From a6c694d1712f7a7da6c90afe717b375f67c957d7 Mon Sep 17 00:00:00 2001
From: Ryan Gerstenkorn <ryan.gerstenkorn@rhinosecuritylabs.com>
Date: Mon, 19 Apr 2021 19:32:58 -0700
Subject: [PATCH] cloudgoat and terragoat

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index db83eee..7642b5e 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,9 @@ NOTE: This isn't an endorsement of any of these projects. I'm mostly using this
     * [cloudtracker](https://github.com/duo-labs/cloudtracker) -- Finds over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
     * [iamlive](https://github.com/iann0036/iamlive) -- Generate a basic IAM policy from AWS client-side monitoring (CSM)
     * [aws-leastprivilege](https://github.com/iann0036/aws-leastprivilege) -- Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
+  * Vulnerable by design
+    * [https://github.com/RhinoSecurityLabs/cloudgoat](cloudgoat) -- CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
+    * [https://github.com/bridgecrewio/terragoat](terragoat) -- TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository.
 
 * Kubernetes
   * [cheatsheet](https://kubernetes.io/docs/reference/kubectl/cheatsheet/)