Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
| README.md | ||
Awesome Cloud Security Labs
A list of free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
Sorted by Technology and Category
| Name | Technology | Category | Author | Notes |
|---|---|---|---|---|
| AWS CIRT Workshop | AWS | Self-hosted, guided vulnerability lab | AWS CIRT | Build with Cloudformation |
| CloudGoat | AWS | Self-hosted, guided vulnerability lab | Multiple, Rhino Security Labs | Python orchestration of terraform |
| Attacking and Defending Serverless Applications | AWS | Self-hosted, guided vulnerability lab | Ryan Nicholson | Attack and defend a Lambda that you build in your own AWS account with author provided terraform |
| flaws.cloud | AWS | Author-hosted, CTF challenge | Scott Piper | Challenge style with levels and clues |
| flaws2.cloud | AWS | Author-hosted, CTF challenge | Scott Piper | Challenge style Attacker and Defender paths |
| Sadcloud | AWS | Self-hosted | Multiple, NCC Group | Terraform code; not guided like CloudGoat |
| Broken Azure | Azure | Author-hosted, CTF challenge | Secura | Provides hints, self-host in your own Azure account using terraform |
| PurpleCloud Azure AD Workshop | Azure | Self-hosted, guided vulnerability workshop | Jason Ostrom | Guided vulnerability lab requires PurpleCloud and terraform; username and password is sec588 |
| Mandiant Azure Workshop | Azure | Self-hosted, guided commands | Multiple | Vulnerable by design Azure lab with two scenarios; build with terraform |
| AzureGoat | Azure | Self-hosted, attack and defense manuals | Multiple, ine-labs | Bring your own Azure tenant, Build with terraform, one module, provides attack and defense manuals |
| XMGoat | Azure | Self-hosted, guided labs | Multiple | Build with terraform, 5 scenarios, solution docs provided |
| GCP Goat (Josh Jebaraj) | GCP | Self-hosted, mdbook lab guide | Josh Jebaraj | Host in your own GCP account, build with provided scripts, nice guided lab workbook |
| GCPGoat (ine-labs) | GCP | Self-hosted, attack and defense manuals | Multiple, ine-labs | Bring your own GCP account, Build with terraform, one module, provides attack and defense manuals |
| Bustakube | Kubernetes | Self-hosted, import VMs | [Jay Beale]9https://twitter.com/jaybeale) | Vulnerable K8S cluster, Download the VMs to build cluster and import into VMWare, run it |
| [Kubernetes Goat(https://github.com/madhuakula/kubernetes-goat) | Kubernetes | Self-hosted, import VMs | Madhu Akula | Create in your own cloud account and attack, has a guided workbook |