I checked my archives-1 you didn't let me in iirc
You already had an account back in September 2025
If you no longer have access or forgot the email attached to the account, send me a private message and I’ll help you recover it
Introducing RxCloud CyberLab
- Thread starter RoxasDev
- Start date
You already had an account back in September 2025
If you no longer have access or forgot the email attached to the account, send me a private message and I’ll help you recover it
RxCloud CyberLab – Update Changelog
Date: 2026-05-17 🛠Maintenance duration: 4h30
RxCloud Atlas — Private Atlas & Intelligence Map
➤ New Features
- Added a more analyst-oriented private view centered around the selected session
- My Sessions table is now the main entry point for private analysis
- My Private Behavior Map is now synchronized with the active session
- Added a more readable progressive exploration mapping mode
- Added Execution Chain mode for faster execution relationship visualization
- Added Explain Engine panel to automatically explain session results
- Added Key Findings section for quick identification of important elements
- Added global visual risk indicator
- Added confidence attribution to better understand what strengthens or weakens analysis reliability
➤ Improvements
- Private map is now clearer, less cluttered and more intuitive
- Important nodes are visually prioritized more effectively
- Elements related to the selected node are highlighted
- Unrelated elements are dimmed for easier reading
- Tooltips and node details have been enriched
- Map Node Details panel now exposes more useful analytical information
- Artifacts are now better prioritized by relevance:
- High
- Medium
- Low
- Noise
- Low-interest elements are less visible by default
- Explain Engine now produces more structured and actionable explanations
- Explanation sections are more compact and readable
- Analyst recommendations are more targeted
➤ Fixes
- Fixed an issue where too many elements inherited the session global risk
- Improved separation between session-level risk and individual artifact risk
- Reduced false positives caused by common system/application noise
- Improved prioritization of truly important elements inside the map
- Fixed Most Suspicious selection to avoid irrelevant artifacts
- Fixed confusion between registry activity and confirmed persistence
- Fixed display issues with long texts in the interface
- Fixed multiple readability issues inside Explain Engine blocks
- Improved stability when reading compiled analysis data
➤ Performance & Stability
- Atlas now relies more heavily on precompiled data to reduce heavy runtime processing
- Reduced server-side load when opening Atlas views
- Improved resilience when historical data is incomplete or missing
- More reliable preservation of already-established analysis results
➤ Privacy
- Strengthened separation between anonymized public data and private user data
- Public views remain aggregated and anonymized
- Private views remain limited strictly to authenticated user sessions
- Detailed private data is only used within authenticated contexts
Last edited:
RxCloud CyberLab – Update ChangelogDate: 2026-05-18 🛠Maintenance duration: 1h30
CoreLab Controller- Improved VM Preview reliability for active sessions
- Fixed an issue where VM previews could remain stuck in a pending state
- Improved preview refresh behavior for more consistent screenshot updates
- Added safer backend handling for preview timing and session validation
- Improved internal logging for VM Preview generation to simplify future troubleshooting
- Enhanced compatibility with newer VirtualBox versions
- No changes to permissions:
- VM previews remain accessible only to the active session owner
RxCloud CyberLab - Infrastructure Expansion 
Today, a second high-performance dedicated server has officially been ordered for RxCloud CyberLab.
New Node Specifications:
Planned Virtual Machines on the New Node:
Windows Virtual Machines:
Node 1 (France):
The philosophy remains unchanged:
A true VM in one click.
No simulation.
No fake environments.
Real systems. Real analysis. Real telemetry.
Welcome to the Arena.
Today, a second high-performance dedicated server has officially been ordered for RxCloud CyberLab.
New Node Specifications:
- AMD EPYC 16 Cores
- 128 GB RAM
- 1 TB NVMe SSD RAID
- Hosted in Germany (OVH)
Planned Virtual Machines on the New Node:
Windows Virtual Machines:
- 4x Windows PentestLab VMs
- 4x Windows ReverseLab VMs
- 2x Ubuntu ReverseLab VMs
- 2x REMnux Linux ReverseLab VMs
- 2x Ubuntu PentestLab VMs
- 2x Kali Linux PentestLab VMs
- Faster VM provisioning
- Improved snapshot restore performance
- Better multi-user scalability
- Expanded malware analysis capabilities
- More realistic pentesting environments
- Dedicated Linux analysis environments
Node 1 (France):
- Xeon 4C/8T
- 64 GB RAM
- 2 TB HDD RAID
- Core infrastructure, dashboard, APIs, reports, storage
- AMD EPYC 16C
- 128 GB RAM
- NVMe RAID
- Dedicated VM hypervisor infrastructure
The philosophy remains unchanged:
A true VM in one click.
