🔥 Advanced

Cloud Security Lab Setup

Build vulnerable cloud environments for practicing AWS, Azure, and GCP penetration testing. Learn cloud misconfigurations in a safe, controlled setting.

Cost Warning

Cloud labs incur real costs! Always set billing alerts and destroy resources when not in use. Use free tier where possible and monitor spending closely.

Vulnerable Cloud Labs

☁️

CloudGoat (AWS)

Rhino Security's "Vulnerable by Design" AWS deployment. Multiple attack scenarios.

  • ✓ IAM privilege escalation
  • ✓ EC2 SSRF to metadata
  • ✓ Lambda exploitation
  • ✓ S3 misconfiguration
GitHub →
🔷

AzureGoat

Vulnerable Azure environment with common misconfigurations.

  • ✓ Storage account exposure
  • ✓ App Service vulnerabilities
  • ✓ Managed Identity abuse
  • ✓ Key Vault misconfig
GitHub →
🔴

GCPGoat

Intentionally vulnerable Google Cloud Platform deployment.

  • ✓ Compute Engine misconfig
  • ✓ Cloud Storage exposure
  • ✓ IAM escalation
  • ✓ Metadata service abuse
GitHub →
🐳

Kubernetes Goat

Interactive Kubernetes security learning platform with 20+ scenarios.

  • ✓ Container escape
  • ✓ RBAC misconfig
  • ✓ Secret exposure
  • ✓ Network policies
GitHub →

CloudGoat Setup (AWS)

Prerequisites

bash 
# Install required tools
pip3 install awscli boto3
curl "https://releases.hashicorp.com/terraform/1.5.0/terraform_1.5.0_linux_amd64.zip" -o terraform.zip
unzip terraform.zip && sudo mv terraform /usr/local/bin/

# Configure AWS credentials
aws configure
# Enter: AWS Access Key, Secret Key, Region (us-east-1), Output (json)

Deploy CloudGoat

bash 
# Clone and setup
git clone https://github.com/RhinoSecurityLabs/cloudgoat.git
cd cloudgoat
pip3 install -r requirements.txt
chmod +x cloudgoat.py

# Configure
./cloudgoat.py config profile
./cloudgoat.py config whitelist --auto

# Deploy a scenario
./cloudgoat.py create iam_privesc_by_rollback

# List available scenarios
./cloudgoat.py list all

⚠️ Destroy When Done

bash 
# Always destroy resources to avoid charges!
./cloudgoat.py destroy iam_privesc_by_rollback

# Or destroy all scenarios
./cloudgoat.py destroy all

Local Kubernetes Lab

Free Local Option

Use Minikube or Kind to run Kubernetes locally at no cost. Perfect for learning container security without cloud expenses.

Kubernetes Goat with Minikube

bash 
# Install Minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube

# Start cluster
minikube start --driver=docker --memory=4096

# Install Kubernetes Goat
git clone https://github.com/madhuakula/kubernetes-goat.git
cd kubernetes-goat
chmod +x setup-kubernetes-goat.sh
./setup-kubernetes-goat.sh

# Access the dashboard
minikube service kubernetes-goat-home

Terraform Vulnerable Configs

Deploy specific vulnerable configurations for targeted practice:

S3 Public Bucket

hcl 
# main.tf - Vulnerable S3
resource "aws_s3_bucket" "vuln" {
  bucket = "vuln-bucket-${random_id.id.hex}"
}

resource "aws_s3_bucket_public_access_block" "vuln" {
  bucket = aws_s3_bucket.vuln.id
  block_public_acls       = false
  block_public_policy     = false
  ignore_public_acls      = false
  restrict_public_buckets = false
}

EC2 with IMDS v1

hcl 
# main.tf - SSRF-vulnerable EC2
resource "aws_instance" "vuln" {
  ami           = data.aws_ami.amazon_linux.id
  instance_type = "t3.micro"
  
  # Vulnerable: IMDSv1 enabled
  metadata_options {
    http_tokens = "optional"
  }
}

Cost Management Tips

💰 Set Billing Alerts

Configure alerts at $5, $10, $25 to catch runaway costs early.

⏰ Use Free Tier

AWS/Azure/GCP offer free tiers. Stay within limits.

🗑️ Destroy Resources

Always terraform destroy after practice sessions.

Related Topics

AWS Pentesting

AWS attack techniques

Azure Pentesting

Azure & Entra ID attacks

Kubernetes Security

Container orchestration security

Docker Security

Container security basics