Not sure how but I missed this thread & product totally until this morning, well done!
Introducing RxCloud CyberLab
- Thread starter RoxasDev
- Start date
Updated Announcement — RxCloud CyberLab ExpansionHey everyone, quick update from the RxCloud CyberLab project!
A major upgrade is underway. I’m currently migrating the entire infrastructure to a brand-new dedicated server (64GB RAM, Xeon, RAID storage, full Gigabit), which means one thing:
RxCloud CyberLab is officially leveling up.
More power, more isolation, more parallel analysis, more everything.
While the migration is happening behind the scenes, I’m also pushing several improvements at the same time:
- New version of the RxLab Agent with extended telemetry
- More behavioral events, more hooks, and deeper tracing
- Improved process & network analytics
- Enhanced PDF reporting engine
- Faster communication with the CoreLab Controller
- Stronger backend pipeline for real-time data
- Better sandbox isolation
- Optimized Windows templates to reduce overhead
Session slots will now increase from 30 minutes to 1 hourUsers will have twice the time per session to run tests, analyze samples, and explore the sandbox.
🖥 More virtual machines will be available
I’m adding additional ReverseLab & PentestLab instances, allowing more simultaneous users and more parallel workflows.
The new server gives me plenty of headroom to scale horizontally, so expect more slots, more flexibility, and more capacity overall.
The goal is simple:
make RxCloud CyberLab faster, deeper, more stable, and ready for heavier malware workloads.
Huge things are coming.
Thanks for the support — and stay tuned.
RxCloud CyberLab Infrastructure upgrade in progress :
Infrastructure upgrade in progress for RxCloud CyberLab. Migrating to a new OVH dedicated server to scale performance and unlock up to 8 simultaneous lab VMs. New power. Same vision.
Infrastructure upgrade in progress for RxCloud CyberLab. Migrating to a new OVH dedicated server to scale performance and unlock up to 8 simultaneous lab VMs. New power. Same vision.
RxCloud CyberLab – Final Tests in Progress... The COME BACK is near!
Just a quick update to let you know that RxCloud CyberLab is currently going through its final testing phase with the brand new infrastructure and the new telemetry agent now fully integrated.
Everything is being stress-tested, optimized and fine-tuned to ensure maximum stability, performance and reliability for the upcoming relaunch.
Just a quick update to let you know that RxCloud CyberLab is currently going through its final testing phase with the brand new infrastructure and the new telemetry agent now fully integrated.
Everything is being stress-tested, optimized and fine-tuned to ensure maximum stability, performance and reliability for the upcoming relaunch.
RxCloud CyberLab is almost BACK!
I'm happy to announce that RxCloud CyberLab will reopen its doors within the next few hours!
The migration to our brand-new infrastructure is almost complete, bringing more power, stability, and next-gen capabilities.
The wait is nearly over… get ready to dive back into the lab
The comeback is happening VERY soon!
RoxasDev — RxCloud CyberLab Founder
I'm happy to announce that RxCloud CyberLab will reopen its doors within the next few hours!
The migration to our brand-new infrastructure is almost complete, bringing more power, stability, and next-gen capabilities.
The wait is nearly over… get ready to dive back into the lab
The comeback is happening VERY soon!
RoxasDev — RxCloud CyberLab Founder
RxCloud CyberLab is NOW REOPENED!
I'm proud to announce that RxCloud CyberLab is officially back online and fully operational!
After several days of maintenance and infrastructure migration, the platform is now running on a brand-new dedicated server with significantly enhanced performance and scalability.
What’s new?
- New dedicated server infrastructure
- 4 PentestLabs + 4 ReverseLabs running simultaneously
- Improved stability, speed and resource allocation
- Enhanced isolation & security mechanisms (pfSense & Guacamole)
Reopening Date: 2025-11-27🛠 Maintenance Duration: Several days
The lab is now stronger, faster, and more intelligent.
Welcome back to the next generation of RxCloud CyberLab.
