Non-Democratic Republic of Carl
| Developer(s) | Adrian Lewis |
|---|---|
| Written in | Terraform, Ansible, Python, C, JavaScript |
| Engine | |
| Operating system | Linux, Proxmox VE |
| Type | Cybersecurity training platform |
| Website | ndrc |
Search Non-Democratic Republic of Carl on Amazon.
NDRC Labs is an open-source cybersecurity training platform that simulates a hostile nation-state network environment for red team-blue team exercises. Built on Proxmox VE and deployed using Terraform and Ansible, the platform creates a fictional authoritarian government called the Non-Democratic Republic of Carl (NDRC), whose networks participants must infiltrate as members of an underground resistance group.[1]
Overview
NDRC Labs deploys over 42 isolated virtual networks, 10 government departments, 9 Active Directory domains, and more than 15 intentionally vulnerable applications across a multi-tiered network architecture.[2] The platform is designed to provide realistic, narrative-driven training scenarios lasting four to eight weeks, in contrast to standalone capture-the-flag challenges or isolated vulnerable machines.
A central design principle is that every exploitable vulnerability is embedded within the fictional setting's narrative. Attack paths emerge from the interactions between the regime's systems rather than being presented as abstract technical exercises.[1]
Fictional setting
The Non-Democratic Republic of Carl is a satirical authoritarian bureaucracy governed by "Supreme Leader Carl". The regime measures citizen loyalty through mandatory chargeability metrics tracked in six-minute increments and enforced by a system called UtiliTrack. Citizens' access to healthcare, housing, and services is determined by productivity scores calculated through a national surveillance programme known as COMPASS.[1]
The setting satirises elements of management consulting culture, including timesheet obsession, matrix management, and KPI-driven governance.
Factions
- NDRC Government - The target environment, comprising 10 ministries (Defence, Security, SIGINT, Labour, Technology, Health, Energy, Propaganda, and the Office of the Supreme Leader) staffed by over 127 named fictional characters with defined roles, security clearances, and Active Directory accounts.
- Chargeability Liberation Front (CLF) - The underground resistance movement through which participants operate. The CLF's aesthetics and operational culture draw from real-world hacker groups including the Cult of the Dead Cow, L0pht, and Telecomix. The CLF operates via an IRC server staffed by AI-driven personality bots and uses GPG-based recruitment ceremonies.
- Overwatch - The invisible management layer that runs the infrastructure and scenario orchestration, unseen by participants.
Architecture
The platform operates across three layers:[2]
- Overwatch - A management network hosting 11 service virtual machines including monitoring (Prometheus, Grafana), DNS, PKI, and the GameMaster scenario engine.
- NDRC Government - The target environment with department networks segmented into servers, DMZ, sensitive, and workstation tiers.
- CLF and StateNet - The participant-facing attacker network and a simulated civilian ISP with six regional points of presence.
A three-tier router architecture comprising 22 virtual routers enforces network segmentation and provides realistic traceroute paths of 6-10 hops.
GameMaster
The GameMaster is a Django application that orchestrates multi-phase training scenarios. It uses an event engine with eight trigger types to manage narrative progression and progressive vulnerability disclosure. Integration with Ollama and Open-WebUI enables large language model-generated content including in-character news articles, agent briefings, and IRC dialogue. Flag captures in CTFd automatically advance the scenario narrative.[2]
BEACON device
NDRC Labs includes a physical ESP32-based IoT device called BEACON, designed for supply chain attack training. The device runs custom FreeRTOS firmware with environmental sensors and a display, and includes toggleable firmware and backend vulnerabilities.
See also
References
- ↑ 1.0 1.1 1.2 "NDRC Labs". Retrieved 2026-04-16.
- ↑ 2.0 2.1 2.2 "Overwatch - NDRC Labs Promo". Retrieved 2026-04-16.
External links
Category:Computer security software
Category:Free security software
Category:Virtualization software
This article "Non-Democratic Republic of Carl" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Non-Democratic Republic of Carl. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
