JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser .
Level 3
Thread author
Version: 0.0.3.5_RC_Stable
RxCloud CyberLab now includes a brand-new
Badge System to reward progression, activity, and good research behavior.
First Boot — launch your first VM session
First Report — generate your first PDF report
Lab Regular — 10 completed sessions
Power User — 50 completed sessions
Sample Hunter — upload your first sample
IOC Collector — collect/extract IOCs
Bug Reporter — submit a bug report / feedback
Clean Researcher — good behavior, no abuse / no suspicious activity
RxCloud Pioneer — early adopter badge
Trusted Researcher — manual badge at first, granted by the admin
Earnable Badges:
This is the first step of the progression system — more badges and rewards will be added in future updates
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
🛠RxCloud CyberLab – VM Recovery Update ReverseLab-1
Restored / Operational
Incident summary
ReverseLab-1 experienced a startup failure following an automatic snapshot restore.
CoreLab Controller correctly detected the VM as down (state=poweroff) and marked it as unavailable.
Manual snapshot restoration was successfully performed.
Recovery details
Root cause: Snapshot restore glitch (VirtualBox side)
Detection: Automatic (CoreLab Controller)
Resolution: Manual snapshot recovery
Current status: ReverseLab-1 back online
Notes
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
Level 3
Thread author
After several months of development and iterative improvements,
RxCloud CyberLab is entering its next milestone.
The platform is preparing for the
v0.0.4.1_STABLE release.
https://rxcloud.fr/
The stable era begins.
This upcoming release focuses on stability, telemetry improvements, infrastructure resilience, and overall lab experience.
Key highlights of the platform:
Live malware analysis labs directly in the browser
PentestLab and ReverseLab environments
Automated VM orchestration with CoreLab Controller
Telemetry collection via RxLab Agent + Sysmon
Automated PDF reports generation
Sandbox isolation through pfSense VLAN segmentation
Browser RDP access via Guacamole
The goal of RxCloud CyberLab is simple:
provide an accessible cyber range where researchers can safely analyze malware, experiment, and learn.
Recent updates have introduced:
Improved telemetry capture (including LOLBins detection)
Enhanced VM orchestration with auto-failover
Manual session ending with instant report generation
Dashboard UX improvements and real-time VM monitoring
Infrastructure hardening and performance optimizations
And more features are already in development.
Coming soon:
Raw VM session video recording
Additional telemetry improvements
Further VM infrastructure scaling
Thanks to everyone already testing the platform and providing feedback.
The project is evolving quickly thanks to the community.
Last edited: Mar 10, 2026
Level 3
Thread author
Level 3
Thread author
Service Notice – VM Connection Issue
We are currently experiencing a temporary issue affecting connections to the CyberLab virtual machines.
As a result, some users may be unable to start or connect to PentestLab and ReverseLab environments.
The issue has been identified and remediation is currently in progress. We are restoring the affected virtual machine environments to ensure full stability.
We apologize for the inconvenience and appreciate your patience while the service is being restored.
Further updates will be provided if necessary.
PS :
I broke the system by messing with a crappy tweak tool lol.
Turns out playing with a random tweak tool at night was not my brightest idea.
— RoxasDev
Last edited: Mar 10, 2026
Level 3
Thread author
The infrastructure has now been fully restored and all virtual machines are coming back online.
The issue was caused by an overly aggressive Windows tweak tool that modified several system policies and unexpectedly broke Remote Desktop access inside the lab VMs.
All affected environments have been restored from backup and normal service is being gradually resumed.
Thank you to everyone for your patience while the issue was being resolved.
Lesson learned: experimenting with random system tweak tools late at night is rarely a good idea
— RoxasDev
Level 3
Thread author
0.0.4.2_Stable
2026-03-13
🛠Maintenance duration: 1h30
Improved graphical interface with a more premium visual rendering
Dashboard layout improved for small screens
Added scrollbars in the floating Lab VMs Status panel for better navigation on compact displays
The Lab VMs Status panel can now be freely moved by the user inside the Dashboard
Profile and Badge modals have been redesigned to improve visibility (previously too transparent)
Mouse cursor behavior has been unified across all RxCloud CyberLab pages (site, dashboard, login, register, etc.)
