tìm kiếm thông tin bằng chứng) và thực thi dfirtriage.exe với quyền quản trị viên.


Liên kết tải công cụ:

Chức năng

Công cụ sẽ thực hiện thu thập được những thông tin như sau:

  • Memory Raw –> image acquisition (optional)
  • Prefetch –> Collects all prefetch files an parses into a report
  • User activity –> HTML report of recent user activity
  • System32 file hash –> MD5 hash of all files in root of System32
  • Network information –> Network configuration, routing tables, etc
  • Extended process list –> Processes, PID, and image path
  • Windows character code page information –> Character set that Windows is using
  • Complete file listing –> Full list of all files on the system partition
  • List of hidden directories –> List of all hidden directories on the system partition
  • Current user information –> User running DFIRTriage script
  • System information –> Build, service pack level, installed patches, etc
  • Windows version –> Logs the version number of the target OS
  • Current date and time –> Current system date and time
  • List of scheduled tasks –> List of all configured scheduled tasks
  • Loaded processes and dlls –> List of all running processes and loaded dlls
  • Running processes –> Additional information on running processes
  • Network configuration –> Network adaptor configuration
  • Network connections –> Established network connections
  • Open TCP/UDP ports –> Active open TCP or UDP ports
  • DNS cache entries –> List of complete DNS cache contents
  • ARP table information –> List of complete ARP cache contents
  • Local user account names –> List of local user accounts
  • NetBIOS information –> Active NetBIOS sessions, transferred files, etc
  • Installed software –> List of all installed software through WMI
  • Autorun information –> All autorun locations and content
  • List of remotely opened files –> Files on target system opened by remote hosts
  • Logged on users –> All users currently logged on to target system
  • Alternate Data Streams –> List of files containing alternate data streams
  • Registry hives –> Copy of all registry hives
  • USB artifacts –> Collects data needed to parse USB usage info
  • Hash of all collected triage data –> MD5 hash of all data collected by DFIRTriage

Tham khảo: Github


Ready-to-use Common Vulnerabilities and Exposure CVE Environments

What is this?

  • A description of known vulnerabilities that can be found on the internet.
  • Ready-to-use CVEs are deployable environments where the vulnerability exists and are difficult to build.

Software-defined Networking (SDN) Provisioning Tools

What is this ?

  • The SDN technology rely on the hardware features on switches. Such SDN switches on large networks are not easily available.
  • The UIT Information Security Lab has 10 SDN-supported switches connecting 150 nodes.

Ready-to-use Blockchain environment & Algorithm validation tools

What is this?

  • Secured Distributed ledger (Blockchain) is a distributed trust system whose security relies on a large number of peers.

Virtual Mid-size Enterprise Network

What is this ?

  • A medium-sized virtual network that can simulate multiple real life scenarios.
  • Useful for training, cyber security assessment and validation.
Cyber Security Training System


To access CyberTrain, researchers need to register for an account at the official website. The Account registration will sent to  for verification. Once the profile is verified, researchers can start requesting data sets from CyberTrain.

Visit the website to create an account and browse the training datasets available. Contact us for any help you require.

Follow us: