ATTACK, DEFEND IN CLOUD

28 Jan 10 AM - 4 PM

​

​

Pre-requisites for workshop

1. Create your own AWS account & activate (must): https://aws.amazon.com/resources/create-account/

2. Install aws cli on system : https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

3. Install Terraform on system : https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli

4. Install Pacu on system : https://github.com/RhinoSecurityLabs/pacu?tab=readme-ov-file

These above requirement must to have to smooth completion of workshop incase the above tools & account are not setup then you might not be able to complete the labs.

​

Training level: Beginner to Intermediate

Training Outline 

• What is AWS? 

• Setting up the infrastructure and environment for attacks using Terraform 

• Understanding Pentesting requirements for AWS 

• Basics of Cloud Security 

  • Shared responsibility model

  • Cloud security posture

• Five phases of hacking, Authentication vs Authorization, Privilege Escalation 

• Cloud Forensics and Recon 

  • Github

  • Javascript

  • Hardcoded secrets

  • Etc
     

• IAM-> IAM service Basics 

• IAM Playground with terraform [FREE TIER]

• Understanding common Misconfiguration in IAM

• Hands-on Attack & Defense 

• S3

  • S3 Basics

  • Understanding common Misconfiguration in S3

• Extra Recon/Tools

• Hands-on Attack & Defense 

• EC2

  • EC2 Basics

  • Understanding common Misconfiguration in EC2

  • IMDS v1 vs IMDS v2 and abusing temporary credentials

  • Hands-on Attack & Defense 

​

• Some More Hands-on / CTF (If time permits)