Hacking and Securing Cloud Infrastructure

Course Description

Brand new for 2019, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.

You will be able to :

Students will gain knowledge of attacking, exploiting and defending a variety of Cloud infrastructure. First, they will play the part of the hacker, compromising serverless apps, cloud machines, storage and database services, dormant assets and resources. Students will learn privilege escalation and pivoting techniques specific to cloud environments. This is followed by Infrastructure Defense, secure configuration, auditing, logging, benchmarks. Students will learn preventive measures against cloud attacks, host-based defense and a number of cloud tools that can help in securing their services and resources.

Apply the learning to :

  • Identify weaknesses in cloud deployment
  • Fix the weaknesses in your cloud deployment
  • Monitor your cloud environment for attacks
  • What you will receive

Course contents

Day 1

  • Introduction to Cloud Computing
    • What is cloud
    • Why cloud security matters
    • Types of clouds and cloud services
    • What changes from conventional security models
    • Shared responsibility model
    • Legalities around Cloud Pentesting
  • Attacking Cloud Services
    • How to approach pentesting cloud services
    • Understand the attack surface in each type of cloud
    • Enumerating for cloud assets
    • Roles and permissions based attacks
  • Gaining Entry via exposed services
    • Lambda based attacks
    • Web application Attacks
    • Exposed Service ports
  • Attacking specific cloud services
    • Storage Attacks
    • AD Attacks
    • DB and other services
    • FinOps attacks
    • IAM Misconfiguration Attacks
    • Dormant assets
  • Post – Exploitation
    • Maintain access after the initial attack
    • Post access enumeration
    • Snapshot access

Day 2

  • Defending the Cloud Environment
    • Setting up Monitoring and logging of the environment
    • Catching various attacks (reference to previous attacks and how those can be caught)
    • Metadata API Protection
  • Host base Defenses
    • Windows server auditing
    • Linux Server Auditing
  • Auditing and benchmarking of Cloud
    • Prepare for the audit
    • Automated auditing via tools
    • Golden Image / Docker image audits
    • Relevant Benchmarks for cloud
  • Continuous Security Testing of Cloud
    • Continuous inventory updating by extracting list of Assets from the Cloud Environment
    • Automated scans to pick changes in environment and setup


Students will need to bring their own laptop with administrative privileges and software required to run a Virtual Machine, such as VirtualBox. Some challenges might require creation of trial accounts with cloud service providers such as Azure , AWS, GCP.

Trainer Biography

Anthony Webb works as a Principal Consultant with NotSoSecure, specialising in Cloud Security, Infrastructure Security, penetration testing and red teaming. He has been a committed tech geek ever since first learning to code on a BBC Micro at around 6 years old and has worked in IT security specifically for the past 5 years. Anthony currently holds industry recognised accreditations including CREST CRT, OSCP, QSTM as well as a number of Amazon Web Services certifications including AWS Certified Security – Specialty, Solutions Architect and Developer Associate. He is also a trainer for NotSoSecure’s Advanced Infrastructure Hacking (AIH) course, and has delivered training at conferences such as Black Hat, CPX360, BruCON, as well as many smaller classroom groups and live web-based training delivery. 

Training Company

We are a specialist IT security firm delivering high-end IT security consultancy and Training @notsosecure. Our training presence has been really strong and we have delivered trainings at various conferences, including:

  • BlackHat 2015 till present (All Venues)
  • IP Expo 2019
  • BruCon Spring Training 2019
  • Owasp Appsec 2019