Hacking and Securing Cloud Infrastructure - The Proven Method
Attendees will gain understanding in the following topics:
- Introduction to Cloud Computing
- Why cloud matters
- How cloud security differs from conventional security
- Types of cloud services
- Shared responsibility model
- Legalities around attacking / pen testing cloud services.
- Understanding the Attack Surfaces of various Cloud offerings, such as IaaS, PaaS, SaaS, FaaS
- Enumerating Cloud Services
- Understanding metadata APIs
- Exploiting serverless applications
- Owning cloud machines
- Attacking cloud services such as storage service or database services w.r.t different providers
- Examples and case studies of various cloud hacks
- Privilege escalation (horizontal and vertical) and pivoting techniques in cloud
- Obtaining persistence in cloud and performing post exploitation
- Exploiting dormant assets: Id’s, services, resources groups, security groups and more
- Cloud Infrastructure Defence
- Monitoring and logging
- Auditing Cloud Infrastructure (Manual and automated approach)
- Base Images / Golden Image auditing for Virtual Machine / Container Infrastructure
- Preventive measures against cloud attacks
- Host-based Defence
- Using Cloud services to perform continuous monitoring and defence
- Ending CTF to reinforce the learning
Who should take this course?
Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.
Prior pen test experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common command line syntax will be greatly beneficial.
What will this course cover?
To view the full course outline please
Refunds available if notice is given before at least 7 days before the event date