Thunder CTF: Learning Cloud Security on a Dime

Wu-chang Feng
Date and time: 
Thu, Oct 22 2020 - 12:15pm
Wu-chang Feng
Portland State University
  • Jun Li

Organizations have rapidly shifted infrastructure and applications over to public cloud computing services such as AWS, Google Cloud Platform, and Azure. Unfortunately, such services have security models that are substantially different and more complex than traditional enterprise security models. As a result, misconfiguration errors in cloud deployments have led to dozens of well-publicized breaches. This talk describes Thunder CTF, a scaffolded, scenario-based CTF for helping students learn about and practice cloud security skills. Thunder CTF is easily deployed at minimal cost and is highly extensible to allow for crowd-sourced development of new levels as security issues evolve in the cloud.

Note that the talk will be followed by a walkthrough demo of one of the levels. Participants are encouraged to sign up for a Google Cloud Platform account and setup the CTF following the instructions at if they'd like to play along.


Wu-chang Feng is a professor in the Department of Computer Science at Portland State University where he works on topics in cloud computing and security.  His current projects include developing CTFs and codelabs to teach advanced topics in security as well as performing outreach to high-schools via camps and internships through CyberPDX and Saturday Academy.