Hacking and Securing Cloud Infrastructure

Course Description

This 3-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical.

This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial. Highlights of our Training:

  • Attacking Cloud Services
  • Gaining Entry via exposed services
  • Attacking specific cloud services
  • Post – Exploitation
  • Defending the Cloud Environment
  • Host base Defenses
  • Auditing and benchmarking of Cloud
  • Continuous Security Testing of Cloud

Course contents

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment,
understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

Day 1

  • Introduction to Cloud Computing
    • What is cloud
    • Why cloud security matters
    • Types of clouds and cloud services
    • Shared responsibility model
  • General (Web Hacking) Knowledge
    • A “leveller”, tailored to the room, ensuring everybody understands conventional web hacking techniques, to make the course accessible to all
  • Attacking Cloud Services
    • What changes from conventional security models
    • Legalities around Cloud Pentesting
    • Introducing the Metadata API
    • Understand the attack surface in each type of cloud
    • Enumerating for cloud assets
  • Gaining Entry via exposed services
    • Function based attacks
    • Web application Attacks
    • Exposed Service ports

Day 2

  • Attacking specific cloud services
    • Storage Enumeration and Attacks
    • Identity Services
      • AWS Cognito
      • Azure Active Directory
    • Containers and Kubernetes Clusters
    • Financial Attacks
    • Identity and Access Management
    • Dormant assets
  • Google Dorking for resources and sensitive info
  • Post Exploitation
    • Post access enumeration
    • Snapshot stealing
    • Backdooring the account
    • Maintain access after the initial attack

Day 3

  • Defending the Cloud Environment
    • Metadata API Protection
    • Monitoring and logging of the environment
    • Catching attacks
  • Host base Defenses
    • Windows server auditing
    • Linux Server Auditing
  • Auditing and benchmarking of Cloud
    • Prepare for the audit
    • Automated auditing via tools
    • Golden Image / Docker image audits
    • Relevant Benchmarks for cloud
  • Continuous Security Testing of Cloud
    • Continuous inventory updating by extracting a list of Assets
    • Automated scans to pick changes in environment and setup
  • CTF

Key Takeaways

Students will gain knowledge of attacking, exploiting and defending a variety of Cloud infrastructure. First, they will play the part of the hacker, compromising serverless apps, cloud machines, storage and database services, dormant assets and resources. Students will learn privilege escalation and pivoting techniques specific to cloud environments. This is followed by Infrastructure Defense, secure configuration, auditing, logging, benchmarks. Students will learn preventive measures against cloud attacks, host-based defense and a number of cloud tools that can help in securing their services and resources.

Apply the learning to:

  • Identify weaknesses in cloud deployment
  • Fix the weaknesses in your cloud deployment
  • Monitor your cloud environment for attacks

Target audience

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to the next level. Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common command line syntax will be greatly beneficial.

Requirements

Students must bring their own laptops and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre-installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.

Trainer Biography

Scott Isaac began his journey into cyber security in the defence sector focussing on radio operations. His knowledge of radio propagation, modulation schemes, encoding and encryption methods enabled him to intercept and derive meaningful intelligence from enemy communications. Scott was later head hunted to mentor intelligence analysts operating out of Joint Signals Service Unit who were building a new internet operations capability. During this time Scott worked closely with multinational intelligence agencies and was awarded a commendation by the commanding officer of JSSU.

His first civilian role was to continue to deliver training in cyber security which he did for two years as the head of product delivery for QA Ltd – creating simulated training  environments to facilitate malware analysis, infrastructure attack, SOC operations and wifi audit. He now develops and delivers training with NotSoSecure and has taught at BlackHat conferences.

Social media