← All hands-on labs
AWS Security LabsBeginner
KMS & data-protection controls
Implement envelope encryption and map controls to GDPR / DPDP outcomes.
KMSRDS
What you'll do
- Work in a real, isolated AWS environment — nothing to install or set up
- Find and exploit the weakness the way an attacker would
- Apply the fix and verify it like a defender
- Map what you did back to real-world controls and frameworks
More AWS Security Labs
S3 misconfiguration & data exposure
Find and fix public buckets, weak ACLs, and missing encryption in a realistic account.
IAM privilege-escalation paths
Trace and break real IAM escalation chains, then apply least-privilege.
GuardDuty + Security Hub triage
Triage live findings, correlate alerts, and wire automated remediation.
CloudTrail forensics
Reconstruct an exfiltration attempt with Athena across CloudTrail logs.
Ready to launch this lab?
Spin it up in your browser — no setup. Your first lab is free.