Hacking and Securing Cloud Infrastructure

Provided by

Enquire about this course

Overview

With the rapid adoption of cloud infrastructure and the prevalence of hybrid cloud environments among organisations, the need to address cloud misconfigurations has become paramount. This course offers a holistic approach to understanding and mitigating misconfigurations in AWS, Azure, and GCP. From building and migrating to managing and innovating in the cloud, organisations face increasing pressure to secure their cloud infrastructure effectively. To achieve this, a deep understanding of cloud attack architecture and hands-on experience with relevant tools and techniques are essential.

Updated for 2024, this comprehensive 4-day course immerses participants in the attacker's mindset, providing the opportunity to deploy over 25 novel attacks through state-of-the-art labs. The training is delivered by seasoned penetration testers with extensive experience in cloud hacking, gained through real-world engagements.

By the end of the course, participants will be well-equipped to confidently identify vulnerabilities within cloud deployments. Additionally, the training covers cloud detection and response strategies, empowering participants to proactively address weaknesses and monitor their cloud environment for potential attacks. This course is a crucial step toward enhancing cloud security in an ever-evolving threat landscape.

Approximate Labs: 38

Demo: 10

Prerequisites

Delegates must have the following to make the most of the course:
  • Basic to intermediate knowledge of cybersecurity (1.5+ years; experience)
  • Experience with common command line syntax
Who it;s for:
  • Cloud administrators and architects
  • Penetration testers and red teamers
  • Blue teams, CSIRT / SOC analysts, and responders
  • Cloud developers & engineers
  • Security & IT managers and team leads
This course is suitable for anyone with a stake or interest in cloud security, from technical practitioners to decision makers. The syllabus has been designed to cover the latest vulnerabilities and advances in hacking, as well as the skills to penetration test cloud systems and environments and remediate vulnerabilities.

Learning Outcomes

This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is over. By the end, you;ll know how to:
  • Think and behave like an advanced, real world threat actor
  • Identify and exploit complex vulnerabilities and security misconfigurations in AWS, Microsoft Azure, and Google Cloud Platform (GCP)
  • Design your penetration tests around real-world attacker behaviours and tooling, making it relevant to the threats facing your organisation
  • Identify the attack surface exposure created by cloud-based services such as virtual machines (VMs), buckets, container as a service (CaaS) platforms, and serverless functions
  • Support cloud defense strategies that include patching, asset inventory management, and other security controls
Top 3 takeaways
  • Exploitation techniques to gain cloud entry via exposed services
  • Post-exploitation techniques to enumerate systems and achieve exfiltration
  • Methods for defending different cloud environments
What you;ll be doing

You;ll be learning hands on:
  • Spending most of the session (~60%) on lab-based exercises
  • Using lab-based flows to explore and hack lifelike cloud environments
  • Exploiting, defending, and auditing different cloud environments
  • Competing In a Capture the Flag (CTF) challenge to test your new skills
  • Discussing case studies with your course leader to understand the real-world impact of the hacks covered
Why it;s relevant

The cybersecurity skills shortage is felt perhaps nowhere as deeply as in the cloud. With new rulebooks and standards, practitioners often find themselves playing catch up with the latest developments in technology and in the threat landscape. This course is designed to be a highly informative bootcamp to help you advance your skills in the most important and relevant areas of cloudsec. Across four days, you;ll learn about the high-impact vulnerabilities and flaws that could be open in your organisation right now and how to fix them.

Our syllabuses are revised regularly to reflect the latest in-the-wild hacks, the newest system releases, and whatever proof of concepts we;ve been developing in our own research. Because they remain so up to date with the threat landscape and security industry standard, many delegates return every 1-2 years to update their skills and get a refresh.

Course Outline

Module 1: Introduction To Cloud Computing

This module introduces the core concepts of cloud computing, emphasising the importance of security. It explores the shared responsibility model, comparing cloud security with traditional models. Additionally, it sheds light on the significance of cloud metadata APIs from an attacker's perspective. This module lays the groundwork for a deeper understanding of cloud security and its unique challenges.
  • Introduction to the Cloud
  • Importance of Cloud Security
  • Shared Responsibility Model in the Cloud
  • Comparison with Conventional Security Model
  • Importance of Cloud Metadata API from an Attacker's Perspective
Module 2: Cloud Asset Enumeration

This module will explore DNS-based Enumeration techniques, gaining insights into identifying cloud assets through DNS records.