Dashboard is now fully optimized for smaller screen resolutions
Definitive fix for the latency issue during first VM connection
Previously, the connection could sometimes fail because the VM was not fully initialized yet
Level 3
Thread author
2026-03-22
🛠Maintenance duration: 2h30
Reduced telemetry noise
Improved low-level hook mechanisms
Enhanced Sysmon logging
Improved telemetry collection and transmission
Improved detection of EDR/XDR products
RxNeural
Advanced scoring and IOC correlation engine.
Threat Level
Risk Score (0–100)
Classification
Confidence Level
Network Activity
Persistence
Privilege Escalation
Payload Dropped
Short Verdict (1 sentence)
Compact chronological view of critical events
Technique ID
Name
Confidence level: Observed / Probable / Suspected
Short evidence
New explainable and conservative Risk Score system
Standardized classification:
Clean
Low Risk
Suspicious
Malicious
Critical
Confidence levels:
New hierarchical process tree view (parent/child relationships)
Visual highlighting of suspicious/active processes
Smart condensed mode for large datasets
Tabular view preserved for compatibility
New Filtered Noise Summary section
Prioritization of relevant processes
Grouping of low-signal repetitive processes
Raw data preserved via expert mode (detailed appendix)
Filtering of non-actionable AV artifacts (.json, .png, .jpg, .log, etc.)
Prioritization of executable/script targets (.exe, .bat, .ps1, .jar, etc.)
Added "AV filtered events count" metric in summary
Modernized visual hierarchy (titles, badges, sections)
Improved table readability (spacing, wrapping, zebra style)
Enhanced header/footer (premium SaaS look)
Optimized margins and layout spacing
Improved pagination to avoid content splitting
Clear separation between computation, orchestration, and rendering layers
Centralized style/layout helpers
Prepared for future extensions:
Advanced Executive Summary
Evolving Risk Score system
Extended Timeline
Expanded MITRE mapping
Client / Expert modes
Full backward compatibility maintained
T1059 — Command and Scripting Interpreter
T1547.001 — Registry Run Keys / Startup Folder
T1112 — Modify Registry
T1105 — Ingress Tool Transfer
T1204.002 — User Execution: Malicious File
T1071.001 — Web Protocols
T1055 — Process Injection
Applied latest Debian package updates
VM session video recording feature is progressing well and under active development
Level 3
Thread author
Level 3
Thread author
0.0.4.5_Stable
2026-03-26
🛠Maintenance duration: 5h30
➤ Added
Structured JSON export automatically generated alongside each PDF report (.json sidecar)
New My Submissions button in the Dashboard
New My Submissions modal with user upload history
New secured API endpoint: /api/my_submissions.php (strict session-based user_id filtering)
Sample download from modal with 90-day retention policy
➤ Changed
Reports are now fully private per user (segregated by user_id)
Report pipeline now properly transports session metadata (user_id, qid, slot_id)
reports.php now supports PDF + JSON (listing, viewing, secure download)Dashboard section updated:
View PDF
View JSON
Download JSON
➤ Security
Report access strictly scoped to authenticated user
Strengthened anti-path traversal protections
Direct web access to report files blocked (API-only access)
Ownership validation enforced for all submission downloads
➤ Fixed
Fixed encoding issues (mojibake)
Improved UI/JS stability for modals and buttons
Reduced telemetry noise
Improved low-level hooks for AV vendors
Optimized CPU usage during VM monitoring
Refactored PDF generator into modular system (computation / rendering / styling)
➤ Process Analysis
New hierarchical Process Tree view (with tabular fallback)
Behavior-based scoring for Top Analyst-Relevant Processes
Process classification:
SYSTEM_PROCESS
LEGITIMATE_APP
USER_PROCESS
SUSPICIOUS
MALICIOUS
➤ Timeline & Data Processing
Timeline deduplication and intelligent grouping (e.g., burst file events)
➤ PDF UX Redesign
Modernized layout (spacing, hierarchy, badges)
Print-friendly rendering
Page 1 optimized for 5-second readability:
Single title
Executive Summary
Risk Score
Verdict
Key Metrics
➤ Security & Detection Hardening
Improved persistence detection (strong signals only: Run/RunOnce, services, tasks, etc.)
