Stay frosty within AWS and Azure environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms.
In this course you will:
- Exploit serverless (e.g. Lambda) applications for initial access into targets.
- Pivot between data and control planes to expand access (e.g. secrets, snapshots).
- Evade and disrupt cloud logging platforms (e.g. CloudTrail) to remain undetected.
- Breach and backdoor boundaries (e.g. VPCs) to access hard to reach systems.
- Leverage stealthy persistence techniques to ensure long-term access (e.g. session tokens).
The Course Syllabus includes...
Day 1:
- Recon for AWS Services of Interest (e.g. Subdomain Takeovers)
- Hunting for Secrets to the AWS Control Plane (e.g. S3 buckets)
- Obtaining Secrets via Web App Vulnerabilities (e.g. XXE, LFI)
- Surveying & Persisting Access within the AWS (e.g. Session Tokens)
- Pivoting from the AWS Control Plane to the Data Plane (e.g. Snapshots)
- Gaining RCE via Web App Vulnerabilities (e.g. SSTI, RFI)
- Post Exploitation within AWS EC2 Instances (e.g. User Data Scripts, DynamoDB)
Day 2:
- Serverless Exploitation w/ Lambda (e.g. Keeping it Hot, Exfiltrating via Services)
- Breaching Boundaries: Bypassing VPCs (e.g. API Gateway + Lambda Bypass)
- Logging Disruption within AWS (e.g. Cleaning CloudTrail Logs w/ Lambda)
- Pivoting from Azure Control Plane to the Data Plane (e.g. Storage Manipulation)
- Expanding Access via PaaS Specific Azure Attacks (e.g. RDP "debug")
- Stealthy Azure Persistence Techniques (e.g. Offline Minting of SAS Keys)
- Overview of Defensive Countermeasures (e.g. MFA, Logging, Alerting, etc...)
This course assumes the student already has some basic penetration testing knowledge and would like to learn more about how to apply penetration testing to cloud centric environments.
This includes:
- Red Teamers & Penetration Testers
- Blue Teamers & Security Professionals, who wish to see the offensive side
- Site Reliability Engineers (SREs) & System Administrators, who work with cloud technologies
Students will need to bring to the class:
- Access to an active Amazon Web Services (AWS) account with admin access before the class starts.
- Access to an active Azure subscription with admin access before the class starts.
- A laptop with admin access to install software with wired network support via an ethernet adapter.
Students should be comfortable:
- Using Linux and SSH.
- With basic networking concepts and services (e.g. TCP/IP, DNS, DHCP, etc…)
- Some experience interacting with AWS and Azure platforms.
- Some python scripting knowledge is recommended, but not required.
