• Home
  • Categories
  • Pricing
  • Submit
    Built with
    Ever Works
    Ever Works

    Connect with us

    Stay Updated

    Get the latest updates and exclusive content delivered to your inbox.

    Product

    • Categories
    • Pricing
    • Help

    Clients

    • Sign In
    • Register
    • Forgot password?

    Company

    • About Us
    • Admin
    • Sitemap

    Resources

    • Blog
    • Submit
    • API Documentation
    All product names, logos, and brands are the property of their respective owners. All company, product, and service names used in this repository, related repositories, and associated websites are for identification purposes only. The use of these names, logos, and brands does not imply endorsement, affiliation, or sponsorship. This directory may include content generated by artificial intelligence.
    Copyright © 2025 Ever. All rights reserved.·Terms of Service·Privacy Policy·Cookies
    Decorative pattern
    Decorative pattern
    1. Home
    2. Security
    3. Awesome CloudSec Labs

    Awesome CloudSec Labs

    Awesome free cloud native security learning labs including CTF challenges, self-hosted workshops, guided vulnerability labs, and cloud security research environments.

    Surveys

    Loading more......

    Information

    Websitegithub.com
    PublishedMar 26, 2026

    Categories

    1 Item
    Security

    Tags

    3 Items
    #cloud-security#ctf#labs

    Overview

    Awesome CloudSec Labs is a curated collection of free cloud native security learning labs, offering hands-on experience with CTF challenges, workshops, vulnerability labs, and research environments.

    Features

    • Free Learning Labs: No-cost cloud security training
    • CTF Challenges: Capture the Flag competitions and challenges
    • Self-Hosted Workshops: Run labs in your own environment
    • Guided Vulnerability Labs: Step-by-step security exercises
    • Research Environments: Testbeds for security research
    • Multi-Cloud Coverage: AWS, Azure, GCP security labs
    • Hands-On Practice: Real-world scenarios and exploits
    • Offensive & Defensive: Both red team and blue team perspectives

    Lab Categories

    CTF Challenges

    Cloud-Specific CTFs

    • flAWS: AWS security challenges
    • flAWS2: Advanced AWS security scenarios
    • CloudGoat: Intentionally vulnerable AWS deployments
    • AWSGoat: Vulnerable AWS infrastructure
    • GCP-Goat: Google Cloud vulnerable environment
    • AzureGoat: Azure security challenges

    General Security CTFs with Cloud

    • HackTheBox: Some cloud-based machines
    • TryHackMe: Cloud security rooms
    • PentesterLab: Cloud-focused exercises

    Vulnerable Infrastructure

    AWS

    • CloudGoat: Rhino Security Labs' vulnerable AWS environment
    • DVCA: Damn Vulnerable Cloud Application
    • ServerlessGoat: Vulnerable serverless applications
    • Sadcloud: Terraform IaC with vulnerabilities

    Azure

    • AzureGoat: Vulnerable Azure infrastructure
    • Convex: Azure security lab
    • Azure Security Lab: Microsoft security scenarios

    GCP

    • GCP-Goat: Intentionally insecure GCP environment
    • Thunder CTF: Google Cloud security challenges

    Multi-Cloud

    • Kubernetes Goat: Vulnerable K8s cluster
    • TerraGoat: IaC security testing

    Self-Hosted Workshops

    • Cloud Security Workshop: Deploy vulnerable apps
    • Kubernetes Security Workshop: Cluster security
    • Serverless Security Workshop: Function security
    • Container Security Workshop: Docker/container security

    Guided Vulnerability Labs

    Privilege Escalation

    • IAM misconfigurations
    • SSRF to metadata service
    • Role assumption attacks
    • Container escape techniques

    Data Exfiltration

    • S3 bucket enumeration
    • Database credential exposure
    • Secrets in environment variables
    • Snapshot/backup access

    Lateral Movement

    • Instance metadata abuse
    • Cross-account access
    • Service-to-service pivoting
    • Kubernetes pod-to-pod movement

    Research Environments

    • Detection Lab: Build detection systems
    • Purple Lab: Combined red/blue team exercises
    • Honeypot Deployment: Cloud-based honeypots
    • Security Tool Testing: Test cloud security tools

    Skills Developed

    Offensive Security

    • Cloud enumeration techniques
    • IAM exploitation
    • Privilege escalation
    • Data exfiltration
    • Lateral movement
    • Persistence mechanisms
    • Supply chain attacks

    Defensive Security

    • Security monitoring
    • Log analysis
    • Incident response
    • Threat detection
    • Security hardening
    • Compliance validation
    • Forensics

    Tools & Techniques

    • Cloud security scanners (ScoutSuite, Prowler)
    • Exploitation frameworks
    • Enumeration tools (CloudMapper, Pacu)
    • Container security (Trivy, Clair)
    • Kubernetes security (kube-bench, kube-hunter)
    • IAM analysis (Principal Mapper, CloudTracker)

    Learning Paths

    Beginner

    1. Start with flAWS challenges
    2. Try basic CloudGoat scenarios
    3. Practice with guided tutorials
    4. Learn cloud security fundamentals

    Intermediate

    1. flAWS2 advanced challenges
    2. Complex CloudGoat scenarios
    3. Multi-service attacks
    4. Kubernetes security labs

    Advanced

    1. Research environments
    2. Custom vulnerable infrastructure
    3. Zero-day hunting
    4. Advanced persistence techniques

    Cloud Provider Coverage

    AWS Labs

    • IAM misconfiguration scenarios
    • S3 bucket security
    • EC2 instance exploitation
    • Lambda function vulnerabilities
    • RDS/database attacks

    Azure Labs

    • Azure AD attacks
    • Storage account enumeration
    • VM exploitation
    • Function app security

    GCP Labs

    • GCP IAM issues
    • Storage bucket misconfiguration
    • Compute instance attacks
    • Cloud Functions security

    Kubernetes Labs

    • Pod security
    • RBAC exploitation
    • Network policy bypass
    • Admission controller testing

    Certifications Supported

    • AWS Certified Security - Specialty
    • Azure Security Engineer Associate
    • GCP Professional Cloud Security Engineer
    • Certified Kubernetes Security Specialist (CKS)
    • Various offensive security certifications

    Community

    • Labs created by security researchers
    • Active community contributions
    • Regular updates with new scenarios
    • Shared writeups and solutions

    Use Cases

    Ideal for:

    • Security professionals learning cloud security
    • Penetration testers expanding to cloud
    • DevSecOps engineers
    • Certification candidates
    • Security researchers
    • Red/blue team members
    • Students studying cloud security