CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool. It allows you to hone your cloud cybersecurity skills by creating and completing several “capture-the-flag” style scenarios. Each scenario is composed of AWS resources arranged together to create a structured learning experience. Some scenarios are easy, some are hard, and many offer multiple paths to victory. As the attacker, it is your mission to explore the environment, identify vulnerabilities, and exploit your way to the scenario’s goal(s).
Below are our main goals for CloudGoat:
- Focused, Curated, High-Quality Learning Experiences – Each of CloudGoat’s scenarios should provide the opportunity for experimentation, exploration, and building hands-on cloud security skills.
- Good Documentation – We’ve done our best to ensure that CloudGoat’s scenarios are well-documented and easy to understand and evaluate in terms of difficulty, content, structure, and skills-required.
- Easy to Install and Use – We understand that CloudGoat is a means to an end – learning and practicing cloud security penetration testing. Therefore, we aim to keep things simple, straightforward, and reliable.
- Modularity – Each scenario is a standalone learning environment with a clear goal (or set of goals), and CloudGoat is able to start up, reset, or shut down each scenario independently.
- Expandability – CloudGoat’s core components (python app and scenarios) are designed to permit easy and independent expansion – by us or the community.
Before you proceed, please take note of these warnings!
Warning #1: CloudGoat creates intentionally vulnerable AWS resources into your account. DO NOT deploy CloudGoat in a production environment or alongside any sensitive AWS resources.
Warning #2: CloudGoat can only manage resources it creates. If you create any resources yourself in the course of a scenario, you should remove them manually before running the destroy command.
Copyright (c) 2018, Rhino Security Labs
The post cloudgoat: Vulnerable by Design AWS deployment tool appeared first on Penetration Testing.