This 4-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.
Syllabus
Gaining Entry in cloud via exposed services
Attacking specific cloud services
Post Exploitation
Defending the Cloud Environment
Host base Defenses
Auditing and benchmarking of Cloud
Continuous Security Testing of Cloud