CHANGELOG – RxCloud CyberLab Reopening
CoreLab Controller
- Now capable of:
- Queue management
- Slot time estimation
- Multi-VM orchestration
- Intelligent session handling and scheduling
RxLab Agent
- Global telemetry improvements
- New AV detection methods
- Low-level Hook-based detection system
- Filtering of irrelevant telemetry elements
- Improved service auto-start on VM reboot
- Agent now launches during OS boot phase to capture early system events
RxLab Notify
- Fixed VM name display to accurately reflect user session location
- Improved secure communication with the new Slot Monitor API
- Enhanced real-time notification reliability
RxLab Reports
- Improved PDF report structure and readability
- Better filtering of unnecessary telemetry logs
- Increased core.log file support from 20MB to 50MB
- Optimized processing of high-volume telemetry data
PentestLab VMs
- Updated VirtualBox Guest Additions
- Microsoft security updates
- Updated Microsoft Office Pack
- Updated Notepad++
- Updated third-party components
ReverseLab VMs
- Updated VirtualBox Guest Additions
- Microsoft security updates
- Updated Microsoft Office Pack
- Updated Notepad++
- Updated third-party components
- Updated reverse engineering software stack
RxCloud CyberLab is back.
Let the analysis begin
Last edited:
CHANGELOG – RxCloud CyberLab UpdateDate: 2025-12-06🛠Maintenance duration: 4h30
RxLab Agent- Fixed several bugs related to AV Hook detection
- Fixed a bug in the SysmonWatcher
AVEvent module - Fixed an issue in real-time protection detection for identified AV products
- Improved detection of unknown antivirus solutions (enhanced heuristic engine)
RxLab Reports- Fixed a parsing issue affecting
core.log - Improved handling of large
core.log files (>50MB) - Enhanced final PDF structure (running processes now displayed in a clean, well-organized *process tree* table)
CoreLab Controller- Fixed a minor issue in queue management
RDP Guacamole- Strengthened session token expiration logic for improved security
PentestLab VMs- Applied latest Microsoft security updates
ReverseLab VMs- Updated the full reverse-engineering software stack
- Applied latest Microsoft security updates
Notes- RxCloud CyberLab will soon open to the public with free account creation
- Final development phase in progress: Forgot Password Reset Module
Hello, it would be interesting to try rx on my current research with bell.ca which is spreading malware from their main website since polyfill chain of supply.
It is also harder to find a BRAS that is not compromised, unmaintained with telnetd and with random utility like plex.
I'm sure you will enjoy the IoC and data I will generate since I'm currently targetted by apt which is not really fun but i take it as a learning opportunity even tho it suck.
It got a bit worse lately my last motherboard ( 1 Week old motherboard got bricked when i tried to manually removed 2011 microsoft certs ). I'm going to get a brand new usb but from what i seen my new samsung nvme is also compromised and based on the SecureBootRecovery.efi hybridanalysis and amount of lolbas/lolbin. The system got compromised while installing windows. ( I'm using my own vlan, subnetted , slowly building a hardware fw to uses while im saving for an actual firewall then i will use that setup as DMZ ) which should helps ( Also keep in mind my setup is hardened, debloated and windows setup disa/stig compliant except for the browser rules. So the IoC can be quit useful if you're looking forward generating yara ruleset or similar. I will take a look to the website in few minutes.
It is also harder to find a BRAS that is not compromised, unmaintained with telnetd and with random utility like plex.
I'm sure you will enjoy the IoC and data I will generate since I'm currently targetted by apt which is not really fun but i take it as a learning opportunity even tho it suck.
It got a bit worse lately my last motherboard ( 1 Week old motherboard got bricked when i tried to manually removed 2011 microsoft certs ). I'm going to get a brand new usb but from what i seen my new samsung nvme is also compromised and based on the SecureBootRecovery.efi hybridanalysis and amount of lolbas/lolbin. The system got compromised while installing windows. ( I'm using my own vlan, subnetted , slowly building a hardware fw to uses while im saving for an actual firewall then i will use that setup as DMZ ) which should helps ( Also keep in mind my setup is hardened, debloated and windows setup disa/stig compliant except for the browser rules. So the IoC can be quit useful if you're looking forward generating yara ruleset or similar. I will take a look to the website in few minutes.
Hello, it would be interesting to try rx on my current research with bell.ca which is spreading malware from their main website since polyfill chain of supply.
It is also harder to find a BRAS that is not compromised, unmaintained with telnetd and with random utility like plex.
I'm sure you will enjoy the IoC and data I will generate since I'm currently targetted by apt which is not really fun but i take it as a learning opportunity even tho it suck.
