Or log in to access your purchased courses

Hands-on Attacking & Defending Cloud (AWS)


Amazon Web Services (AWS) runs the most popular and used cloud infrastructure and suite of services. IT Security professionals, DevOps, DevSecOps, Cloud/IT admins will all benefit from learning how to test their cloud infrastructure.


This workshop is a hands-on training with guided walkthroughs, and scenario based attacks against live AWS infrastructures. Environment build scripts will be provided to help students quickly deploy the target infrastructures.


Approximately 50-60% of the training sessions will be dedicated to the coverage of tools that can be used for attacking and auditing AWS infrastructures.


Due to the attack focused nature of the training, and time constraints the training WILL NOT spend a lot of time on security architecture, defence in depth, etc.


Although mitigations for each of the attacks will be covered, the instructor will point out to the relevant security documentation provided by AWS for further self-study.


Course Outline


Module 1: AWS Fundamentals

  • EC2 (Elastic Cloud Compute)
  • S3 (Simple Storage Service)
  • EBS (Elastic Block Storage)
  • RDS (Relational Database Service)
  • ELB (Elastic Load Balancers)
  • VPC (Virtual Private Cloud)
  • Lambda


Module 2: OSINT against cloud targets

  • Techniques for Open Source Intelligence
  • Tools for finding public buckets
  • Tools for discovering, stealing keys and endpoints


Module 3: Attacking cloud compute

  • Setting up Attack Tools and VMs using automation
  • Attacking EC2 and ELBs
  • Application Misconfigurations
  • EC2 metadata abuse
  • Stealing credentials
  • Attacks against virtualization
  • Using AWS Inspector for audits and attacks


Module 4: Attacking cloud storage

  • Abusing AWS S3 misconfigurations
  • Discovering and pillaging EBS
  • Cloud forensics for discovery and attacks


Module 5: Attacking cloud databases

  • AWS RDS misconfigurations
  • Data pilferage


Module 6: Attacking serverless endpoints

  • Attacking Serverless endpoints (AWS Lambda)


Module 7: Applying AWS Security & Monitoring Technologies

  • AWS Security Groups
  • AWS VPCs
  • AWS CloudWatch
  • AWS CloudTrail
  • AWS Flowlogs
  • AWS Cloud DNS Route53
  • AWS Config


Module 8: AWS and compliance

  • PCI DSS for AWS
  • FedRamp, RMF, GovCloud


Target audience (Who should attend)

  • Penetration Testers
  • IT Security Professionals
  • IT Auditors
  • DevSecOps Professionals
  • DevOps Professionals
  • Cloud / IT Professionals


Training delivery approach (What to expect)

  • Completely live-online training
  • Completely hands-on (85% attacking live AWS infrastructure)
  • Automation scripts will be provided to bring up your AWS cloud infrastructure
  • Fast paced training
  • Using cloud control panel, CLI, AWS services and chosen security and management tools which will be provided
  • While we will be using free-tier AWS services as much as possible, you can expect some minimal account charges (less than $10USD in AWS charges should be expected).


Hardware & Software Requirements

  • Student must have their own AWS account which has been activated for payments


Training schedule

  • Saturday 22 June 2019 from 9am EST – 4pm EST
  • Lunch break from 11:30am EST to 12:30pm EST


Training cost

  • $50USD if purchased by 17 May 2019
  • $75USD if purchased between 17 May 2019 – 24 May 2019
  • $100USD if purchased between 25 May 2019 – 31 May 2019