49 lines
4.1 KiB
Markdown
49 lines
4.1 KiB
Markdown
# Awesome Cloud Security Labs
|
|
|
|
A list of free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
|
|
|
|
## Sorted by Technology and Category
|
|
|
|
|
|
| Name | Technology | Category | Author | Notes |
|
|
| :------------- |:-------------:| :-----:| :-----: | :------: |
|
|
| [AWS CIRT Workshop](https://aws.amazon.com/blogs/security/aws-cirt-announces-the-release-of-five-publicly-available-workshops/) | AWS | Self-hosted, guided vulnerability lab | AWS CIRT | Build with Cloudformation |
|
|
| [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) | AWS | Self-hosted, guided vulnerability lab | Multiple, [Rhino Security Labs](https://rhinosecuritylabs.com/) | Python orchestration of terraform |
|
|
| [Attacking and Defending Serverless Applications](https://attack-defend-serverless.sanscloudwars.com/) | AWS | Self-hosted, guided vulnerability lab | [Ryan Nicholson](https://twitter.com/ryananicholson) | Attack and defend a Lambda that you build in your own AWS account with author provided terraform |
|
|
| [flaws.cloud](http://flaws.cloud) | AWS | Author-hosted, CTF challenge | [Scott Piper](https://twitter.com/0xdabbad00) | Challenge style with levels and clues |
|
|
| [flaws2.cloud](http://flaws2.cloud) | AWS | Author-hosted, CTF challenge | [Scott Piper](https://twitter.com/0xdabbad00) | Challenge style Attacker and Defender paths |
|
|
| [Sadcloud](https://github.com/nccgroup/sadcloud) | AWS | Self-hosted | Multiple, [NCC Group](https://www.nccgroup.com) | Terraform code; not guided like CloudGoat |
|
|
| [Broken Azure](https://www.brokenazure.cloud/) | Azure | Author-hosted, CTF challenge | [Secura](https://github.com/SecuraBV/brokenbydesign-azure) | Provides hints, self-host in your own Azure account using terraform |
|
|
| [PurpleCloud Azure AD Workshop](https://lab.purplecloud.network/) | Azure | Self-hosted, guided vulnerability workshop | [Jason Ostrom](https://twitter.com/securitypuck) | Guided vulnerability lab requires PurpleCloud and terraform; username and password is ```sec588``` |
|
|
| [Mandiant Azure Workshop](https://github.com/mandiant/Azure_Workshop) | Azure | Self-hosted, guided commands | Multiple | Vulnerable by design Azure lab with two scenarios; build with terraform |
|
|
| [AzureGoat](https://github.com/ine-labs/AzureGoat) | Azure | Self-hosted, attack and defense manuals | Multiple, ine-labs | Bring your own Azure tenant, Build with terraform, one module, provides attack and defense manuals |
|
|
| [XMGoat](https://github.com/XMCyber/XMGoat) | Azure | Self-hosted, guided labs | Multiple | Build with terraform, 5 scenarios, solution docs provided |
|
|
| [GCP Goat (Josh Jebaraj)](https://gcpgoat.joshuajebaraj.com/index.html) | GCP | Self-hosted, mdbook lab guide | [Josh Jebaraj](https://joshuajebaraj.com/) | Host in your own GCP account, build with provided scripts, nice guided lab workbook |
|
|
| [GCPGoat (ine-labs)](https://github.com/ine-labs/GCPGoat) | GCP | Self-hosted, attack and defense manuals| Multiple, ine-labs | Bring your own GCP account, Build with terraform, one module, provides attack and defense manuals |
|
|
| [Bustakube](https://www.bustakube.com/) | Kubernetes | Self-hosted, import VMs| [Jay Beale](https://twitter.com/jaybeale) | Vulnerable K8S cluster, Download the VMs to build cluster and import into VMWare, run it |
|
|
| [Kubernetes Goat](https://github.com/madhuakula/kubernetes-goat) | Kubernetes | Self-hosted, multi-cloud, K3S| [Madhu Akula](https://twitter.com/madhuakula) | Create and host in your own cloud account (GKE, EKS, AKS) or K3S and attack, has a guided workbook |
|
|
| [Kubecon NA 2019 CTF](https://securekubernetes.com/) | Kubernetes | Self-hosted in GKE| Multiple | Create GCP account, has a guided workbook with two attack and defense scenarios plus bonus challenges|
|
|
| [Contained.af](https://contained.af/) | Container | Author-hosted Challenge| [Jessie Frazelle](https://twitter.com/jessfraz) | A container escape challenge, break out of it and email the author|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## AWS
|
|
|
|
## Azure
|
|
|
|
## GCP
|
|
|
|
## Kubernetes
|
|
|
|
## Container
|
|
|
|
## Terraform
|
|
|
|
## Research Labs
|
|
|