Sadcloud- The NCC Group’s Vulnerable Cloud

The NCC Group created a cloud instance using Terraform modules to create a vulnerable Infrastructure as Code.

Effectively, sadcloud is a collection of Terraform configuration files. Broken down into modules by service, each service has a set of variables, mapped to ScoutSuite findings, that can be toggled to result in infrastructure that will fail the associated security audit check. Currently, sadcloud only supports AWS, however it would be possible to provide additional modules for other clouds, which will be a target of future development.

Sadcloud can be found on the NCC Group’s Github.