It got a bit worse lately my last motherboard ( 1 Week old motherboard got bricked when i tried to manually removed 2011 microsoft certs ). I'm going to get a brand new usb but from what i seen my new samsung nvme is also compromised and based on the SecureBootRecovery.efi hybridanalysis and amount of lolbas/lolbin. The system got compromised while installing windows. ( I'm using my own vlan, subnetted , slowly building a hardware fw to uses while im saving for an actual firewall then i will use that setup as DMZ ) which should helps ( Also keep in mind my setup is hardened, debloated and windows setup disa/stig compliant except for the browser rules. So the IoC can be quit useful if you're looking forward generating yara ruleset or similar. I will take a look to the website in few minutes.
Hey, thanks for the detailed message.
Just a quick clarification : most of what you’re describing (BRAS compromise, NVMe firmware infection, SecureBootRecovery attacks, APT during Windows installation, etc.) is extremely rare and unlikely in a non-targeted context. These symptoms often come from misconfiguration, corrupted firmware flashing, or software components being misinterpreted as malicious (lolbins, normal network processes, etc.).
RxCloud can help you isolate and analyze actual samples if you have files you want to inspect, but be cautious not to jump to high-level threat assumptions without confirmed IoCs.
Supply-chain compromise on bell.ca is also extremely improbable.
Feel free to upload real artefacts or samples, and I’ll check the telemetry.
CHANGELOG – RxCloud CyberLab Update
Date: 2025-12-14🛠 Maintenance duration: 6h30
RxLab Agent
- Fixed a bug that occurred randomly during low-level hooking on antivirus products, which could cause the RxLab Agent to crash
- Improved detection of antivirus events such as Threat detected, Suspicious threat, and related security alerts
RxLab Reports
- Improved and optimized core.log file processing (parsing engine)
- Reduced PDF report generation time
RxLab Notify
- Reinforced end-of-slot detection logic (additional safeguard)
RxCloud CoreLab Controller
- Added additional backend logging for better monitoring and more detailed bug reporting in case of VM allocation failures
ReverseLab VMs
- Updated reverse engineering software stack
- Applied latest Microsoft security updates
PentestLab VMs
- Updated third-party software
- Applied latest Microsoft security updates
Security & Platform Notes
- The registration, email validation, account activation, and password reset modules are now complete
→ RxCloud CyberLab will soon open to the public with free and open registration - Backend security hardening:
- Previously, only passwords were encrypted
- Now, the entire user database is encrypted at 100% using a 256-bit master key (AES-256)
- Encryption is handled exclusively server-side
- Protected data includes:
- User IDs
- Email addresses linked to user IDs
- Login activity logs
- Acceptance of Terms & Conditions during dashboard access
- Added a ban system for violations of the Terms & Conditions
RxCloud CyberLab – Dashboard Update
Version 0.0.3.1 RC
New: RxBot Assistant
I introducing RxBot, a smart interactive assistant designed to guide users through their first experience on RxCloud CyberLab.
RxBot features:
UI / UX Improvements
Stability
RxBot is the first step toward a more human, guided and interactive RxCloud CyberLab experience.
More intelligence and automation will follow in future updates.
Version 0.0.3.1 RC
New: RxBot Assistant I introducing RxBot, a smart interactive assistant designed to guide users through their first experience on RxCloud CyberLab.
RxBot features:
Guided onboarding tour for first-time users
- Explains each main dashboard section step by step
- Can be skipped at any time (shown once by default)
- Context-aware assistance
- Explains how to request a new slot indicating ReverseLab or PentestLab
- Guides users through sample upload and session usage
Smart reminders
- Notifies when a slot is about to expire
- Provides guidance when a session becomes active
- Helps users understand VM allocation and queue behavior
Non-intrusive design
- Floating assistant accessible at any time
- Seamlessly integrated into the dashboard UI
UI / UX Improvements- Enhanced spotlight highlighting during the guided tour
- Improved focus and readability while navigating key dashboard areas
- Smoother onboarding flow without impacting experienced users
Stability- No impact on performance
- Fully client-side assistant logic
- Zero console errors
RxBot is the first step toward a more human, guided and interactive RxCloud CyberLab experience.
More intelligence and automation will follow in future updates.
Attachments
RxCloud CyberLab – Public Launch Incoming
After several months of development, internal testing, Alpha and Release Candidate phases, I’m happy to announce that RxCloud CyberLab will open its registration to the public in the coming days.
