CloudRange
CLOUDRANGE · EST. 2026VOL. 01 / ISSUE 00

Now forming · Founding class

Cloud security,
practiced.

Most platforms teach theory. CloudRange trains you on real cloud attacks in isolated AWS accounts you can break without consequence. Then you switch sides and fix what you just exploited.

Secure your seat

One email per signup. No spam, no list rental. Unsubscribe in one click.

Founding class

000/ 500

500 seats remaining. Founding members receive a permanent badge, early access, and discounted lifetime pricing.

01 / The premise

The problem

Cloud breaches don't happen because someone forgot the OWASP top ten. They happen because an intern left a bucket public, an EC2 role was scoped too wide, or a Lambda trusted a header it shouldn't have.

You can't learn to catch that from a slide deck. You learn it by breaking it, getting caught, and breaking it again until the patterns become muscle memory.

CloudRange gives you a dedicated AWS account, a misconfiguration waiting to be exploited, and a clock. When you capture the flag, you swap to blue team and remediate it — in the same console, on the same infrastructure you just attacked.

02 / How the range works
01~60s · isolated

Spin up a real environment

A dedicated AWS child account is provisioned in under sixty seconds. Pre-baked misconfigurations. Hard budget cap. Automatic teardown when your session ends.

023 modes · your pace

Exploit like an attacker

Visual mode guides you through the AWS console. Guided mode pairs steps with a live terminal. Raw mode gives you a shell and gets out of your way. Choose your depth.

03red → blue · same infra

Remediate like a defender

Capture the flag, then switch sides. Verify your fix against automated blue-team checks. Earn XP, climb ranks, keep your streak, compare against the global first-blood feed.

03 / A scenario, previewed

Preview · Scenario 01

The Leaky Bucket.

A production-looking S3 bucket with Block Public Access quietly disabled. The flag is hidden in plain sight — if you know where to look.

Difficulty
Beginner
Service
Amazon S3
MITRE
T1530 · Cloud Storage Object
Flags
3 red · 3 blue
XP reward
+150
Est. time
20–30 min
cloudrange.io / session · 01:47:12 remainingLIVE
Terminal · attackerscoped · read-only
$ aws s3api list-buckets --query 'Buckets[*].Name'
[
  "corp-finance-reports-2024",
  "ctf-leaky-abc1",
  "prod-website-assets"
]

$ aws s3 ls s3://ctf-leaky-abc1/
2026-04-14 09:12:03    1,204  README.md
2026-04-14 09:12:03   88,201  financials-q3.pdf
2026-04-14 09:12:03       64  flag.txt

$ aws s3 cp s3://ctf-leaky-abc1/flag.txt -
CR{bl0ck_public_4ccess_matters}

$
CR{bl0ck_public_4ccess_matters}
04 / Who this is for
  • 01

    SOC analysts

    Level up from on-prem detection into CloudTrail, GuardDuty, IMDS abuse, and the attack paths actually seen in production breaches.

  • 02

    Red teamers

    A sanctioned range for AWS-native attack chains. No client permissions to argue over, no production to avoid, no paperwork.

  • 03

    DevOps & platform engineers

    Break your own Terraform. Learn why Block Public Access, IMDSv2, and least-privilege IAM exist by watching them fail in your own hands.

  • 04

    Students & career switchers

    Build a portfolio of practical scenarios you can point to. Earn verifiable credentials. Prepare for the practical half of every cloud security cert.

05 / Frequently asked

Answers

Things people ask before they sign up.

Q.01Is this legal? I don't want to get my AWS account banned.

Every scenario runs in a CloudRange-owned AWS child account, fully isolated from your infrastructure. You never connect to your own cloud. Abuse controls, budget caps, and egress restrictions are baked in at the Organization level.

Q.02Do I need to know AWS already?

No. Visual mode walks you through the console click-by-click, and every step shows the CLI equivalent so you're learning the commands as you go. Guided and raw modes are there for when you want less hand-holding.

Q.03What does the founding class get?

A permanent First Founder badge on your profile. Early access to scenarios before public release. Discounted lifetime pricing on launch. A direct line to us for what gets built next.

Q.04When does it launch?

Beta begins with a small cohort of hand-provisioned accounts before full automation ships. Waitlist members are invited first, in the order they signed up. Public launch is targeted for later this year.

Q.05Is this just for AWS?

Starting there because that's where most production workloads — and most breaches — actually live. Azure, GCP, and Kubernetes scenarios are on the roadmap once the AWS experience is sharp.

06 / Join the founding class

Founding access

Five hundred seats.
No second chances.

The First Founder badge only exists once. When the seats are gone, they're gone — there is no retroactive grant, no second cohort, no way back in.

0 / 500 claimed