Challenge library

Browse by domain and difficulty

AWS and GCP challenges across identity, storage, networking, and containers. Each ships with an isolated sandbox, guided hints, and a verified solution path.

AWSGCPAzurecoming soon

Sample library

7 challenges to start with

A representative slice of the full library. Contact us for access to the complete catalog and custom challenge paths.

  • IAM Privilege Escalation
    Hard
    Chain IAM permissions to gain admin access in a locked-down account.
    AWS2-4 hr
  • S3 Bucket Misconfig
    Medium
    A bucket policy grants public read access. Find the flaw and restrict it.
    AWS45 min
  • RDS Public Snapshot
    Medium
    A database snapshot is shared outside the account. Trace the exposure path.
    AWS1 hr
  • Open Security Group
    Easy
    An EC2 instance is reachable from the internet. Close the ingress gap.
    AWS30 min
  • Lambda Execution Role
    Easy
    A Lambda function inherits excessive permissions. Scope the execution role.
    AWS30 min
  • GCS Bucket Misconfig
    Medium
    A Cloud Storage bucket allows public object listing. Find and fix the exposure.
    GCP45 min
  • Service Account Escalation
    Hard
    Chain IAM roles and service account permissions to reach project admin.
    GCP2-3 hr

Coverage

Four domains, production-relevant scenarios

How it works

From sandbox launch to verified solution

  1. 01

    Pick a challenge

    Browse by domain and difficulty. Each maps to a real cloud misconfiguration pattern.

  2. 02

    Launch your sandbox

    An isolated cloud environment spins up in minutes. No access to your production account.

  3. 03

    Investigate and exploit

    Use guided hints or go unguided. Practice the same skills you need during incidents.

  4. 04

    Verify and learn

    Submit your flag, review the solution path, and advance to harder tiers.

Ready to access the full library?

Contact us with your team size and training goals. We will send pricing and onboarding steps.

Contact us