AWS Security Labs
Practise cloud security in real, isolated AWS accounts.
Every lab spins up its own throwaway AWS account, hands you the real console, and wipes it when you're done. No setup, no bill, no risk to anything real.
2 live · 4 more on the way · first beginner lab is free.
S3 misconfiguration & data exposure
Find and fix public buckets, missing encryption, and over-broad IAM in a realistic mini-account, then verify your fixes.
IAM privilege escalation
Leaked CI credentials can quietly escalate to full admin. Discover the path, prove it by capturing a flag, then close the hole.
KMS & data protection
Encrypt the right things the right way: KMS key policies, grants, and enforcing encryption across services.
GuardDuty & Security Hub triage
Work a stream of findings: separate signal from noise, triage by severity, and decide what to action.
CloudTrail forensics
Reconstruct an attacker's actions from CloudTrail: trace the access path, find what was touched, and scope the blast radius.
VPC network exposure
Hunt down over-permissive security groups and network paths that expose workloads, and lock them down.