Abstract
A packed week of learning how to design and deploy critical infrastructure in the cloud as a security professional. You will learn the different building blocks of AWS and how security modelling principles apply across all cloud deployments. You will become skilled in how to identify security misconfigurations, and how to exploit them.
You will also take the time to learn key technologies available to you within AWS to assist in detection and identification of vulnerabilities, potential compromise, and identify bothersome attacks. This course will focus primarily on AWS and the common technologies deployed in the cloud.
Key Learning Objectives
- Understand the architecture of AWS
- Understand Identity and Access Management IAM, the underpinning and crucial to know authentication and authorisation within AWS.
- Become familiar with networking within cloud environments and all its advantages and limitations
- Learn about AWS specific service offerings and how they interact
- Gain practical experience of auditing an AWS environment to identify common and preventable mis-configurations
- Understand how to exploit identified vulnerabilities
- Learn how traditional penetration testing techniques are applied to cloud services
- Deep dive into containers, how they work and typical misconfigurations
- Practically exploit container misconfigurations to attack host services
- Understand Serverless environments within AWS and how they can be exploited
- Practically exploit vulnerable serverless functions through the API Gateway
- How to laterally move between exposed cloud services
- How to detect malicious activity and implement proactive counter-measures
- Get an overview of security controls and services available within AWS
Who Should Attend
- IT professionals already operating and securing AWS environments.
- Pentesters looking to understand how cloud and containers work.
- Developers looking to secure their applications when running in the cloud, and anyone else looking to upskill into modern platform technologies.
Agenda
Session 0 - AWS Fundamentals
- Accessing AWS services
- AWS Console
- AWS CLI
- AWS SDK
- Identity and Access Management
- Policies/Roles/Groups/Users
- Programmatic Access
- Security Models
- Logging and Auditing
- Networking in AWS
- Common services available
- Pentesting AWS assets and services
- Rules and Scope
- Tools
- IAM Deep Dive
- Identify and exploit S3 permissions and mis-configurations
Session 1 - Containers
- Docker deep dive
- Getting Started
- Basics of containers
- Docker security misconfigurations
- Docker breakouts
- Attacking the host
- Abusing the Registry
- Container services in AWS
- Enumerating Containers and Registries in AWS
Session 2 - Serverless and API Gateway
- Serverless deep dive
- Introduction to Lambda
- Serverless runtime environments
- Attacking serverless functions
- Lateral movement from compromised lambda functions
- Enumerate Serverless functions and identify misconfigurations
- Understanding the API Gateway
- Executing Lambda from the API Gateway
- Stages and Deployment models
- Enumerating AWS API Gateway and identifying misconfigurations
Session 3 - Auditing Tools and Security Services
- Look at some open source tools to assist in cloud audits
- Go through AWS specific services designed to aid security within AWS
- CloudWatch
- CloudTrail
- GuardDuty
- Security Hub
- Macie
- WAF & Shield
- Detective
- Inspector
- KMS / Secrets management
Pre-requisites
- Basic understanding of markup languages YAML, XML etc
- Ability to read, write and preferably speak JSON
- Basic understanding of common vulnerability types eg RCE, SQL injection
- Ability to work from the command line
Hardware Requirements
- A working laptop or desktop (no netbooks, tablets or iPads)
- A working Internet connection