Hacking Cloud Infrastructure

Cut through the mystery of cloud services on our 2 day course.

This 2-day course cuts through the mystery of Cloud Services (including AWS, Google Cloud Platform (GCP) and Azure) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.

Note: Students will have access to a state-of-the-art Hacklab with a wide variety of vulnerabilities to practice exploitation and will receive a FREE 1 month subscription after the class to allow more practice time along with the support portal to clear doubts.

Highlights of our Training:

  • Gaining Entry in cloud via exposed services
  • Attacking specific cloud services
  • Post Exploitation
  • Defending the Cloud Environment
  • Host base Defenses
  • Auditing and benchmarking of Cloud
  • Continuous Security Testing of Cloud

2021 Edition


2 day Course


Live, online available


Hack-Lab available


Basic

Course Overview

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This class covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

You will be able to:

  • Learn how to tackle cloud security issues for AWS, Azure and Google Cloud Platform in theory and in practice
  • Understand complex vulnerabilities within the Cloud environment and learn how to effectively secure them.
  • Enumerate cloud assets and gain entry into a cloud environment
  • Learn how to prepare for Auditing and audit the data plane and golden images, AMI and Docker images

What you can take away from the course:

Our own customized version of kali linux with inhouse developed scripts and tools to help with hacking auditing and securing Cloud.

Details of the course content:

INTRODUCTION TO CLOUD COMPUTING

  • Introduction to cloud and why cloud security matters
  • Comparison with conventional security models
  • Shared responsibility model
  • Legalities around Cloud Pentesting
  • Attacking Cloud Services

ENUMERATION OF CLOUD ENVIRONMENTS

  • DNS based enumeration
  • OSINT techniques for cloud-based asset

GAINING ENTRY VIA EXPOSED SERVICES

  • Serverless based attacks (AWS Lambda / Azure & Google functions)
  • Web application Attacks
    • SSRF Exploitation over AWS ElasticBeanStalk
    • Exploiting vulnerable applications over GCP and Azure

ATTACKING STORAGE SERVICES (AWS, AZURE, GCP)

  • Exploring files in storage
  • Exploring SAS URL's in Azure
  • Achieving privilege elevation via secrets in Storage
  • Remote code Execution via storage in PaaS, FaaS environment

ATTACKING AZURE AD ENVIRONMENT

  • Enumeration in Azure AD
  • Various Azure Services
  • Azure Service exploitation
  • Stealing secrets from Azure services

IAM MISCONFIGURATION ATTACKS

  • Exploiting Shadow admins in AWS and Azure
  • Attacking AWS Incognito misconfigurations

POST – EXPLOITATION

  • Persistence in Cloud
  • Post exploit enumeration
  • Snapshot access
  • Backdooring the account

EXPLOITING KUBERNETES CLUSTERS AND CONTAINERS AS A SERVICE

  • Understanding how container technology work
  • Exploiting docker environments and breaking out of containers
  • K8s exploitation and breakouts

AUDITING AND BENCHMARKING OF CLOUD

  • Preparing for the audit
  • Automated auditing via tools
  • Golden Image / Docker image audits
  • Auditing Kubernetes Environments using Opensource tools
  • Windows IaaS auditing
  • Linux IaaS Auditing
  • Relevant Benchmarks for cloud

Prerequisites

Who Should Take This Class?

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Pen Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

Prior pen testing experience is not a strict requirement, however, some knowledge of Cloud Services and common command line syntax will be greatly beneficial.

You will need:

Delegates must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.

How to book

This course is available directly from Claranet Cyber Security, please use the form alongside.

Courses and webinars

Hacking Cloud Infrastructure

Course Information

You can download a copy of the course information below.

In addition you will also be provided with a student pack, handouts and cheat-sheets if appropriate.

Download the course information

Your Training Roadmap

Offensive Classes

Hacking training for all levels: new to advanced. Ideal for those preparing for certifications such as CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST as well as infrastructure / web application penetration testers wishing to add to their existing skill set.

Defensive Classes

Giving you the skills needed to get ahead and secure your business by design. We specialise in application security (both secure coding and building security testing into your software development lifecycle) and cloud security. Build security capability into your teams enabling you to move fast and stay secure.

Testimonials

Very impressed with the lab environment. Course is packed with Information and exciting challenges. Excellent Content and in-depth presentation. Loved the practice timing and walk-through. The extended lab access is helpful to practice after the class."

Delegate, Black Hat USA

GREAT CLASS."

Delegate, Hacking and Securing Cloud - Public Course

I really appreciated being able to take my own time over the material in the lab."

Delegate, Hacking and Securing Cloud - Public Course

It was a full 2 days and quite fast! I'm really keen to know more now."

Delegate, Hacking and Securing Cloud - Public Course

It provided me with the latest Information Security research & development."

Delegate, Black Hat USA

The training was fantastic, I'm sure I'll do the related webinars as well when I have the chance."

Delegate, Hacking and Securing Cloud - Public Course