RxCloud CyberLab is a hands-on, interactive malware analysis and pentesting platform, designed to put users directly inside real isolated virtual machines, not just passive sandboxes.
PentestLab – Offensive security and attack simulation in real-world conditions
ReverseLab – Malware analysis and reverse engineering inside fully instrumented VMs
Real-time monitoring & logging via a dedicated lab agent
Session-based access with controlled isolation and automatic cleanup
HTML5 RDP access (Guacamole) – no local setup required
The platform has already been tested by early users during Alpha/RC phases, with very positive feedback regarding stability, realism and educational value.
This is not a game, not a marketing demo, and not a scripted environment — everything runs in real virtual machines, facing real constraints and real behaviors.
Public registration opens very soon.
More details will follow.
— RoxasDev
After several months of development, internal testing, Alpha and Release Candidate phases, I’m happy to announce that RxCloud CyberLab will open its registration to the public in the coming days.
RxCloud CyberLab is a hands-on, interactive malware analysis and pentesting platform, designed to put users directly inside real isolated virtual machines, not just passive sandboxes.
PentestLab – Offensive security and attack simulation in real-world conditions ReverseLab – Malware analysis and reverse engineering inside fully instrumented VMs Real-time monitoring & logging via a dedicated lab agent Session-based access with controlled isolation and automatic cleanup HTML5 RDP access (Guacamole) – no local setup requiredThe platform has already been tested by early users during Alpha/RC phases, with very positive feedback regarding stability, realism and educational value.
This is not a game, not a marketing demo, and not a scripted environment — everything runs in real virtual machines, facing real constraints and real behaviors.
Public registration opens very soon.More details will follow.
— RoxasDev
RxCloud CyberLab – Public Registration Opening Shortly
After several months of development, testing, and Release Candidate phases, RxCloud CyberLab will officially open to the public in approximately 1–2 hours.
Public registration will be fully open.
Registration opens very soon.
— RoxasDev
After several months of development, testing, and Release Candidate phases, RxCloud CyberLab will officially open to the public in approximately 1–2 hours.
Public registration will be fully open.
Registration opens very soon.— RoxasDev
RxCloud CyberLab is now OPEN for public registration
Registration is now fully open.
RxCloud CyberLab is a hands-on cybersecurity research platform designed for malware analysis, reverse engineering, pentesting, and antivirus testing — running inside real isolated virtual machines, not scripted or passive sandboxes.
Real VMs: PentestLab & ReverseLab
VMs WAN on VPN encrypted tunnel Luxembourg
Session-based access (60 minutes, fair use enforced)
Multi-VM orchestration (4 PentestLab + 4 ReverseLab)
Real-time monitoring via a dedicated lab agent
HTML5 Guacamole access isolated (no local setup required, no clipboard, no drive shared)
Automatic PDF reports with logs, behavior, and IoCs
The platform has been tested extensively during Alpha and RC phases and is now considered stable enough for public use.
This is not a game, not a demo, and not a marketing sandbox — it is a real research environment built by a security researcher, for security researchers.
Registration is open now:
Feedback, bug reports, and constructive discussions are welcome.
— RoxasDev
Registration is now fully open.
RxCloud CyberLab is a hands-on cybersecurity research platform designed for malware analysis, reverse engineering, pentesting, and antivirus testing — running inside real isolated virtual machines, not scripted or passive sandboxes.
Real VMs: PentestLab & ReverseLab VMs WAN on VPN encrypted tunnel Luxembourg Session-based access (60 minutes, fair use enforced) Multi-VM orchestration (4 PentestLab + 4 ReverseLab) Real-time monitoring via a dedicated lab agent HTML5 Guacamole access isolated (no local setup required, no clipboard, no drive shared) Automatic PDF reports with logs, behavior, and IoCsThe platform has been tested extensively during Alpha and RC phases and is now considered stable enough for public use.
This is not a game, not a demo, and not a marketing sandbox — it is a real research environment built by a security researcher, for security researchers.
Registration is open now:Feedback, bug reports, and constructive discussions are welcome.
— RoxasDev
Small update soon RxCloud CyberLab.
I’m currently working on the Stable release of the dashboard, internally named v0.0.3.4_RC_Stable.
This version focuses mainly on UI/UX polish, stability, and overall consistency, based on what has been learned during the previous alpha and RC iterations.