The module then delves into 'OSINT Techniques for Cloud Asset Enumeration,' equipping participants with open-source intelligence methods to uncover valuable information. Additionally, it covers 'Username Enumeration using Cloud Provider APIs,' empowering attendees to utilise cloud provider APIs to enumerate usernames effectively.
  • Importance of DNS in the Cloud
  • DNS-based Enumeration
  • OSINT Techniques for Cloud Asset Enumeration
  • Username Enumeration using Cloud Provider APIs
Module 3: Attack Surface of Cloud Services

This module delves into the attack surfaces of key cloud service models: Infrastructure as a Service (IaaS), Function as a Service (FaaS), Platform as a Service (PaaS), and Container as a Service (CaaS). It provides an in-depth understanding of the vulnerabilities and security challenges associated with each model. The module kicks off with an examination of the 'IaaS Attack Surface,' followed by the 'FaaS Attack Surface,' 'PaaS Attack Surface,' and 'CaaS Attack Surface.'
  • Understanding Infrastructure as a Service (IaaS) Attack Surface
  • Understanding Function as a Service (FaaS) Attack Surface
  • Understanding Platform as a Service (PaaS) Attack Surface
  • Understanding Container as a Service (CaaS) Attack Surface
Module 4: Cloud Storages

This module covers cloud storage security in AWS, GCP, and Azure. It starts with an introduction to AWS S3, followed by addressing AWS S3 misconfigurations. The module then explores GCP and Azure storage solutions. It culminates with a focus on securing Azure's Shared Access Signature (SAS) URLs. Attendees will gain the knowledge and skills to secure their cloud storage effectively, avoiding common pitfalls and optimising data protection in these cloud environments.
  • Introduction to AWS S3
  • AWS S3 Misconfigurations
  • Introduction to GCP Storage
  • Introduction to Azure Storage
  • Azure: Shared Access Signature (SAS) URL Misconfiguration
Module 5: Introduction to Azure and Attacking Microsoft Azure AD

This Module commences with an 'Introduction to Azure and Microsoft Entra ID,' setting the foundation for understanding Azure security.

The module extensively covers 'Azure Application Attacks' across critical components such as App Service, Function App, and Storages. Participants will also delve into the intricacies of securing Azure Databases and the significance of the Automation Account, Azure Key Vault, a pivotal component in safeguarding sensitive data, is thoroughly explored.

Additionally, this module introduces 'Microsoft Entra ID' and elaborates on its authentication methods and associated risks. Participants will gain insights into potential attacks on Microsoft Entra ID, particularly concerning Managed User Identities. The training provides advanced techniques for bypassing Multi-Factor Authentication (MFA) security and navigating Conditional Access Policies effectively.

Participants will also learn how to exploit Dynamic Membership Policies and harness Azure Identity Protection to monitor user behaviour, enhancing the overall security posture.
  • Introduction to Azure and Microsoft Entra ID
  • Azure Application Attacks on App Service, Function App, and Storages
  • Azure Database
  • Automation Account
  • Azure Key Vault
  • Introduction to Microsoft Entra ID Authentication Methods and Risks
  • Microsoft Entra ID Attacks (Managed User Identities)
  • Bypassing MFA Security and Conditional Access Policy
  • Abusing Dynamic Membership Policy
  • Azure Identity Protection to Monitor User Behaviour
Module 6: Introduction to AWS

This module offers an in-depth exploration of advanced Amazon Web Services (AWS) security topics. Beginning with an Introduction to AWS Identity and Access Management (IAM) and Policies, the module explores policy evaluation and AWS Cognito Service, with a focus on potential IAM misconfigurations.

The training delves into various aspects of AWS security, including Elastic Beanstalk, AWS Cross-Account misconfigurations, and the enumeration of roles using Pacu. Participants will gain insights into gaining access to EC2 instances by exploiting instance attributes and addressing resource-based policy misconfigurations.

Additionally, the module covers Lambda and API Gateway exploitation, AWS Elastic Container Registry (ECR), and Elastic Container Service (ECS). It educates participants on protecting sensitive data within Docker images and introduces AWS Organisations and IAM Access Analyzer.

Upon completion of this Module, attendees will emerge with a deep understanding of advanced AWS security practices and the practical skills required to secure cloud environments effectively. This module is designed to empower individuals to proactively address security challenges within AWS infrastructures.
  • Introduction to AWS IAM and Policies
  • Understanding AWS Policy Evaluation
  • AWS Cognito Service
  • IAM: Misconfigurations
  • Elastic Beanstalk
  • AWS Cross-Account Misconfigurations
  • Enumerate Roles using Pacu
  • Gaining Access to EC2 Instance by Abusing Instance Attribute
  • Resource Based Policy Misconfiguration
  • Lambda and API Gateway Exploitation
  • AWS ECR and ECS Service
  • Stealing sensitive information from the Docker images
  • Introduction of AWS Organisation
  • IAM Access Analyzer
Module 7: Introduction to GCP

Participants will delve into essential GCP security aspects, including IAM Role and Service Account, Authentication methods using Service Account files and Access tokens.

Enquire

Start date Location / delivery
No fixed date QA On-Line Virtual Centre, Virtual Book now
01132207150 01132207150

Related article

The Cyber Pulse is QA's new portal to free Cyber content, including on-demand webinars, articles written by leading experts,