Hacking and Securing Cloud Infrastructure

Module 1: INTRODUCTION TO CLOUD COMPUTING

• Introduction to cloud and why cloud security matters
• Comparison with conventional security models
• Shared responsibility model
• Legalities around Cloud Pentesting
• Attacking Cloud Services

Module 2: ENUMERATION OF CLOUD ENVIRONMENTS

• DNS-based enumeration
• Open-Source Intelligence Gathering (OSINT) techniques for cloud-based asset identification
• Username enumeration

Module 3: ATTACKING MICROSOFT AZURE AD ENVIRONMENT

• Introduction to MS Azure
• MS Azure application attacks (App Service, Function App, Enterprise Apps)
• MS Azure service exploitation (Database, Key Vault, Automation account)
• MS Azure AD attacks (manage user identities, role-based access control (MS Azure RBAC), Subscriptions, Dynamic Group)

Module 4: AWS: GAINING ENTRY VIA EXPOSED SERVICES

• Serverless-based attacks (AWS Lambda)
• PaaS attack: server-side request forgery (SSRF Exploitation over AWS ElasticBeanStalk)
• Attacking AWS Incognito misconfiguration
• Exploiting internal service using Virtual Private Cloud (VPC) misconfiguration (demo only)

Module 5: AWS: IDENTITY AND ACCESS MANAGEMENT (IAM)

• AWS IAM policies and roles
• IAM policy evaluation
• Roles and permissions-based attacks
• Shadow admin attacks

Module 6: GCP

• Introduction to GCP IAM (shadow admin (demo only))
• GCP service exploitation via web application vulnerability (Google Compute Engine and App Engine, Google Identity-Aware Proxy (IAP), Google Cloud Storage)
• Lateral movement Within GCP to access container images

Module 7: Attacking storage services (AWS, Azure, GCP)

• Exploring files storage
• Exploring shared access signatures (SAS) URLs in MS Azure
• Exploit misconfigured storage service

Module 8: POST EXPLOITATION

• Persistence in cloud
• Post-exploit enumeration
• Snapshot access

Module 9: CONTAINERS AS A SERVICE (CAAS) AND KUBERNETES (K8S) EXPLOITATION

• Understanding how container technology works (namespaces, cgroup, chroot)
• From Docker to K8S
• Identifying vulnerabilities in Docker images
• Exploiting misconfigured containers
• Exploiting Docker environments and breaking out of containers
• Exploring K8S environments
• K8S exploitation and breakouts
• Pivoting to host OS

Module 10: CLOUD DEFENCE USING OPEN-SOURCE AND CLOUD-NATIVE TOOLS

• Identification of cloud assets
• Inventory Extraction for AWS, Azure, and GCP
• Continuous inventory management
• Protection of cloud assets
• Principle of least privilege
• Control plane and data plane protection
• Financial protections
• Cloud-specific protections
• Metadata API protection
• Detection of security issues
• Setting up monitoring and logging of the environment
• Identifying attack patterns from logs
• Revisiting Day 1 attacks via logs
• Real-time monitoring of logs
• Monitoring in a multi-cloud environment
• Response to attacks
• Automated defence techniques
• Cloud defence utilities
• Validation of setup

Module 11: CLOUD AUDITING AND BENCHMARKING

• Preparing for the audit
• Automated auditing via tools
• Golden image/Docker image audits
• Windows Infrastructure as a Service (IaaS) auditing
• Linux IaaS auditing
• Relevant benchmarks for cloud

Module 12: CAPTURE THE FLAG

• A timed competition to test your new skills and reinforce everything you’ve learnt