No simulation.
No fake environments.
Real systems. Real analysis. Real telemetry.
Welcome to the Arena.
RxCloud CyberLab – Major Infrastructure Upgrade A major backend infrastructure expansion is currently in progress.
The new secondary infrastructure node is now securely connected to the main RxCloud CoreLab orchestration system through a dedicated encrypted site-to-site backbone.
This upgrade introduces:
• Distributed VM orchestration
• Multi-node lab allocation
• Expanded ReverseLab & PentestLab capacity
• Linux-based analysis environments (REMnux / Kali / Ubuntu)
• Improved session routing and infrastructure resilience
• Centralized orchestration with distributed compute nodes
The Arena is evolving.
More capacity. More scalability. More CyberLab.
Welcome to the next generation of RxCloud CyberLab.
RxCloud CyberLab – Major Infrastructure UpgradeDate: 2026-05-22 🛠Maintenance duration: 21h30
New High-Performance Dedicated Server Added — Node2Hosted at OVHcloud Germany
- AMD EPYC — 16 Cores / 32 Threads
- 128 GB RAM
- NVMe SSD RAID
RxCloud DashboardVersion: 0.0.5.7_Stable
- Dashboard updated to support Node2 in:
- Server Health
- Lab VMs Status
- Added new VM kinds to Request Slot
- Added new secure APIs for Node2 management through WireGuard site-to-site encapsulation
RxLab Agent — Windows- Added Browser Telemetry module:
- Captures browser navigation activity
- Captures downloaded files
- Improved low-level AV vendor event hooking
RxLab Agent — Linux (NEW)New Linux agent for RxCloud CyberLab, compatible with:
- Ubuntu
- Kali Linux
- REMnux
➤ Features
- Native Linux VM support
- Standalone Go amd64 binary
- systemd service with auto-restart
- Session-aware monitoring (starts only when slot is active)
- Supported Linux lab types:
- pentestlinux
- pentestkali
- reverselinux
- Compatible telemetry export for RxLab Reports & RxAtlas
- Session artifacts export:
- core.log
- meta.json
- notes
- structured telemetry
- API export + local fallback support
- Automatic sample retrieval from Dashboard
- Secure Analyst Notes support
- Desktop shortcuts for Notes & Deposit when supported
➤ Linux Telemetry
- Process monitoring:
- PID / PPID
- user
- binary path
- arguments
- SHA256 when available
- Network monitoring:
- TCP/UDP connections
- IP / port / protocol
- process association when available
- Sensitive file activity monitoring
- Linux persistence detection:
- cron
- systemd
- shell profiles
- autostart
- SSH authorized_keys
- Controlled reading of:
- auth
- syslog
- kern
- audit
- journalctl
- Optional browser telemetry:
- Firefox
- Chromium
- Chrome
➤ Integration
- Compatible with existing RxCloud pipeline
- Compatible with RxLab Reports & RxAtlas
- Supports Dashboard sample deposits
- Supports local fallback mode
➤ Supported Distributions
- Ubuntu
- Kali Linux
- REMnux Noble amd64
RxLab Reports — Linux Support- Linux-adapted labels and analysis coverage
- Removed irrelevant Windows-specific references from Linux reports
- Reduced normal Linux/Kali environment noise:
- remote desktop components
- Linux desktop environment
- VM integrations
- normal system services
- Improved prioritization of suspicious Linux behaviors:
- download + execution from /tmp
- permission changes
- cron/systemd/autostart modifications
- unusual network behaviors
- suspicious shell patterns
- Windows compatibility fully preserved
RxCloud Atlas — Linux Support- Linux platform display support
- Improved Linux process/file/network/security visualization
- Better Linux persistence visibility
Infrastructure LayoutMaster (Recovery / Core Infrastructure)
- Windows ReverseLab → 4 VMs
- Windows PentestLab → 4 VMs
- Master allocates its VM pool only if Node2 is full or under maintenance
Node2 (Slave / High Performance Compute)
- Windows ReverseLab → 4 VMs
- Windows PentestLab → 4 VMs
- Kali Linux → 2 VMs
- Pentest Ubuntu → 1 VM
- Reverse REMnux Linux → 2 VMs
Node2 can run up to 13 simultaneous VMs
Notes- VM session video recording will soon be deployed
- Dashboard, Atlas, APIs and user database remain hosted in France on the Master server
- Node2 acts only as remote compute infrastructure for VM performance
RxCloud CyberLab – Update ChangelogDate: 2026-05-22 🛠Maintenance duration: 30 minutes
RxCloud CoreLab Controller (Master & Slave) — HOTFIX- Improved multi-node session stability between Master and Node2
- Fixed an issue where a lab session could remain active on the infrastructure after a failed node switch
- Improved cleanup reliability when ending a VM session