The goal of this release is not to introduce massive new features, but to solidify the foundation of the dashboard before moving forward with future improvements.
As always, feedback and suggestions are welcome.
— RoxasDev
I’m currently working on the Stable release of the dashboard, internally named v0.0.3.4_RC_Stable.
This version focuses mainly on UI/UX polish, stability, and overall consistency, based on what has been learned during the previous alpha and RC iterations.
The goal of this release is not to introduce massive new features, but to solidify the foundation of the dashboard before moving forward with future improvements.
As always, feedback and suggestions are welcome.
— RoxasDev
CHANGELOG - RxCloud CyberLab UpdateDate: 2025-12-24 🛠Maintenance duration: 4h30
RxLab Agent- Improved and reinforced antivirus detection for PentestLab VMs
- Enhanced telemetry collection within ReverseLab VMs
RxLab Reports- Improved PDF report structure and readability
- Fixed a minor issue in core.log parsing
ReverseLab VMs- Applied updates to the reverse engineering software stack
- Applied third-party software updates
PentestLab VMs- Applied third-party software updates
Notes- Dashboard update scheduled in the coming days, targeting a RC_Stable release
Happy HolidaysHappy Christmas Eve, Merry Christmas, and happy holidays to everyone!
Thank you for your support and interest in RxCloud CyberLab.
RxCloud CyberLab – Dashboard ChangelogVersion: 0.0.3.4_RC_Stable
Date: 2026-01-08🛠Maintenance duration: 1h30
Dashboard- Added multiple new sections to the Profile page
- Users can now view:
- Last profile update date
- Last password change date
- Account creation date
- Improved overall Dashboard UI stability
- Optimized API endpoint request performance
- Reinforced backend security mechanisms
Notes- The next update will focus on VMs and the telemetry agent
RxCloud CyberLab – Update ChangelogDate: 2026-01-17 🛠Maintenance duration: 7h30
RxLab Agent- Improved agent telemetry and low-level Hook-based detection of antivirus detections and sample actions
- Fixed a bug causing an error inside the SysmonWatcher module during config file parsing (malformed path issue)
RxLab Reports- Improved final PDF session telemetry report structure (cleaner and clearer layout)
RxCloud CoreLab Controller- Minor stability improvements to the VM orchestrator
ReverseLab VMs- Updated reverse engineering software stack
- Applied latest Microsoft updates (Windows Update)
PentestLab VMs- Applied latest Microsoft updates (Windows Update)
pfSense Firewall- Improved and hardened NAT and filtering rules
Notes- NEW! VMs are now routed through a France-based VPN for better responsiveness (lower latency)
- Work in progress: a new Dashboard option will allow users to choose the outbound country for VMs (France, Netherlands, etc.)
Quick update on RxCloud CyberLab:
The next release will be mainly focused on the Dashboard experience, with the introduction of a new Badge System to gamify progression and reward active researchers.
First badges coming in the next update:
- First Boot (launch your first VM session)
- First Report (generate your first PDF report)
- Lab Regular (10 completed sessions)
- Power User (50 completed sessions)
- Sample Hunter (upload your first sample)
- IOC Collector (collect/extract IOCs)
- Bug Reporter (submit a bug report / feedback)
- Clean Researcher (good behavior, no abuse / no suspicious activity)
- RxCloud Pioneer (early adopter badge)
- Trusted Researcher (manual badge at first, granted by the admin)
This is just the beginning. More badges and progression features will come later, especially for ReverseLab and PentestLab workflows.
Thanks a lot for the support and feedback
More info soon!
The next release will be mainly focused on the Dashboard experience, with the introduction of a new Badge System to gamify progression and reward active researchers.
First badges coming in the next update:- First Boot (launch your first VM session)
- First Report (generate your first PDF report)
- Lab Regular (10 completed sessions)
- Power User (50 completed sessions)
- Sample Hunter (upload your first sample)
- IOC Collector (collect/extract IOCs)
- Bug Reporter (submit a bug report / feedback)
- Clean Researcher (good behavior, no abuse / no suspicious activity)
- RxCloud Pioneer (early adopter badge)
- Trusted Researcher (manual badge at first, granted by the admin)
This is just the beginning. More badges and progression features will come later, especially for ReverseLab and PentestLab workflows.
Thanks a lot for the support and feedback
More info soon!
