// LAB CATALOG
ALL LABS
34 active hands-on labs from the database, with catalog pricing pulled from each lab record.
Hacking Azure
Azure hacking labs are specialized environments designed to simulate attacks on Microsoft’s cloud infrastructure. Unlike traditional labs, these focus on cloud-specific vulnerabilities such as Entra ID (formerly Azure AD) misconfigurations, insecure storage blobs, and overly permissive IAM roles
Testing Lab
For test purposes
AWS IAM Foundations and Least Privilege
Build a secure IAM baseline with users, groups, roles, permission boundaries, MFA, and policy simulation. Students practice least-privilege design and review common identity risks.
AWS VPC Security, Routing, and Network Controls
Design a secure VPC using public and private subnets, security groups, NACLs, route tables, VPC endpoints, and flow logs. Includes validation of inbound and outbound traffic paths.
AWS Data Protection with S3, KMS, and CloudTrail
Protect data with S3 block public access, bucket policies, KMS keys, object encryption, access logging, and CloudTrail monitoring. Students identify and fix exposed storage configurations.
AWS GuardDuty Threat Detection and Response
Enable GuardDuty, generate realistic findings, investigate suspicious activity, and document containment actions. Students connect detection events to practical incident response steps.
Azure RBAC, Management Groups, and Policy
Configure Azure role assignments, custom roles, management groups, and Azure Policy. Students enforce governance controls and verify compliance across subscriptions.
Azure Network Security and Microsoft Defender for Cloud
Secure virtual networks with NSGs, private endpoints, Azure Firewall concepts, and Defender for Cloud recommendations. Students remediate prioritized cloud security findings.
Azure Key Vault and Secrets Operations
Create vaults, store secrets, configure access policies and RBAC, rotate keys, and audit secret usage. Students learn secure application secret handling in Azure.
Microsoft Sentinel Detection Engineering
Connect log sources, write KQL detections, investigate incidents, and build an analyst dashboard in Microsoft Sentinel. Includes alert triage and response notes.
Google Cloud IAM and Organization Policy
Configure IAM roles, service accounts, conditional access, and organization policies. Students reduce over-permissioned identities and validate secure access patterns.
Google Cloud VPC, Firewall Rules, and Private Access
Build secure VPC networks with subnets, firewall rules, routes, Private Google Access, and VPC Flow Logs. Students test traffic restrictions and monitoring.
Google Cloud Armor and Web App Protection
Protect web workloads with Cloud Armor policies, WAF rules, IP restrictions, and rate limiting. Students validate controls against common web attack patterns.
Security Command Center Investigation
Use Security Command Center to identify misconfigurations, prioritize findings, and document remediation. Students handle a guided cloud incident investigation.
Kubernetes RBAC and Network Policy
Secure a Kubernetes cluster with namespaces, service accounts, RBAC roles, and network policies. Students restrict workload privileges and pod-to-pod traffic.
Container Image Security and Registry Controls
Scan container images, fix vulnerable packages, enforce registry controls, and sign images. Students build a secure image promotion workflow.
Kubernetes Secrets, Admission Control, and Policy
Protect Kubernetes secrets, apply admission policies, and prevent risky deployments. Students enforce baseline controls with policy-as-code concepts.
Kubernetes Runtime Threat Detection
Detect suspicious container behavior using runtime security signals. Students investigate privilege escalation, shell activity, and unexpected network connections.
SOC Analyst Log Triage Fundamentals
Analyze authentication, endpoint, DNS, and web logs to separate normal activity from suspicious behavior. Students practice alert notes and escalation criteria.
Phishing Investigation and Email Security
Investigate a phishing case using email headers, URLs, attachments, and user reports. Students classify the threat and recommend containment actions.
SIEM Detection Rules and Alert Tuning
Write detection rules, tune false positives, map alerts to MITRE ATT&CK, and build a simple dashboard. Students learn practical SOC engineering habits.
Incident Handling Tabletop and Evidence Collection
Walk through a practical incident workflow: scope, contain, preserve evidence, communicate status, and close with lessons learned.
Ethical Hacking Reconnaissance and Scanning
Perform authorized OSINT, host discovery, port scanning, service enumeration, and vulnerability prioritization against a controlled target range.
Web App Testing with OWASP Top 10
Test a vulnerable web application for SQL injection, XSS, IDOR, broken authentication, and insecure configuration. Includes remediation guidance.
Linux and Windows Privilege Escalation
Escalate from limited access to administrative control in safe lab systems. Students analyze misconfigurations, weak permissions, and exposed credentials.
Penetration Test Reporting and Remediation
Convert technical findings into a professional report with severity, evidence, impact, and remediation. Students write executive and technical summaries.
Zero Trust Identity and Conditional Access
Implement zero trust identity controls with MFA, conditional access concepts, device trust, and privileged access review.
Zero Trust Network Segmentation
Design segmentation controls for users, workloads, and management planes. Students map trust boundaries and validate access decisions.
Zero Trust Monitoring and Continuous Verification
Build monitoring signals for identity, endpoint, network, and cloud activity. Students connect policy decisions to detection and response workflows.
Zero Trust Roadmap and Maturity Assessment
Assess current controls, define target maturity, and create an implementation roadmap. Students prepare a business-ready zero trust plan.
Next-Generation Firewall Policy Basics
Create zones, interfaces, NAT, address objects, and security policies on a virtual firewall. Students test safe allow and deny rules.
Site-to-Site VPN and Remote Access Controls
Configure secure VPN connectivity, authentication settings, tunnel policies, and logging. Students verify encrypted connectivity and troubleshoot failures.
IPS, URL Filtering, and Threat Prevention
Enable threat profiles, URL filtering, IPS signatures, and logging on a virtual firewall. Students test controls against simulated malicious traffic.
Firewall Operations, Logging, and Change Review
Review policy changes, analyze firewall logs, troubleshoot blocked traffic, and document operational controls for production firewall environments.