SEC588: SANS Madrid June 2025

Provided by

What You Will Learn

You have been asked to perform a penetration test, security assessment, maybe an Attacker Simulation or a red team exercise. The environment in question is mainly cloud-focused. It could be entirely cloud-native for the service provider or Kubernetes-based. Perhaps the environment in question is even multi-cloud, having assets in both Amazon and Azure. What if you have to assess Azure Active Directory, Amazon Web Services (AWS) workloads, serverless functions, or Kubernetes? SEC588: Cloud Penetration Testing will teach you the latest penetration testing techniques focused on the cloud and how to assess cloud environments.

Computing workloads have been moving to the cloud for years. Analysts predict that most, if not all, companies will have soon have workloads in public and other cloud environments. While organizations that start in a cloud-first environment may eventually move to a hybrid cloud and local data center solution, cloud usage will not decrease significantly. So when assessing risks to an organization going forward, we need to be prepared to evaluate the security of cloud-delivered services.

The most commonly asked questions regarding cloud security when it comes to penetration testing are: Do I need to train specifically for engagements that are cloud-specific? and Can I accomplish my objectives with other pen test training and apply it to the cloud? In cloud-service-provider environments, penetration testers will not encounter a traditional data center design, there will be new attack surface areas in the service (control) planes of these environments. Learning how such an environment is designed and how you as a tester can assess what is in it is a niche skill set that must be honed. What we rely on to be true in a classical data center environment such as who owns the Operating System and the infrastructure and how the applications are running will likely be very different. Applications, services, and data will be hosted on a shared hosting environment unique to each cloud provider.

SEC588: Cloud Penetration Testing draws from many skill sets required to assess a cloud environment properly. If you are a penetration tester, the course will provide a pathway to understanding how to take your skills into cloud environments. If you are a cloud-security-focused defender or architect, the course will show you how the attackers are abusing cloud infrastructure to gain a foothold in your environments.

The course dives into topics of classic cloud Virtual Machines, buckets, and other new issues that appear in cloud-like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. It also covers Azure and AWS penetration testing, which is particularly important given that AWS and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies but to teach you how to assess and report on the actual risk your organization could face if these services are left insecure.

You Will Be Able To
  • Conduct cloud-based penetration tests
  • Assess cloud environments and bring value back to the business by locating vulnerabilities
  • Understand first-hand how cloud environments are constructed and how to scale factors into the gathering of evidence
  • Assess security risks in Amazon and Microsoft Azure environments, the two largest cloud platforms in the market today
  • Immediately apply what you have learned to your work
Business Takeaways
  • Learn how to assess and test cloud environments through real-world cloud-based labs
  • Understand the differences between cloud-native, multi-cloud, and cloud hybrid infrastructures
  • Penetration testing on real world microservices
  • Learn how containers and CI/CD Pipelines are abused
  • Attack Kubernetes, Serverless Functions, and Windows Containers
  • Understand how identity systems work in the cloud and how to attack them
You Will Receive With This Course
  • Access to the in-class Virtual Training Lab for 27 in-depth labs
  • Access to recorded course audio to help hammer home important penetration testing lessons

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...