Skip to content

Labs

Cloud

General Purpose

Tool Description
terragoat
  • Vulnerable-by-design training tool for Terraform (blog)

AWS Specific

Tool Description
sadcloud
  • Purposefully insecure AWS infrastructure with Terraform
cfngoat
  • Vulnerable by Design Cloudformation repository
cdkgoat
  • Vulnerable by Design AWS CDK repository
AWS Cyber Range
  • Bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using AWS
KaiMonkey
  • Vulnerable infrastructure to help understand common cloud security threats exposed via infrastructure as code

Azure Specific

Tool Description
DefendTheFlag
  • Lab to get started with testing out Microsoft's security products
PurpleCloud
  • Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services

K8S

Tip

Tool Description
kube_security_lab
  • Use kind to create a lab environment for testing Kubernetes exploits and security tools
kubernetes-goat
  • Intentionally vulnerable cluster environment to learn and practice Kubernetes security
  • References: guide, katacoda
kind-of-insecure
  • Deliberately insecure Kubernetes test clusters built using kind
kubernetes-simulator
  • Creates a Kubernetes cluster in an AWS account, runs scenarios which misconfigure it and/or leave it vulnerable to compromise
Back to top