Computer security students benefit from having hands-on experience with hacking tools and with access to vulnerable systems that they can attack and defend. However, vulnerable VMs are static; once they have been exploited by a student there is no repeatable challenge as the vulnerable boxes never change. A new novel solution, SecGen, has been created and deployed. SecGen solves the issue by creating vulnerable machines with randomised vulnerabilities and services, with constraints that ensure each scenario is catered to specific skills or concepts. SecGen was successfully deployed to generate VMs for a second year undergraduate team module. Future plans are discussed