- Improved session handoff behavior when users are waiting in queue
- Reduced the chance of stale or duplicated session states appearing in the Dashboard
- Improved reliability of remote node health monitoring and session synchronization
- Added safer handling for temporary communication interruptions between nodes
- Improved VM availability detection after session termination
RxCloud CyberLab – Update ChangelogDate: 2026-05-22 🛠Maintenance duration: 30 minutes
RxLab Agent Windows — HOTFIX- Improved reliability during session termination and report generation
- Telemetry reports are now transmitted more reliably after a user manually ends a session
- Fixed an edge case where the Windows agent could stop collecting VM telemetry
- Strengthened telemetry submission pipeline:
- Hardened submission through the hypervisor layer
- Improved transmission reliability through the WireGuard site-to-site tunnel toward the Master node
RxCloud CyberLab – Update ChangelogDate: 2026-05-23 🛠Maintenance duration: 30 minutes
RxLab Transport & RxCloud CoreLab Controller- Improved end-of-session reliability
- Better detection of “End session” requests for VMs hosted on remote nodes
- Added a local end-of-session signal on nodes to help agents trigger log export faster
- Improved generated report transport through the local fallback pipeline
- RxLab Transport now correctly detects reports stored inside session subfolders
- Fixed an issue where some reports could remain pending on a node instead of being transferred to the Master
- Improved handling of Windows sessions on the multi-node infrastructure
- Preserved existing behavior for already-working sessions
- Added more useful technical logs for transfer diagnostics without exposing sensitive information
- No workflow changes required for users:
- Launch VM
- Work normally
- Click End session
RxCloud CyberLab – Dashboard Update ChangelogDate: 2026-05-25 🛠Maintenance duration: 30 minutes
RxCloud DashboardVersion: 0.0.5.8_Stable
- Improved Dashboard stability while retrieving node status information
- Optimized remote node monitoring to prevent slowdowns after long uptime/activity periods
- Added automatic cleanup for internal runtime logs
- Reduced server-side memory usage for VM health and availability tracking
- Fixed an issue where the Dashboard could become slow or unstable when internal history became too large
Notes- Initial tests are currently underway for Android virtualization support
RxCloud CyberLab – Update ChangelogDate: 2026-05-26 🛠Maintenance duration: 1h00
RxLab Agent Linux➤ Added
- Added YARA detection layer with rules specifically written for Linux environments
- Added VirusTotal layer using strict hash lookup only (no file uploads)
- Added compatibility with the Defense Fusion Layer:
- Correlation between YARA / VT / Linux heuristics
- Linux-specific rewritten heuristics
RxCloud Atlas- Added support for Linux YARA / VT / Heuristics layers
- Improved visualization and interpretation of Linux detection layers
RxLab Reports- Added support for Linux YARA / VT / Heuristics layers
- Linux reports now consume and display Fusion Layer results correctly
Linux PentestLab VMs- Applied latest package updates
Linux ReverseLab VMs- Applied latest reverse engineering tool package updates
Kali PentestLab VMs- Applied latest offensive tooling package updates
Notes- Android virtualization is still under active testing
- Initial emulation tests appear promising on Xeon and EPYC platforms
RxCloud CyberLab – Update ChangelogDate: 2026-05-27 🛠Maintenance duration: 30 minutes
RxLab Agent Linux- Improved automatic activation of Linux analysis modules during active sessions
- YARA and VirusTotal layers are now enabled by default, even if related fields are missing from the configuration file
- Added clearer diagnostic logs inside agent.log to confirm which modules are active at startup
- Improved loading of YARA rules installed with the agent
- Improved systemd service reliability during agent installation startup
- Full compatibility preserved with:
- RxCloud pipeline
- RxLab Reports
- RxCloud Atlas
RxCloud CyberLab – Update ChangelogDate: 2026-05-28 🛠Maintenance duration: 60 minutes
RxCloud DashboardVersion: 0.0.5.9_Stable
- The Dashboard now clearly notifies users when a VM cannot be allocated
- Added a dedicated Allocation Failed visual state instead of an infinite loading indicator
- Fixed an issue where Allocating VM could remain displayed even after a session had already ended or failed
