Hacking Cloud Infrastructure

This 2-day course cuts through the mystery of Cloud Services (including AWS, Google Cloud Platform (GCP) and Azure) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.

Retail Price: $1,750.00

Next Date: Request Date

Course Days: 2


Request a Date

Request Custom Course


You will be able to:

  • Learn how to tackle cloud security issues for AWS, Azure and Google Cloud Platform in theory and in practice
  • Understand complex vulnerabilities within the Cloud environment and learn how to effectively secure them.
  • Enumerate cloud assets and gain entry into a cloud environment
  • Learn how to prepare for Auditing and audit the data plane and golden images, AMI and Docker images

Who Should Take This Class?

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Pen Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

Prior pen testing experience is not a strict requirement, however, some knowledge of Cloud Services and common command line syntax will be greatly beneficial.


Details of the course content:

INTRODUCTION TO CLOUD COMPUTING

  • Introduction to cloud and why cloud security matters
  • Comparison with conventional security models
  • Shared responsibility model
  • Legalities around Cloud Pentesting
  • Attacking Cloud Services

ENUMERATION OF CLOUD ENVIRONMENTS

  • DNS based enumeration
  • OSINT techniques for cloud-based asset

GAINING ENTRY VIA EXPOSED SERVICES

  • Serverless based attacks (AWS Lambda / Azure & Google functions)
  • Web application Attacks
    • SSRF Exploitation over AWS ElasticBeanStalk
    • Exploiting vulnerable applications over GCP and Azure

ATTACKING STORAGE SERVICES (AWS, AZURE, GCP)

  • Exploring files in storage
  • Exploring SAS URL's in Azure
  • Achieving privilege elevation via secrets in Storage
  • Remote code Execution via storage in PaaS, FaaS environment

ATTACKING AZURE AD ENVIRONMENT

  • Enumeration in Azure AD
  • Various Azure Services
  • Azure Service exploitation
  • Stealing secrets from Azure services

IAM MISCONFIGURATION ATTACKS

  • Exploiting Shadow admins in AWS and Azure
  • Attacking AWS Incognito misconfigurations

POST – EXPLOITATION

  • Persistence in Cloud
  • Post exploit enumeration
  • Snapshot access
  • Backdooring the account

EXPLOITING KUBERNETES CLUSTERS AND CONTAINERS AS A SERVICE

  • Understanding how container technology work
  • Exploiting docker environments and breaking out of containers
  • K8s exploitation and breakouts

AUDITING AND BENCHMARKING OF CLOUD

  • Preparing for the audit
  • Automated auditing via tools
  • Golden Image / Docker image audits
  • Auditing Kubernetes Environments using Opensource tools
  • Windows IaaS auditing
  • Linux IaaS Auditing
  • Relevant Benchmarks for cloud


Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date