Labs
Cloud¶
General Purpose¶
Tool | Description |
---|---|
terragoat | Vulnerable-by-design training tool for Terraform (blog) |
wrongsecrets | Vulnerable app with examples showing how to not use secrets |
AWS Specific¶
Tool | Description |
---|---|
Stratus Red team | Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner |
aws-cloudsaga | Test security controls and alerts within AWS environments, using generated alerts based on security events seen by the AWS Customer Incident Response Team (CIRT) |
sadcloud | Purposefully insecure AWS infrastructure with Terraform |
cloudgoat | Vulnerable by Design AWS deployment tool |
cfngoat | Vulnerable by Design Cloudformation repository |
cdkgoat | Vulnerable by Design AWS CDK repository |
AWS Cyber Range | Bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using AWS |
KaiMonkey | Vulnerable infrastructure to help understand common cloud security threats exposed via infrastructure as code |
iam-vulnerable | An AWS IAM Privilege Escalation Playground |
oidc-ssrf | Evil OIDC server: the OpenID Configuration URL returns a 307 to cause SSRF |
GCP Specific¶
Tool | Description |
---|---|
GCPGoat | GCPGoat: A Damn Vulnerable GCP Infrastructure |
Azure Specific¶
Tool | Description |
---|---|
DefendTheFlag | Lab to get started with testing out Microsoft's security products |
PurpleCloud | Multi-use Hybrid + Identity Cyber Range implementing a small Active Directory Domain in Azure alongside Azure AD and Azure Domain Services |
Cloud-Katana | Automate simulation steps on-demand in multi-cloud and hybrid cloud environments |
SimuLand | Lab environments that reproduce well-known techniques used in real attack scenarios, to test and verify effectiveness of related Microsoft 365 Defender, Azure Defender and Azure Sentinel detections |
K8S¶
My Approach
- Marco Lancini Deploy Your Own Kubernetes Lab: Multiple deployment options for a Kubernetes lab
- Marco Lancini Kubernetes Lab on Baremetal: My personal approach to deploy my own Kubernetes Lab on baremetal
- Marco Lancini Remotely Access your Kubernetes Lab with Cloudflare Tunnel: How to use Cloudflare Tunnel to connect my Kubernetes Lab to the Cloudflare network
Tool | Description |
---|---|
k8s-lab-plz | A modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components |
kube_security_lab | Use kind to create a lab environment for testing Kubernetes exploits and security tools |
kubernetes-goat |
|
kind-of-insecure | Deliberately insecure Kubernetes test clusters built using kind |
kubernetes-simulator | Creates a Kubernetes cluster in an AWS account, runs scenarios which misconfigure it and/or leave it vulnerable to compromise |
gke-poc-toolkit | Demo generator for GKE |
minik8s-ctf | A beginner-friendly CTF about Kubernetes security |
kustomizegoat | Vulnerable Kustomize Kubernetes templates for training and education |
Docker¶
Tool | Description |
---|---|
vulhub | Pre-Built Vulnerable Environments Based on Docker-Compose |
CI/CD¶
Tool | Description |
---|---|
cicd-goat |
|
Other¶
Tool | Description |
---|---|
Awesome-CloudSec-Labs |
|