Brand new for 2019, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.
Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.
Prior pentest / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.
What is cloud and Why it matters
Types of clouds and cloud services
What changes from conventional security models
Shared responsibility model (pizza as a service v2.0)
Conventional vs cloud infra assessment
Legalities around Cloud Pentesting
How to approach pentesting cloud services
Understanding Metadata API
Understand the attack surface in each type of cloud
Enumerating for cloud assets
Web application Attacks
Exposed Service ports
Azure AD Attacks
IAM Attacks : Shadow admins
Google Dorking in Cloud Era
Maintain access after the initial attack
Post access asset enumeration
Extracting secrets from Snapshot access
Setting up Monitoring and logging of the environment
Catching attacks using monitoring and logging
Metadata API Protection
Windows server auditing
Linux Server Auditing
Prepare the environment for the audit
Automated auditing using open source tools
Golden Image / Docker image audits
Relevant Benchmarks for cloud
Continuous inventory monitoring
Continuous monitoring to Detect changes in cloud environment
Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common command line syntax will be greatly beneficial.
Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.
Our own customized version of kali linux with inhouse developed scripts and tools to help with hacking auditing and securing Cloud.
Lab-Based Training - Written by BlackHat Trainers - Available Globally
NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.
Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.