General

Azure references CARTP heavily

AWS references SEC 588 heavily

GCP Does not yet exist

Is general external cloud enumeration and tools

Is for Docker, Kubernetes, etc., as they are encountered in the cloud

Learning Environments:

• Purple Cloud: https://github.com/iknowjason/PurpleCloud

• CloudGoat: https://github.com/RhinoSecurityLabs/cloudgoat

• Bad Pods: https://bishopfox.com/blog/kubernetes-pod-privilege-escalation

• TerraGoat: https://github.com/bridgecrewio/terragoat

• CI/CD Goat: https://github.com/cider-security-research/cicd-goat

• kCTF: https://google.github.io/kctf/

Last updated 18 days ago