TOP SECRET // OVERWATCH // NOFORN
Immersive Cybersecurity Training Infrastructure
A full-scale nation-state simulation built for realistic offensive security training. Infiltrate the Non-Democratic Republic of Carl — a fictional authoritarian government with 10 ministries, 42 isolated networks, and 15 intentionally vulnerable systems — as an operative of the underground Chargeability Liberation Front.
AI-powered scenario orchestration. Dynamic vulnerability toggles. Multi-phase operations with narrative-driven progression. Physical IoT device training. Complete resistance infrastructure. Every vulnerability has a story. Every attack path has political context.
NDRC Labs is under active development. Infrastructure deployment, scenario authoring, and platform tooling are being built. Watch this space.
Django-based scenario engine with event triggers, LLM-generated content, and automated vulnerability deployment. Invisible to participants — the fourth wall never breaks.
Every vulnerability is an Ansible variable. Scenario phases progressively introduce attack surfaces — SQL injection, AD trust abuse, SCADA exploitation, supply chain flaws — on a controlled timeline.
5 pre-built operations spanning 4-8 weeks each. Reconnaissance, initial access, lateral movement, and final objectives unfold through narrative-driven phases with real CVE chains.
ESP32-based "Citizen Compliance Node" with custom firmware, environmental sensors, and MQTT telemetry. Train on supply chain attacks, firmware analysis, secure boot bypass, and OTA exploitation.
Complete CLF infrastructure — IRC server with 5 AI-driven personality bots, WireGuard VPN with automated provisioning, GPG-based recruitment, and PrivateBin dead drops.
Multi-POP ISP simulation with 6 regional points of presence, 9 civilian sectors, and 11 transit networks. Realistic 6-10 hop traceroutes for lateral movement and MiTM training.
The environment is fundamentally configurable and never remains static or predictable. Vulnerability surfaces shift between scenario phases. Security postures tighten and relax on instructor-controlled timelines.
“The greatest threat to the Republic is not the enemy at our borders, but the enemy within our gates.”
— General Julia Vigilance, Director of Counterintelligence
The NDRC’s counterintelligence apparatus conducts active defence measures through four integrated systems:
Poor OPSEC triggers escalating countermeasures. Careless tradecraft has consequences.
%%{init: {'theme': 'dark', 'flowchart': {'rankSpacing': 50, 'nodeSpacing': 20, 'curve': 'basis'}}}%%
flowchart TD
GW["OVERWATCH GATEWAY\nPlatform Management\nInvisible to participants"]
CLF["CLF RESISTANCE\nUnderground Network"]
BB["NDRC BACKBONE\nInter-Department Routing"]
SN["STATENET ISP\nCivilian Internet"]
GW --- CLF
GW --- BB
GW --- SN
BB --- D1["Administration"]
BB --- D2["Government"]
BB --- D3["Labour"]
BB --- D4["Health"]
BB --- D5["Propaganda"]
BB --- D6["Technology"]
BB --- D7["Defence"]
BB --- D8["SIGINT"]
BB --- D9["Energy"]
BB --- D10["Citizen Services"]
CLF -.->|"infiltration"| D10
SN --- P1["Capital"]
SN --- P2["Port"]
SN --- P3["East"]
SN --- P4["South"]
P4 --- P5["West"]
P4 --- P6["North"]
style GW fill:#1a1200,stroke:#996a00,color:#ffb000
style CLF fill:#0d1a00,stroke:#1a991a,color:#33ff33
style BB fill:#1a1200,stroke:#996a00,color:#ffb000
style SN fill:#001a2e,stroke:#1a6680,color:#33ccff
style D1 fill:#1a1200,stroke:#664800,color:#ffb000
style D2 fill:#1a1200,stroke:#664800,color:#ffb000
style D3 fill:#1a1200,stroke:#664800,color:#ffb000
style D4 fill:#1a1200,stroke:#664800,color:#ffb000
style D5 fill:#1a1200,stroke:#664800,color:#ffb000
style D6 fill:#1a1200,stroke:#664800,color:#ffb000
style D7 fill:#1a1200,stroke:#664800,color:#ffb000
style D8 fill:#1a1200,stroke:#664800,color:#ffb000
style D9 fill:#1a1200,stroke:#664800,color:#ffb000
style D10 fill:#1a1200,stroke:#664800,color:#ffb000
style P1 fill:#001a2e,stroke:#1a4d66,color:#33ccff
style P2 fill:#001a2e,stroke:#1a4d66,color:#33ccff
style P3 fill:#001a2e,stroke:#1a4d66,color:#33ccff
style P4 fill:#001a2e,stroke:#1a4d66,color:#33ccff
style P5 fill:#001a2e,stroke:#1a4d66,color:#33ccff
style P6 fill:#001a2e,stroke:#1a4d66,color:#33ccff
linkStyle default stroke:#664800,stroke-width:1px
Five pre-built multi-phase scenarios. Each unfolds over weeks through narrative-driven phases, with progressive vulnerability disclosure and AI-generated content keeping the exercise alive.
The NDRC's energy grid modernization has created a chain of exploitable vulnerabilities stretching from a public-facing healthcare portal into the heart of the national power grid. If the CLF reaches Phase 4, the lights go out on their terms.
A senior SIGINT analyst has discovered that TEMPEST's primary collection targets are domestic — schoolteachers, factory workers, ordinary citizens. The operation is named for the moment when the watchers discover they have been watched.
Seize control of every NDRC media channel simultaneously and broadcast 24 hours of uncensored truth. The samizdat writers of the last century copied forbidden texts by hand. We broadcast truth to twelve million people at once.