RxCloud CoreLab Controller- Fixed a rare issue where a VM request could remain stuck in a preparation state without starting
- Improved VM allocation error handling
- Improved synchronization between the queue state and actual session state
- Strengthened queue stability to prevent ghost session states
Notes- The next major Dashboard update (0.0.6.0_Stable) is approaching
- Major UI polish is planned
- Additional performance optimizations are currently in development
RxCloud CyberLab – Update ChangelogDate: 2026-05-30 🛠Maintenance duration: 30 minutes
RxLab Reports — HOTFIX- Fixed a rare issue that could block PDF report generation
- Improved compatibility with telemetry logs containing complex paths or enriched metadata
- Report generation now handles nested and analysis-enriched artifacts more reliably
- Affected reports can now be generated successfully without manual intervention
- No changes to report content, telemetry collection, or analysis logic
- User impact: Sessions that could previously remain stuck during PDF report generation are now processed correctly
RxCloud CyberLab – Update ChangelogDate: 2026-05-30 🛠Maintenance duration: 3h30
RxCloud DashboardVersion: 0.0.6.0_Stable
- Visual redesign and UI polish for a more dynamic and modern experience
- Enhanced animations and visual transitions throughout the Dashboard
- Refined iconography for improved consistency and readability
- Improved responsiveness for small screens
- Enhanced mobile device compatibility
RxCloud Atlas- Visual redesign and UI polish for a more modern and engaging analyst experience
- Improved responsiveness on smaller displays
- Enhanced mobile compatibility
- Additional visual refinements across Atlas views and intelligence maps
Linux VMs (Kali Linux, REMnux & Ubuntu)- Applied latest package updates
- Added a desktop note containing root credential information for sudo operations
Node2 Infrastructure PentestLab Windows VMs- Performance optimizations
ReverseLab Windows VMs- Performance optimizations
Node1 (Master Infrastructure) PentestLab Windows VMs- Performance optimizations
ReverseLab Windows VMs- Performance optimizations
Notes- Android virtualization tests have been successful
- A dedicated Node3 for Android VMs is currently under evaluation
- An RxCloud CyberLab mobile application is also being explored
- Potential mobile features include:
- Reserve VM slots
- Receive slot-ready notifications
- View PDF reports
- View JSON reports
- Manage Android VM sessions directly from a smartphone
RxCloud CyberLab – Update Changelog Date: 2026-06-02🛠 Maintenance duration: 4h30
RxLab Reports- Fixed centralized network extraction for PDF reports, JSON reports and AI-ready exports
- Improved separation between:
- DNS activity
- Network connections
- URLs
- Browser-discovered hosts
- Public IPs
- Filtered noise
- Fixed URL and IOC deduplication logic
- External domains are now preserved without being automatically classified as malicious
- Added conservative filtering for expected Microsoft, Mozilla and local-resolution domains
- Excluded BAM, Tcpip and State runtime registry artifacts from strong persistence evidence and analyst timelines
- Added a new JSON network_activity block automatically included in AI-ready exports
RxAtlas Compiler- Improved analysis report association reliability
- Atlas now correctly links sessions to their corresponding analysis reports even when filenames or timestamps differ
- Fixed cases where Atlas incorrectly switched to fallback mode despite a valid report being available
- Atlas now mirrors report values exactly when an official report exists:
- Classification
- Threat Level
- Risk Score
- Confidence
- Payload Status
- Persistence
- Network Activity
- Browser activity and download events are now displayed correctly
- Dropped-and-executed payloads are now reliably detected
- Execution chains are reconstructed more accurately:
- Parent → Child resolution improved
- System noise reduced
- Chronological ordering improved
Improvements
- More faithful fallback mode when official reports are unavailable
- Fallback analysis now reconstructs:
- Browser activity
- Network & DNS activity
- Payload execution
- Process chains
- YARA indicators
- VirusTotal indicators
- IOCs
- Official analysis reports remain the primary source of truth
- Atlas enriches reports without recalculating verdicts
- Improved tolerance for incomplete or very large reports
- Behavior Maps and Explain Engine now better highlight:
- Suspicious processes
- YARA detections
- VirusTotal detections
