Labs

Cloud

General Purpose

Tool	Description
terragoat	Vulnerable-by-design training tool for Terraform (blog)

AWS Specific

Tool	Description
sadcloud	Purposefully insecure AWS infrastructure with Terraform
cloudgoat	Vulnerable by Design AWS deployment tool
cfngoat	Vulnerable by Design Cloudformation repository
cdkgoat	Vulnerable by Design AWS CDK repository
AWS Cyber Range	Bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using AWS
KaiMonkey	Vulnerable infrastructure to help understand common cloud security threats exposed via infrastructure as code
iam-vulnerable	An AWS IAM Privilege Escalation Playground

Azure Specific

Tool	Description
DefendTheFlag	Lab to get started with testing out Microsoft's security products
PurpleCloud	Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services
Cloud-Katana	Automate simulation steps on-demand in multi-cloud and hybrid cloud environments Is an event-driven, serverless compute application built on the top of Azure Functions that expedites the research process and validation of security controls
SimuLand	Lab environments that reproduce well-known techniques used in real attack scenarios, to test and verify effectiveness of related Microsoft 365 Defender, Azure Defender and Azure Sentinel detections

K8S

My Approach

• Multiple deployment options for a Kubernetes lab: Deploy Your Own Kubernetes Lab
• My personal approach to deploy my own Kubernetes Lab on baremetal: Kubernetes Lab on Baremetal
• How to use Cloudflare Tunnel to connect my Kubernetes Lab to the Cloudflare network: Remotely Access your Kubernetes Lab with Cloudflare Tunnel

Tool	Description
k8s-lab-plz	A modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components
kube_security_lab	Use kind to create a lab environment for testing Kubernetes exploits and security tools
kubernetes-goat	Intentionally vulnerable cluster environment to learn and practice Kubernetes security References: guide, katacoda
kind-of-insecure	Deliberately insecure Kubernetes test clusters built using kind
kubernetes-simulator	Creates a Kubernetes cluster in an AWS account, runs scenarios which misconfigure it and/or leave it vulnerable to compromise
minik8s-ctf	A beginner-friendly CTF about Kubernetes security