> could be also sold as a cloud-based research platform for vuln developers
You'd have a tough time getting any public Cloud provider to allow you to run known vulnerable software, on purpose, on their network and then exposing it to the Internet.
If you kept it under a decent amount of network security and heavily restricted access it might work.
I would suspect you'd need permission to set this up, though.
True. I think the biggest buyer of this would be gov institutions that are constantly looking for building their offensive capabilities (mainly around exploit dev) but find it hard to get new recruits trained up. The alternatives are mostly instructor-led training which is good but combined with this type of platform + remote assistance via chat etc could scale things up.
I'm just in the beginning phases of learning pen testing. I want to move from DevOps to DevSecOps to PT.
I'm keen to see what labs exist out there already and how I can build my own complex labs (consisting of complete virtual networks) that I can hack against. A real wargame.
You'd have a tough time getting any public Cloud provider to allow you to run known vulnerable software, on purpose, on their network and then exposing it to the Internet.
If you kept it under a decent amount of network security and heavily restricted access it might work.
I would suspect you'd need permission to set this up, though.