a few hours in the cloud, cloud games and cloud assessment tools i discovered along the way

The cloud has evolved into a vast playground for cybersecurity professionals, offering a mix of hands-on labs, gamified challenges, and robust assessment tools.

Photo by Arteum.ro on Unsplash

By Eva Georgieva

Anyone that knows me, would tell you that I am quite a fan of the cloud. Especially doing security assessments or cloud penetration tests there. As one would imagine, its quite a different playing field and it differs quite a lot from vendor to vendor. For example, doing a security assessment on AWS is very different than doing one on Azure Cloud.

Recently, I spent a few hours exploring AWS, Azure, and GCP from an educational angle, uncovering some valuable resources that not only sharpen skills but also provide a real-world feel for cloud security operations. Here’s what I found.

Hors d’œuvre

In our hashtalk today:

• AWS challenges and security labs to consider
• Learning resources to better navigate the Azure Cloud
• GCP labs and challenges

AWS: hands-on challenges and security focused labs

1. AWS Cloud Quest — Amazon’s gamified approach to learning cloud concepts. It provides an interactive city-building experience where users complete cloud-related tasks to progress. While aimed at beginners, it’s a fun way to grasp AWS fundamentals.
2. AWS Jam & AWS Capture the Flag (CTF) — AWS Jam offers scenario-based challenges covering security, networking, and troubleshooting. AWS CTF events are a fantastic way to test offensive and defensive security skills in a controlled cloud environment.
3. AWS Flaws — While AWS provides strong security controls, misconfigurations and flawed implementations are frequent issues. Overly permissive IAM policies, public S3 buckets, and improper security group configurations remain common pitfalls. However flaws.cloud is an excellent hands-on game designed to teach AWS security fundamentals by exploiting common misconfigurations in a safe, controlled environment.

Azure Learning Resources

1. Azure Security Labs — Designed for ethical hackers and red teamers, these labs allow users to test security skills on isolated Azure instances. Microsoft actively encourages responsible vulnerability disclosure here.
2. Azure Security Resource — This is a great resource with labs and tools used for assessment of an Azure environment.
3. Microsoft Learn — Several trainings and courses available where you can also utilize AI to generate a personalized learning plan.

GCP CTF and Labs

1. Google Cloud CTF — Google runs an annual CTF competition, but past challenges remain available for anyone who wants to practice cloud security in a gamified setting.
2. Qwiklabs (Google Cloud Skills Boost) — A cloud-based learning platform with interactive labs covering a range of topics, from security essentials to advanced cloud engineering tasks.

Let’s keep in touch

I’d always be willing to discuss more, exchange ideas and continue the hash talk.

• Reach me at: evaincybersec@gmail.com