CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool.

CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool. It allows you to hone your cloud cybersecurity skills by creating and completing several “capture-the-flag” style scenarios. Each scenario is composed of AWS resources arranged together to create a structured learning experience. Some scenarios are easy, some are hard, and many offer multiple paths to victory. As the attacker, it is your mission to explore the environment, identify vulnerabilities, and exploit your way to the scenario’s goal(s).

Below are our main goals for CloudGoat:

  • Focused, Curated, High-Quality Learning Experiences – Each of CloudGoat’s scenarios should provide the opportunity for experimentation, exploration, and building hands-on cloud security skills.
  • Good Documentation – We’ve done our best to ensure that CloudGoat’s scenarios are well-documented and easy to understand and evaluate in terms of difficulty, content, structure, and skills-required.
  • Easy to Install and Use – We understand that CloudGoat is a means to an end – learning and practicing cloud security penetration testing. Therefore, we aim to keep things simple, straightforward, and reliable.
  • Modularity – Each scenario is a standalone learning environment with a clear goal (or set of goals), and CloudGoat is able to start up, reset, or shut down each scenario independently.
  • Expandability – CloudGoat’s core components (python app and scenarios) are designed to permit easy and independent expansion – by us or the community.