Introduction
CyberWarFare Labs> workshop on "Multi-Cloud Security" aims to provide the trainees with the insights of the offensive / defensive techniques used by the Red & Blue Teams in an Enterprise Cloud Infrastructure. Learn from the creators of the renowned CWL RedCloud OS, a cloud adversary simulation VM, how to perform enterprise offensive / defensive operations
As a Red Team / Penetration Tester:
- Trainees will understand advanced real-world cyber attacks against major cloud vendors like AWS, Microsoft Azure, and GCP.
- Simulate Tactics, Techniques, and Procedures (TTPs) widely used by APT groups in a practical lab environment.
As a Blue Team / Defender:
- Trainees will learn to identify and defend against various emerging threats in a multi-cloud infrastructure.
- Understand complex attack vectors & sophisticated compromise scenarios from a defensive mindset
Course Syllabus/Outline :
DAY 1
- Part-1 : Introduction about Multi Cloud Environment
- Module-1 : Azure Cloud Environment
- Azure Identity : Azure AD & RBAC
- O365 / Microsoft 365
- Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)
- Module-2 : AWS Cloud Environment
- Identity & Access Management
- AWS Cloud Services (IaaS, PaaS, SaaS)
- AWS SSO
- Module-3 : GCP Cloud Environment
- GCP Identity & Access Management
- GCP Cloud Services (IaaS, PaaS, SaaS)
- Google Suite / Workspace + Cloud Identity
- Module-1 : Azure Cloud Environment
- Enumeration & Initial Access on Cloud Infrastructure
- Module-1 : Unauthenticated Enumeration
- Enumerating Information from DNS Records
- Enumerating Information from Cloud Vendors
- Leaked secrets from github
- Enumeration storage & other information from OSINT
- Module-2 : Initial Access
- Exploiting Cloud Services
- Leaked Credentials
- Compromising CI/CD pipeline
- Compromising storage accounts
- Module-3 : Authenticated Enumeration
- AWS Services
- AAD, O365, Azure Services
- Cloud Identity, Google Workspace, GCP Services
- Module-1 : Unauthenticated Enumeration
- Part-3 : Exploiting Hybrid Multi-Cloud Services
- Module-1 : Exploiting Hybrid Multi-Cloud Services
- AWS : cross account, within account
- Azure : service principal, cross tenant, AAD
- GCP : Access organization, Cloud Identity
- Module-2 : Privilege Escalation
- Elevating Privileges on AWS
- Elevating Privileges on Azure
- Elevating Privileges on GCP
- Module-1 : Exploiting Hybrid Multi-Cloud Services
- Part-4 : Lateral Movement
- Module-1 : Within Multi-Cloud
- AWS, GCP, Azure to each other
- Module-1 : Within Multi-Cloud
- Part-5 : Case Study
- Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)
Why should people attend your course?
- Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment
- Perform Red Team Attack Cycle in Simulated Enterprise Environment
- Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa
- Core Services Mapping / Enumeration / Exploitation
- Create custom tools to perform manual enumeration
- Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)
Student Requirements :
- Fair Knowledge of Networking and Web Technology
- Familiarity with CLI
- An Open mind
*No prior Cloud knowledge is required
Who Should Take This Course ?
Targeted Audience may include the following group of people:
- Penetration Testers / Red Teams
- Cloud Security Professionals
- Cloud Architects
- SOC analysts
- Threat Hunting Team
- Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud
How many years of practical experience would the ideal student have to get most out of this training?
- Minimum 1-3 years in Penetration Testing Domain.
What Students Should Bring?
- System with at least 16GB RAM having VMWare Workstation PRO installed
- CWL RedCloud VM With Internet Connectivity
What Students Will Be Provided With?
- Soft Copy of the Course Content./li>
- Great Knowledge about the Offensive Cloud Techniques used by adversaries./li>
- Defense Tactics & Techniques against the discussed offensive techniques
Duration
2 days