Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Awesome-CloudSec-Labs
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
https://github.com/iknowjason/Awesome-CloudSec-Labs
Last synced: 5 days ago
JSON representation
-
Sorted by Technology and Category
- Pentesting.Cloud - hosted, Author-hosted CTF labs | [Nicholas Gilbert](https://www.linkedin.com/in/nicksecurity/) | 17 free labs, requires registration, some labs are bring your own AWS account and use cloudformation to create |
- AWS Well-Architected Security Workshop - hosted, guided labs | AWS Well-Architected | Several hands-on-labs to help you learn, measure, and improve the security of your architecture using best practices from the Security pillar of the AWS Well-Architected Framework. |
- flaws.cloud - hosted, CTF challenge | [Scott Piper](https://twitter.com/0xdabbad00) | Challenge style with levels and clues |
- flaws2.cloud - hosted, CTF challenge | [Scott Piper](https://twitter.com/0xdabbad00) | Challenge style Attacker and Defender paths |
- AWSGoat - hosted, attack and defense manuals | Multiple, ine-labs | Bring your own aws account, Build with terraform, two modules, provides attack and defense manuals |
- Sadcloud - hosted | Multiple, [NCC Group](https://www.nccgroup.com) | Terraform code; not guided like CloudGoat |
- DVCA - hosted demo lab | [Maxime Leblanc](https://medium.com/@mleblanc_82306) | Deploy a Damn Vulnerable Cloud Application in your own AWS account to practice privilege escalation |
- lambhack - hosted lab | [James Wickett](https://twitter.com/wickett) | Deploy a very vulnerable AWS lambda serverless application in your AWS account |
- BadZure - hosted lab | [Mauricio Velazco](https://twitter.com/mvelazco) | Powershell Graph SDK script that spins up your own Azure AD (Entra ID) lab with attack paths. Currently no walk through or guide. |
- Mandiant Azure Workshop - hosted, guided commands | Multiple | Vulnerable by design Azure lab with two scenarios; build with terraform |
- AzureGoat - hosted, attack and defense manuals | Multiple, ine-labs | Bring your own Azure tenant, Build with terraform, one module, provides attack and defense manuals |
- XMGoat - hosted, guided labs | Multiple | Build with terraform, 5 scenarios, solution docs provided |
- CONVEX - hosted, CTF | Multiple | Spin up three Capture the Flag environments in your Azure tenant using powershell |
- GCPGoat (ine-labs) - hosted, attack and defense manuals| Multiple, ine-labs | Bring your own GCP account, Build with terraform, one module, provides attack and defense manuals |
- Kubernetes Goat - hosted, multi-cloud, K3S| [Madhu Akula](https://twitter.com/madhuakula) | Create and host in your own cloud account (GKE, EKS, AKS) or K3S and attack, has a guided workbook |
- Kube Security Lab
- Contained.af - hosted Challenge| [Jessie Frazelle](https://twitter.com/jessfraz) | A container escape challenge, break out of it and email the author|
- TerraGoat - hosted multi-cloud (AWS, Azure, GCP)| Multiple, [Bridgecrew](https://www.bridgecrew.io/) | Vulnerable by design terraform repository|
- SimuLand
- CI/CD Goat - code-security) | Deliberately vulnerable CI/CD environment, hacking CI/CD pipelines with CTF. Host locally with docker.|
- Github Actions Goat - hosted Github | [StepSecurity](https://www.stepsecurity.io/) | Deliberately vulnerable Github Actions CI/CD environment, hosted in your own Github account. Includes threat scenario descriptions mapped to vulnerabilities.|
- CloudGoat - hosted, guided vulnerability lab | Multiple, [Rhino Security Labs](https://rhinosecuritylabs.com/) | Python orchestration of terraform |
- Attacking and Defending Serverless Applications - hosted, guided vulnerability workshop | [Ryan Nicholson](https://twitter.com/ryananicholson) | Attack and defend a Lambda that you build in your own AWS account with author provided terraform |
- IAM Vulnerable - hosted, guided vulnerability lab | [Seth Art](https://twitter.com/sethsec) | IAM-focused priv esc playground with 31 pathways, create in your own AWS account using terraform, solid docs |
- CloudFoxable - hosted CTF Challenge | [Seth Art](https://twitter.com/sethsec) | Create your own vulnerable by design AWS penetration testing playground |
- The Big IAM Challenge - hosted CTF Challenge | [Wiz](https://www.wiz.io) | CTF challenge to identify and exploit IAM misconfigurations |
- AWS CIRT Workshop - hosted, guided lab | AWS CIRT | Build with Cloudformation, explore 5 common incident response scenarios observed by AWS CIRT |
- CloudSec Tidbits - hosted Challenge | [Doyensec](https://doyensec.com/) | Three web app security flaws specific to AWS cloud, self-hosted with terraform |
- Broken Azure - hosted, CTF challenge | [Secura](https://github.com/SecuraBV/brokenbydesign-azure) | Provides hints, optionally self-host in your own Azure account using terraform |
- K8s Lan Party
- Bustakube - hosted, import VMs| [Jay Beale](https://twitter.com/jaybeale) | Vulnerable K8S cluster, Download the VMs to build cluster and import into VMWare, run it |
- GCP Goat (Josh Jebaraj) - hosted, mdbook lab guide | [Josh Jebaraj](https://joshuajebaraj.com/) | Host in your own GCP account, build with provided scripts, nice guided lab workbook |
- Thunder CTF - hosted, CTF| Multiple | Bring your own GCP account, 6 levels, practice attacking vulnerable cloud projects on GCP |
- Container Security 101 - hosted, guided workshop| [Jon Zeolla](https://twitter.com/JonZeolla) | A guided vulnerability workshop, host in your AWS account, provided CloudFormation|
- Kubecon NA 2019 CTF - hosted in GKE| Multiple | Create GCP account, has a guided workbook with two attack and defense scenarios plus bonus challenges|
- CI/CDon't - hosted CTF walkthrough | [Nick Frichette](https://twitter.com/Frichette_n) | Host with terraform in your own AWS account, vulnerable CI/CD CTF infrastructure |
- EKS Cluster Games
-
AWS
- Pentesting.Cloud
- CloudSec Tidbits - hosted with terraform.
- AWSGoat
-
Research Labs
-
Azure
-
Container
Programming Languages
Sub Categories
Keywords
security
4
devsecops
4
hacking
2
docker
2
cloudsecurity
2
cloud-security
2
terraform
2
cloud-native
1
blueteam
1
container
1
container-security
1
purpleteaming
1
azure-active-directory
1
infrastructure
1
k8s
1
kubernetes
1
kubernetes-goat
1
kubernetes-security
1
owasp
1
pentesting
1
redteam
1
aws
1
attack-simulator
1
attack-simulation
1
actions
1
jenkins
1
infosec
1
gitlab
1
devops
1
ctf
1
cicd
1
appsec
1
goat
1
gcp-security
1
azure-security
1
aws-security
1
syscalls
1
seccomp
1
opencontainers
1
linux
1
game
1
containers
1
apparmor
1
vulnerable-app
1