Hacking and Securing Cloud Infrastructure

Course contents

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

Day 1

• Introduction to Cloud Computing
  • Introduction to cloud and why cloud security matters
  • Comparison with conventional security models
  • Shared responsibility model
  • Legalities around Cloud Pentesting
  • Attacking Cloud Services
• Enumeration of Cloud environments
  • DNS based enumeration
  • OSINT techniques for cloud based asset
  • Serverless based attacks (AWS Lambda / Azure & Google functions )
  • Web application AttacksGaining Entry via exposed services
• Attacking specific cloud services
  • Storage Attacks
  • Azure AD Attacks
  • Containers and Kubernetes Clusters
  • IAM Misconfiguration Attacks
  • Roles and permissions based attacks
  • Attacking Incognito misconfigurations

Day 2

• Post – Exploitation
  • Persistence in Cloud
  • Post exploit enumeration
  • Snapshot access
  • Backdooring the account
• Auditing and Benchmarking of Cloud
  • Preparing for the audit
  • Automated auditing via tools
  • Golden Image / Docker image audits
  • Relevant Benchmarks for cloud

Day 3 – Defending the Cloud Environment

• Identification of cloud assets
  • Inventory Extraction for AWS , Azure and GCP
  • Continuous inventory management
• Protection of Cloud Assets
  • Principle of least privilege
  • Control Plane and Data Plane Protection
  • Financial Protections
  • Cloud specific Protections
  • Windows IaaS auditing
  • Linux IaaS Auditing
  • Metadata API Protection
• Detection of Security issues
  • Setting up Monitoring and logging of the environment
  • Identifying attack patterns from logs
  • Monitoring in multi-cloud environment
• Response to Attacks
  • Automated Defense techniques
  • Cloud Defense Utilities
  • Validation of Setup

Key Takeaways

Students will gain knowledge of attacking, exploiting and defending a variety of Cloud infrastructure. First, they will play the part of the hacker, compromising serverless apps, cloud machines, storage and database services, dormant assets and resources. Students will learn privilege escalation and pivoting techniques specific to cloud environments. This is followed by Infrastructure Defense, secure configuration, auditing, logging, benchmarks.

Students will learn preventive measures against cloud attacks, host-based defense and a number of cloud tools that can help in securing their services and resources. Apply the learning to:

Apply the learning to:

• Identify weaknesses in cloud deployment
• Fix the weaknesses in your cloud deployment
• Monitor your cloud environment for attacks