Hacking and Securing Cloud Infrastructure

Virtual Learning: 2,900€ + IVA

REF: NSSHSCI Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure), Cybersecurity

Duração icon

Duração:

4 dias

Próxima Data icon

Próxima Data:

29/4/2024 a 2/5/2024

Local icon

Local:

Online

Descrição

As cloud innovation gives birth to new technologies and new threats, now is the time to modernize your cloud security skills and bring them up to the industry standard. Join this hands-on, 4-day course to push your cloud hacking and vulnerability remediation skills to the next level and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.

This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is over

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Cloud administrators and architects
  • Penetration testers and red teamers
  • CSIRT/SOC analysts and engineers/blue teams
  • Developers
  • Security/IT managers and team leads
  • Área: Cybersecurity

  • Certificação Associada: 156-406 – Check Point Certified PenTesting Expert – Cloud Security (CCPE-C)

Quero inscrever-me.

Programa:

INTRODUCTION TO CLOUD COMPUTING

  • Introduction to cloud and why cloud security matters
  • Comparison with conventional security models
  • Shared responsibility model
  • Legalities around Cloud Pentesting
  • Attacking Cloud Services

ENUMERATION OF CLOUD ENVIRONMENTS

  • DNS based enumeration
  • OSINT techniques for cloud-based asset

ATTACKING MICROSOFT AZURE AD ENVIRONMENT

  • Introduction to MS Azure
  • MS Azure application attacks (App Service, Function App, Enterprise Apps)
  • MS Azure service exploitation (Database, Key Vault, Automation account)
  • MS Azure AD attacks (manage user identities, role-based access control (MS Azure RBAC), Subscriptions, Dynamic Group)

AWS: GAINING ENTRY VIA EXPOSED SERVICES

  • Serverless-based attacks (AWS Lambda)
  • PaaS attack: server-side request forgery (SSRF Exploitation over AWS ElasticBeanStalk)
  • Attacking AWS Incognito misconfiguration
  • Exploiting internal service using Virtual Private Cloud (VPC) misconfiguration (demo only)

AWS: IDENTITY AND ACCESS MANAGEMENT (IAM)

  • AWS IAM policies and roles
  • IAM policy evaluation
  • Roles and permissions-based attacks
  • Shadow admin attacks

GCP

  • Introduction to GCP IAM (shadow admin (demo only))
  • GCP service exploitation via web application vulnerability (Google Compute Engine and App Engine, Google Identity-Aware Proxy (IAP), Google Cloud Storage)
  • Lateral movement Within GCP to access container images

Attacking storage services (AWS, Azure, GCP)

  • Exploring files storage
  • Exploring shared access signatures (SAS) URLs in MS Azure
  • Exploit misconfigured storage service

POST EXPLOITATION

  • Persistence in cloud
  • Post-exploit enumeration
  • Snapshot access

CONTAINERS AS A SERVICE (CAAS) AND KUBERNETES (K8S) EXPLOITATION

  • Understanding how container technology works (namespaces, cgroup, chroot)From Docker to K8S
  • Identifying vulnerabilities in Docker images
  • Exploiting misconfigured containers
  • Exploiting Docker environments and breaking out of containers
  • Exploring K8S environments
  • K8S exploitation and breakouts
  • Pivoting to host OS

CLOUD DEFENCE USING OPEN-SOURCE AND CLOUD-NATIVE TOOLS

  • Identification of cloud assets
  • Inventory Extraction for AWS, Azure, and GCP
  • Continuous inventory management
  • Protection of cloud assets
  • Principle of least privilege
  • Control plane and data plane protection
  • Financial protections
  • Cloud-specific protections
  • Metadata API protection
  • Detection of security issues
  • Setting up monitoring and logging of the environment
  • Identifying attack patterns from logs
  • Revisiting Day 1 attacks via logs
  • Real-time monitoring of logs
  • Monitoring in a multi-cloud environment
  • Response to attacks
  • Automated defence techniques
  • Cloud defence utilities
  • Validation of setup

CLOUD AUDITING AND BENCHMARKING

  • Preparing for the audit
  • Automated auditing via tools
  • Golden image/Docker image audits
  • Windows Infrastructure as a Service (IaaS) auditing
  • Linux IaaS auditing
  • Relevant benchmarks for cloud

CAPTURE THE FLAG

  • A timed competition to test your new skills and reinforce everything you’ve learnt

Pré-requisitos:

Delegates must have the following to make the most of the course:

  • Basic to intermediate knowledge of cybersecurity (1.5+ years’ experience)
  • Experience with common command line syntax

Quero inscrever-me.

Partilha:

We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

The answer you entered for the CAPTCHA was not correct.

A background of the Ignit sparks