Article by Aloïs THÉVENOT.
Thunder CTF allows players to practice attacking vulnerable cloud projects on Google Cloud Platform (GCP). In each level, players are tasked with exploiting a cloud deployment to find a "secret" integer stored within it. Key to the CTF is a progressive set of hints that can be used by players when they are stuck so that levels can be solved by players of all levels from novices to experts.
The CTF is available at https://thunder-ctf.cloud/.
The GitHub repository for the Thunder CTF also includes:
Least Privilege CTF (slides) is an extension of Thunder CTF. Least Privilege levels have been desgined to help understand Google Cloud Platform's IAM roles and permissions.
Cloud Audit is a series of code labs that will walk you through a few basic and a few more advanced cloud security concepts from a defender point of view.