- Executed payloads
- Improved consistency across Atlas views and session analysis outputs
Notes- This update focuses on improving analytical consistency between RxLab Reports, RxAtlas and AI-ready exports
- Atlas now follows the official analysis report as the source of truth while continuing to provide enriched visualization and contextual intelligence
RxCloud CyberLab – Dashboard Update Changelog Date: 2026-06-03🛠 Maintenance duration: 30 minutes
RxCloud DashboardVersion: 0.0.6.1_Stable
- Improved the My Private Reports section within the Dashboard
- Added a Threat Score badge directly on each report
- Added a color-coded Risk Level badge:
- Green → Low Risk
- Orange → Medium Risk
- Red → High Risk
- PDF reports can now be opened directly inside an integrated Dashboard modal
- JSON reports can now be opened directly inside an integrated Dashboard modal
- Added quick actions inside report modals:
- Open in a new tab
- Download report
- Improved JSON report readability with formatted rendering when supported
- No changes to report generation or existing analysis data
Notes- This update focuses on improving report accessibility and analyst experience directly from the Dashboard
- The next updates will continue to improve usability and visual consistency across RxCloud CyberLab
RxCloud CyberLab – Development UpdateAfter several months of development, bug fixing, UI improvements and infrastructure upgrades, the RxCloud CyberLab dashboard has reached a level of maturity and stability that we are happy with.
As a result, no major dashboard redesigns or feature overhauls are currently planned. Future work on the dashboard will mainly focus on stability improvements, bug fixes and small quality-of-life enhancements.
My next major development objectives are:
Android Virtual Machines (AndroidLab)* Dedicated Android analysis environments
* APK testing and behavioral observation
* Expanded mobile malware research capabilities
Session Video Recording* Optional recording of VM sessions
* Replay and review of analyst activity
* Improved documentation and investigation workflows
Continued improvements to Atlas Behavioral Intelligence* Correlation enhancements
* Better telemetry reconstruction
* Additional analysis capabilities
Thank you to everyone testing RxCloud CyberLab, reporting bugs and providing feedback.
Welcome to the Arena.
— RoxasDev
RxCloud CyberLab – Dashboard Update Changelog Date: 2026-06-07🛠 Maintenance duration: 30 minutes
RxCloud DashboardVersion: 0.0.6.2_Stable
Optimizations
- Improved performance and responsiveness on systems without a dedicated GPU (Intel and AMD integrated graphics).
- RxCloud Atlas and the Dashboard now consume significantly fewer graphical resources.
- Added automatic performance mode: on lower-end systems, rendering automatically adapts to maintain a smooth experience without any user action required.
- Optimized cursor rendering and visual effects for lower GPU usage and improved responsiveness.
Design
- No visual changes: the overall design, animated cursor and background animations remain exactly the same.
- On higher-end systems, the visual experience remains identical.
- Reduced GPU load generated by blur effects and animated backgrounds while preserving the same visual quality.
Notes- This update focuses on performance optimization and accessibility across a wider range of hardware configurations.
- The goal is to provide a smoother experience on integrated graphics systems while maintaining the premium visual appearance of RxCloud CyberLab.
RxCloud CyberLab – Update Changelog Date: 2026-06-07🛠 Maintenance duration: 30 minutes
CoreLab Controller- Improved reliability of telemetry export when a lab session reaches its time limit
- Added an additional safety mechanism for sessions approaching expiration, helping the agent finalize and submit reports more consistently
- Improved handling of rare timeout edge cases where a VM session ended normally but telemetry was not received
- Applied the fix across both primary and fallback lab capacity, including distributed nodes
- No changes to normal End Session behavior
- No changes to existing Windows lab workflows or user experience
- No impact on Linux/Kali telemetry handling
- General CoreLab Controller stability improvements for session lifecycle management
Notes- This update focuses on improving report reliability and telemetry delivery at the end of lab sessions
- Particular attention was given to distributed node environments and timeout-related edge cases