Detection levels:
Not Detected
Weak Signal
Suspected
Confirmed
Hardened MITRE mapping:
Displayed only with explicit evidence
Confidence per TTP
Reduced false positives
Weak Signal hidden by default
➤ Fixed
Reduced false positives on legitimate processes (svchost, browsers, known apps)
Improved wrapping of long paths/logs:
Smart splitting
Indented continuation lines
Better table readability
➤ Compatibility
No raw data removed
Compatible with existing FPDF/iTextSharp pipeline
Expert mode fully preserved
Improved VM orchestration stability
Enhanced VM down detection
Slots now tagged with user_id for private telemetry and report generation
Updated reverse engineering tool stack
VDI compaction
Next major update will focus on:
Raw VM session video recording
VM modifications to evade VirtualBox detection by malware
Level 3
Thread author
2026-04-02
🛠Maintenance duration: 3h30
Introduced a multi-layer detection architecture
Added Fusion Engine with global scoring (0–100), classification, and confidence
Cross-layer correlation (corroboration bonuses) + legitimate context penalties to reduce false positives
Structured logging in core.log (layer_name, status, score_delta, confidence, evidence, raw_metadata)
➤ New Defensive Layers
Enhanced native telemetry (process, lineage, files, registry, DNS/NetConnect)
Integrated local heuristics inspired by XyWall (defensive, non-blocking mode)
Added Startup Guard (Run/RunOnce, Winlogon, Tasks, Services, IFEO, WMI)
Added Registry Defense with categorized sensitive zones + deduplication
Added targeted Memory Scan (explicit signals, performance-controlled)
Added VirusTotal hash lookup layer (states: unavailable / unknown / cleanish / suspicious / malicious)
Integrated YARA (file + memory) as signal enrichment
➤ YARA Engine
Supported rulesets by categories:
malware_family
packer_obfuscation
loader_dropper
suspicious_behavior_markers
Weighted YARA scoring (rule/category weights, score cap, severity levels)
YARA whitelist/exclusions to reduce noise
Automatic starter rules deployment on agent bootstrap
Automatic extraction/sync of yara64.exe to C:\RxLab\tools\
Auto-update of yara64.exe via SHA-256 validation
➤ False Positive Reduction
Persistence detection now based only on strong evidence
Improved process classification (system / legit / user / suspicious / malicious)
Refactored "Top Analyst-Relevant Processes" ranking (signal-based, not volume-based)
Timeline deduplication and intelligent grouping
Stricter MITRE mapping (explicit evidence required)
Internal tooling noise filtering (hidden from analyst view)
➤ Agent / Pipeline Architecture
Agent is now the single source of truth for scoring and correlation
RxLab Reports moved to consume-only logic
Enriched artifacts exported directly from the agent (JSON + PDF pipeline)
Enhanced and versionable JSON schema (executive_summary, risk_scoring, layer_results, evidence, etc.)
Modernized PDF design with improved hierarchy and readability
Strengthened sections:
Executive Summary
Risk Score & Verdict
Layered Detection Summary
Corroborating Evidence
Reputation & Rule Matches
Timeline of Key Events
Simplified MITRE ATT&CK
Final Analyst Conclusion
Added AV filtered events counter in summary
Improved layout to avoid empty zones and improve readability
Improved VM down detection and fallback mechanisms
Enhanced handling of powered-off VMs during active slots:
Attempts to restart VM in current state
If unsuccessful → fallback and migration to another available VM
Applied latest Debian package updates
This update focuses heavily on improving in-VM telemetry and malware analysis quality
VM raw video recording feature is still under development (ongoing optimization for CPU usage during encoding)
Ongoing work to reduce VirtualBox detection by malware
RxCloud CyberLab – Dashboard Changelog
Badge System (NEW)
First badges available:
Notes
Date: 2026-01-24 
Dashboard
RxCloud CoreLab Controller
RxLab Agent
RxLab Reports
ReverseLab VMs
PentestLab VMs
Backend & API
pfSense Firewall
Green: Low load
Orange: Moderate load
Red: High load
RxCloud CyberLab – Stable Release Incoming
Service Notice – VM Connection Issue
RxCloud Guacamole
Executive Summary (NEW)
Timeline of Key Events (NEW)
Scoring & Analysis Improvements
Process Tree Improvements
Noise Reduction
PDF Design & UX Overhaul
Sample Upload
