WS - 5

Attacking Applications and Servers on AWS

WS - 5

Attacking Applications and Servers on AWS


Workshop Objective:

Amazon Web Services (AWS) one of the most popular cloud service. There is a need for security testers, Cloud/IT admins and people tasked with the role of DevSecOps to learn on how to effectively attack and test their cloud infrastructure. In this training we will cover attack approaches, creating your attack arsenal in the cloud, distilled deep dive into AWS services and concepts that should be used for security.

The training is meant to be a hands-on training with guided walkthroughs, scenario based attacks, coverage of tools that can be used for attacking and auditing. Due to the attack, focused nature of the training, we will not be spending a lot of time on security architecture, defence in depth etc. While mitigations will be covered, we will point out to the relevant security documentation provided by AWS for further self-study.

We expect the trainees to bring their own AWS account for the training.

Course Content (ToC):

    Attacking Cloud compute

    • We look at the compute services of AWS such as EC2 (Virtual machines), Lambda (Serverless) and ELB (Load Balancers) from a point of view of attacking and auditing them. Additionally, we will start with creating our attackers machine in the cloud as well. This allows for rapid provisioning, creation of VMs etc.
      • Attacking EC2 and ELBs
      • Abusings application misconfigurations
      • Attacking Serverless endpoints (AWS Lambda)

    Attacking Cloud storage

    • Most of the applications require storage. Either this is block storage that we are used to like HDDs or object storage the kind AWS S3 provides. We will learn how to attack, abuse, steal and pillage stored data due to misconfigurations or by the virtue of doing forensics on existing snapshots etc.
      • Deep dive into AWS S3 misconfigurations
      • Discovering and pillaging EBS
      • Cloud forensics for discovery and attacks

    Attacking Cloud databases

    • Apart from the standard storage most data are stored in databases. We will attack AWS RDS for finding out misconfigurations which will allow us to steal data and increase our foothold.
      • Abusing AWS RDS misconfigurations

    Recon and OSINT against cloud targets

    • Cloud infrastructures are relatively new compared to the traditional on premise enterprise IT. This means that a lot of resources are not secured properly or people haven't realized what all to secure. By applying OSINT techniques, we will learn more about our targets and use that information to super charge our attacks.
      • OSINT techniques to enumerate AWS infra
      • Techniques to identify misconfigured buckets
      • Tools for discovering, stealing AWS keys
      • Techniques to find subdomain takeovers due to S3 at scale

    AWS services and concepts for security

    • While most of the class is hands-on and scenario based, we will cover the following topics at relevant places during the training. These will be some beginners to intermediate tasks done in a sequence to build our capacity.
      • AWS IAM
      • AWS Security Groups
      • AWS VPCs
      • AWS CloudWatch
      • AWS CloudTrail
      • AWS Config

    Capture the flag

    • We will end the training with a hands-on CTF for all the attendees. The challenges are meant to evaluate key concepts and skills that you would have gained over the course of the training. By repeating them in a challenge format you will be able to self-evaluate how much of the knowledge has been retained and what are the concepts that you need to practice more.
      • Hands on challenges for the attendees
      • Walkthrough of all challenges


  • Familiarity with AWS console
    • Ideally you should have started VMs in AWS, configured S3 buckets and have an idea of IAM
  • Familiarity with Security Testing basics and tools like nmap, Burp Suite
  • Comfortable using command line tools to login to servers, install packages, executing scripts and applications
  • Basics of HTTP, JavaScript
  • Basics of Networking concepts enough to understand Cloud Architecture

Participants’ Requirements:

  • Laptop with a modern OS like Windows 10 / OSX / Linux
  • SSH client installed on the host OS
  • Ability to connect to the wireless network
  • Own AWS account which has been activated for payments

Who should attend:

  • Pentesters and Security Testers
  • Security Professionals
  • Cloud / IT Professionals
  • DevSecOps Professionals

What to expect:

  • Completely hands-on
  • Fast paced training
  • While we will be using free-tier AWS services as much as possible, you can expect some minimal account charges

What not to expect:

  • DevOps concepts
  • How to build cloud infrastructure

Speaker Profile:

Bharath , Security Automation Engineer, APPSECCO

Bharath is a Security Engineer with Appsecco. He has a strong passion for information security and building solutions that solve real world problems.Bharath is an active member and contributor at various security and developer communities including null open security community. His core interest lies in Application security, Infrastructure security, Reconnaissance and Cloud security.

Bharath has presented at many security and developer conferences including:

  • Defcon 26: Recon Village
  • Bsides Delhi 2017
  • BugcrowdLevelUp 2017 & 2018
  • FUDCon 2012

Bharath has conducted trainings at various conferences including:

  • c0c0n, 2018
  • Nullcon, Bangalore, 2018/2019

For more details:


Conference Partners

  • ISRA
  • Clients
  • Clients

Platinum Sponsors

  •  Bharat Petroleum |Oil & Gas Companies
  •  GAS (India) Limited
  •  South Indian Bank
  •  R P Group
  •  Cochin Shipyard Ltd

Gold Sponsors

  •  VenSec
  •  Federal Bank
  • IT Mission
  •  National Technical Research Organisation (NTRO)

Silver Sponsors

  •  Dell
  •  State Bank of India
  •  CyberARC
  •  Palo Alto Networks
  • Ramada Resort, Kochi
  • Indian Oil Corporation
  • Petronet LNG

Bronze Sponsors

  •  CloudSEK
  •  Geogit
  •  Trend Micro
  • Vodafone
  • Aster Medicity
  •  azr


  • Fortinet
  •  Zenletics Cyber Security Solutions Pvt. Ltd


  • Cloud Security Alliance
  • ISC2 Bangalore