Hacking and Securing Cloud Infrastructure

2 Days

Brand new for 2019, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.


Class Details

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Prior pentest / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.

Introduction to Cloud Computing

What is cloud and Why it matters

Types of clouds and cloud services

What changes from conventional security models

Shared responsibility model (pizza as a service v2.0)

Attacking Cloud Services

Conventional vs cloud infra assessment

Legalities around Cloud Pentesting

How to approach pentesting cloud services

Understanding Metadata API

Understand the attack surface in each type of cloud

Enumerating for cloud assets

Gaining Entry in Cloud Environment

Lambda attacks

Web application Attacks

Exposed Service ports

Attacking Specific Cloud Services

Storage Attacks

Azure AD Attacks

Financial Attacks

IAM Attacks : Shadow admins

Dormant assets

Google Dorking in Cloud Era

Post - Exploitation

Maintain access after the initial attack

Post access asset enumeration

Extracting secrets from Snapshot access

Defending the Cloud Environment

Setting up Monitoring and logging of the environment

Catching attacks using monitoring and logging

Metadata API Protection

Host base Defences for IaaS

Windows server auditing

Linux Server Auditing

Auditing and benchmarking of Cloud

Prepare the environment for the audit

Automated auditing using open source tools

Golden Image / Docker image audits

Relevant Benchmarks for cloud

Continuous inventory monitoring

Continuous monitoring to Detect changes in cloud environment


Who Should Take This Class?

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common command line syntax will be greatly beneficial.

Student Requirements

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.


What Students Will Be Provided With


Our own customized version of kali linux with inhouse developed scripts and tools to help with hacking auditing and securing Cloud.

Upcoming Classes

22-24, April 2020

Ghent, Belgium

More information

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

Download the NotSoSecure Hacking Classes Brochure

Beginner Friendly

Hacking 101

The Art of Hacking

The Art of Hacking


Infrastructure Hacking


Web Hacking

Specialist Offensive Classes

2020 Edition

Advanced Infrastructure Hacking

2020 Edition

Advanced Web Hacking


Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2019 Edition

AppSec for Developers





Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.