Practical offensive and defensive cloud security in AWS (On-site Training)

If you are on the Internet, you are most probably interacting with applications and services that are hosted on the cloud. AWS is a clear winner in the cloud infrastructure world with a majority of the market share. With more and more companies migrating to cloud from traditional hosting for their applications and services, there is a need for security professionals who can assess the security as well as improve the security posture of the cloud infrastructure.

The training is intense, hands-on with guided walk-throughs, scenario based, covers tools & techniques that can be used for attacking and defending in the AWS cloud.

From an offensive security PoV, students will learn to enumerate, exploit and pivot inside AWS environments. We will delve deep into AWS cloud vulnerabilities and will go beyond the basics. This training will cover real world attacks (mimicking real breaches) and scenarios that are based on our extensive cloud penetration testing experience.

From a defensive security PoV, students will learn to defend against the attacks covered in the training. Students will also learn a practical approach to securing their AWS infrastructure based on standards such as NIST Cybersecurity Framework (Identify/Protect/Detect).

The training contains four or more scenarios that build a story which mimics how attackers exploit cloud infrastructure in the real world. Once students are familiar with the ways in which attackers can breach cloud infra, they’ll learn to defend the same infrastructure.

Training objectives:

To provide students hands-on exposure to attacking and defending AWS cloud infrastructure
To provide students the knowledge that they can use to test the security of their AWS infrastructure
To make students familiar with a practical approach to secure their AWS infrastructure

Course outline

Below is the outline of the baseline topics we will be covering in the training. However, the delivery will be in a scenario driven fashion.

Intro to cloud infrastructure and information security

AWS essentials (Mostly hands-on)
Attacking Cloud Compute
Attacking Serverless endpoints
Attacking Cloud storage
Attacking Cloud databases
Attacking IAM
Attacking Amazon Cognito
Exploiting misconfigurations in Amazon API Gateway
Exploiting Amazon Elastic Container Service
Lesser known attack vectors in AWS
Recon and OSINT against cloud targets
Auditing AWS Accounts & Infrastructure
Capture the flag

We will conclude the training with a hands-on CTF in which each attendee will get to practice their newly learnt skills both as attacker and defender. The challenges are meant to evaluate key concepts and skills that you would have gained over the course of the training.

Hands on challenges for the students
Walk-through of all challenges

About the Speakers

Bharath

Bharath is Security Engineer at PhonePe. Bharath is an open source enthusiast with a strong passion for information security and building solutions that solve real world problems.

He has strong experience in client facing consulting assessments and building implementable automation tools to solve the security needs for companies and organisations in sectors ranging from financial services to healthcare.

Bharath is an active member and contributor at various security and developer communities including null open security community.

Bharath is an Offensive Security Certified Professional (OSCP).

Bharath holds multiple CVEs, the latest include - CVE-2018-15635, CVE-2018-15636, CVE2018-15638, CVE-2018-15639 and CVE-2018-15641.

Some of the talks given by Bharath include

“Building visualisation platforms for OSINT data using open source solutions” at Defcon 26: Recon Village
“Practical recon for pentesters and bounty hunters” at Bugcrowd LevelUp 2018
“Doing recon like it’s 2017” at Bsides Delhi 2017
“Esoteric sub-domain enumeration techniques” at Bugcrowd LevelUp 2017

Some of the trainings/workshops given by Bharath include

“JavaScript for Pentesting the Modern Application Attack” - c0c0n, 2018
“Attacking applications and servers on AWS” - c0c0n, 2019
“Xtreme Web Hacking” - Nullcon, Bangalore, 2018/2019

For more details:

https://www.disruptivelabs.in/
https://null.co.in/profile/352
https://twitter.com/0xbharath
https://github.com/0xbharath
https://speakerdeck.com/0xbharath
https://medium.com/@yamakira_
https://www.linkedin.com/in/0xbharath

Pankaj Mouriya

Pankaj is a security professional and works as Sr. Security Engineer at InVideo. Pankaj specializes in cloud security and has AWS Certified Security - Specialty. He is also a web security enthusiast with a strong passion for Information Security. Pankaj has extensive experience in the web application, network and mobile application security assessments

A participant of null – India’s largest open security community as a core team member and community manager. He has been an active speaker and contributor to communities such as Mozilla, null, BSides and Nullcon. He has also helped establish a local chapter in his hometown such as null Chandigarh.

He has also been a speaker at various international conferences such as BSides, HackerOne - HacktivityCon, Red Team Village, BeerCon3. He has given various technical talks and published content on Applications and Cloud Security. In his free time, he does weight training, spends time with family/friends and also runs a YouTube channel.