Cloud-Focused

• CloudFoxable - An intentionally vulnerable Amazon Web Services (AWS) environment.
• CloudGoat - A vulnerable by design Amazon Web Services (AWS) deployment tool.
• CONVEX - An open-source CTF platform that lets you spin up CTF events in your Microsoft Azure environment.
• Damn Vulnerable Cloud Application - an intentionally vulnerable cloud application to teach privilege escalation on Amazon Web Services (AWS).
• IAM Vulnerable - Use Terraform to deploy IAM resources to learn how to identify and exploit vulnerable IAM configurations.
• Lambhack - A vulnerable serverless Amazon Web Services (AWS) lambda application.
• ServerlessGoat - An Amazon Web Services (AWS) serverless application that demonstrates common serverless security flaws.
• CloudSec Tidbits - Infrastructure as Code (IaC) laboratory reproducing interesting pentest findings by DoyenSec.
• GCP Goat - An intentionally vulnerable GCP environment to learn and practice GCP security.
• FLAWS - A CTF site based on common mistakes and gotchas when using Amazon Web Services (AWS).
• FLAWS2 - The sequel to the flAWS.cloud CTF site with both an Attacker and Defender track using Amazon Web Services (AWS).
• S3 CTF Challenges - A series of challenges focusing on Amazon Web Services (AWS) S3 misconfigurations.
• The Big IAM Challenge by Wiz - A hosted Identity and Access Management (IAM) based CTF.
• Thunder CTF - A CTF site based on attacking vulnerable cloud projects on Google Cloud Platform (GCP).

CTF Platforms

• Facebook CTF - A CTF platform by Facebook to host Jeopardy and “King of the Hill” style Capture the Flag competitions.
• HackThisSite - A CTF site to practice your ethical hacking skills.
• OverTheWire - A series of CTFs to practice security concepts in the form of fun-filled games.
• TryHackMe - An online CTF platform that teaches you about hacking and pentesting by way of gamified challenges.

Vulnerable Platforms

• Damn Vulnerable Bank - An intentionally vulnerable Android banking application.
• Damn Vulnerable Linux - A vulnerable Linux distribution designed to help sysadmins to better understand how to secure Linux.
• Damn Vulnerable Web App - A vulnerable PHP/MySQL web application designed to help web developers better understand securing web apps.
• OWASP Juice Shop - An insecure web application written in Node.js that is vulnerable to the [OWASP Top 10](https://owasp.org/www-project-top-ten/) web application security risks and other real-world vulnerabilities.

• Capture The Flag

Introductory Education

• Cyber Start - High School level introductory hacking courses.

Introductory Education

• DeFiVulnLabs - A site to learn about Web3 solidity security training on Foundry.
• DeFiHackLabs - A site that uses real past DeFi hack incidents to let you recreate how the hacks happened and how to secure them.

Introductory Education

• Cryptopals - A site to learn about cryptography through problem-solving and programming.
• CryptoHack - A free platform for learning modern cryptography.
• MysteryTwister C3 - A variety of tasks and riddles (challenges) at four levels of difficulty.