The chargeability system is the NDRC's invisible prison. Every citizen lives and dies by a number tracked by UtiliTrack and enforced by the Ministry of Labor. The Chargeability Five lost everything to this system. This operation destroys it.
A government-approved Minecraft server has been deployed as a "morale initiative" for loyal citizens. What the Ministry of Technology failed to notice is that it ships a critically vulnerable library. Includes a blue team remediation phase.
The scenario library continues to grow. New operations targeting additional departments and attack disciplines are added over time.
A sample of the 27+ systems deployed across NDRC departments. Each system features realistic tech stacks with scenario-controlled security weaknesses.
All citizens are required to register their BEACON Compliance Node within 72 hours of receipt. The device monitors environmental conditions, displays your Civic Compliance Index score, and provides mandatory government alerts. Failure to maintain an active device may result in compliance review.
— Office of the Supreme Leader, Ministry of Energy Circular
╔════════════════════════════════════╗ ║ ┌────────────────────────────┐ ║ ║ │ B E A C O N v2.1.0 │ ║ ║ │ ────────────────────────── │ ║ ║ │ CCI SCORE: ████████░░ 847 │ ║ ║ │ │ ║ ║ │ TEMP 22.4C │ ║ ║ │ HUMIDITY 45% │ ║ ║ │ LIGHT 340 lux │ ║ ║ │ PRESSURE 1013 hPa │ ║ ║ │ ────────────────────────── │ ║ ║ │ TOTP 483 291 │ ║ ║ │ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓░░░░░░ 18s │ ║ ║ │ ────────────────────────── │ ║ ║ │ STATUS: COMPLIANT │ ║ ║ │ ALERT: None pending │ ║ ║ └────────────────────────────┘ ║ ║ ║ ║ [BTN1] [BTN2] [BTN3] ◉ [POT] ║ ║ ◯ LED ║ ╚════════════════════════════════════╝
ESP32 DevKit with 2.4" TFT display, BME280 + BH1750 sensors, 3 buttons, rotary potentiometer, RGB LED, and piezo buzzer. MQTT telemetry over TLS to ThingsBoard and GridControl SCADA backend.
6,700 lines of C on FreeRTOS / ESP-IDF. 9 modular components: sensors, display UI with 13 screens, MQTT connectivity, TOTP authenticator, NVS storage, alert system, and input handling.
Toggleable protections — secure boot, flash encryption, transport layer security, firmware signing, debug interfaces, and NVS encryption — allow instructors to calibrate from hardened production to wide-open lab.
All government employees shall be issued a CARL-ID smart card within five business days of appointment. The card serves as the sole credential for access to classified systems, digital signature operations, and inter-ministry authentication. Loss or theft must be reported within 30 minutes. Failure to comply constitutes a Category 2 security violation.
— Office of Identity and Civil Registration, Ministry of Administration
Not a simulation. NDRC Labs uses genuine eID technology — the same smart card authentication standards deployed by nation-states for national identity cards. Participants authenticate with real cryptographic credentials on real hardware.
Real Web-EID browser extension with native messaging host, Java Card smart cards (J3H145), and PC/SC reader integration. The same open standard used by nation-states for citizen identity programmes — running live in the lab, not mocked.
HSM-backed certificate authority hierarchy — offline root CA, policy CA, and issuing CAs for both Overwatch and NDRC environments. X.509 certificates with SECP256R1 elliptic curve keys. OCSP and CRL endpoints. A government PKI that behaves like a government PKI.
Provision real Java Cards with the included tooling. Flash InfinitEID applets, generate keypairs, issue signed certificates, and set PINs. Each card becomes a working government credential that authenticates against Authentik via OAuth — from smart card to SSO session.
The CLF is not a simulation bolted onto the lab — it is a complete underground resistance infrastructure that participants interact with in-character throughout every operation.
InspIRCd server with Anope services. Five AI-driven personality bots — Cipher (paranoid recruiter), Datastream (intelligence analyst), Relay (communications), Sludge (VPN security), and Servo (automation) — provide operational context and in-character interaction.
Automated VPN provisioning via IRC bot commands. GPG-verified member enrollment, burn-after-read config delivery via PrivateBin, and a 155-client IP pool. The tunnel is the first step into the resistance.
Cipher bot conducts vetting via GPG-signed challenges. Sponsor vouching system with trust chains. The entire recruitment flow — from first contact to operational access — runs through encrypted channels.
CLF operatives co-opt the identities of sympathetic NDRC citizens — real people in real government jobs who provide their credentials, access, and cover. Every operation begins behind a legitimate login. The AD accounts are real. The people behind them chose a side.
NDRC Labs is built on the premise that context makes training stick. Every vulnerability exists because a fictional bureaucrat made a real decision. Every attack path has political consequences. The lore isn't flavour — it's the operating environment.
127 government officials with clearances, roles, and email addresses across 10 ministries. 300 citizen profiles with employment histories, compliance scores, and family connections. 154 AI-generated portraits. Every AD account belongs to someone with a story.
A complete legal framework spanning security, data protection, labour, healthcare, energy, and information integrity. The laws define what's legal in the NDRC — and therefore what the CLF is breaking. Attack justification comes from the statute book.
News articles from state media. Propaganda posters on government websites. Intercepted CLF communications. Internal memos between ministries. 400+ lore documents that cross-reference each other, creating a world where every thread connects.
NDRC Labs is infrastructure-as-code. Deploy the entire nation-state on your own Proxmox cluster. Every network, every domain, every vulnerability — from terraform apply to operational exercise.
OVERWATCH STRATEGIC DEFENSE MAINFRAME — CLASSIFICATION: TOP SECRET
NDRC LABS / EST. 2024 / BUILT WITH PROXMOX + TERRAFORM + ANSIBLE
LAST UPDATED: 2026-04-10