Early last year the word ‘agentic’ started to get thrown around a lot in regards to AI without much to show for it for much of the year. So much so that I started to dismiss it as a corporate buzzword, relegated to the likes of AI generated LinkedIn posts and scam online universities that want to make a quick buck.

All of that changed in the last month. I dropped into my GOAD range, wrote a couple of skills files, made my CLAUDE.md to help do some hand holding and let it rip. A few approvals of some shell commands and BOOM! A decent little enumeration of an Active Directory domain with legitimate next steps suggested and findings recorded and remediation advice given.

In offensive security the ability to test out attacks in a lab is invaluable - knowing that you’re going to see a certain piece of software, OS, or networking configuration, having a place to test out TTPs is the best type of preparation you can do. Ludus is a self-hostable cyber range built on Proxmox, Ansible and Packer. It helps to automate one of the most tedious aspects of security, deploying testing environments. One of the best things about Ludus is that it’s an overlay on Proxmox, not a replacement. This means that any Ludus range is still a completely viable Proxmox machine for other workloads. Personally I like to run Ludus on its own system if possible in order to separate production systems and ranges.