Amazon Web Services (AWS) one of the most popular cloud service. There is a need for security testers, Cloud/IT admins and people tasked with the role of DevSecOps to learn on how to effectively attack and test their cloud infrastructure. In this training we will cover attack approaches, creating your attack arsenal in the cloud, distilled deep dive into AWS services and concepts that should be used for security.
The training is meant to be a hands-on training with guided walkthroughs, scenario based attacks, coverage of tools that can be used for attacking and auditing. Due to the attack, focused nature of the training, we will not be spending a lot of time on security architecture, defence in depth etc. While mitigations will be covered, we will point out to the relevant security documentation provided by AWS for further self-study.
We expect the trainees to bring their own AWS account for the training.
Course Content (ToC):
Attacking Cloud compute
We look at the compute services of AWS such as EC2 (Virtual machines), Lambda (Serverless) and ELB (Load Balancers) from a point of view of attacking and auditing them. Additionally, we will start with creating our attackers machine in the cloud as well. This allows for rapid provisioning, creation of VMs etc.
Attacking EC2 and ELBs
Abusings application misconfigurations
Attacking Serverless endpoints (AWS Lambda)
Attacking Cloud storage
Most of the applications require storage. Either this is block storage that we are used to like HDDs or object storage the kind AWS S3 provides. We will learn how to attack, abuse, steal and pillage stored data due to misconfigurations or by the virtue of doing forensics on existing snapshots etc.
Deep dive into AWS S3 misconfigurations
Discovering and pillaging EBS
Cloud forensics for discovery and attacks
Attacking Cloud databases
Apart from the standard storage most data are stored in databases. We will attack AWS RDS for finding out misconfigurations which will allow us to steal data and increase our foothold.
Abusing AWS RDS misconfigurations
Recon and OSINT against cloud targets
Cloud infrastructures are relatively new compared to the traditional on premise enterprise IT. This means that a lot of resources are not secured properly or people haven't realized what all to secure. By applying OSINT techniques, we will learn more about our targets and use that information to super charge our attacks.
OSINT techniques to enumerate AWS infra
Techniques to identify misconfigured buckets
Tools for discovering, stealing AWS keys
Techniques to find subdomain takeovers due to S3 at scale
AWS services and concepts for security
While most of the class is hands-on and scenario based, we will cover the following topics at relevant places during the training. These will be some beginners to intermediate tasks done in a sequence to build our capacity.
AWS Security Groups
Capture the flag
We will end the training with a hands-on CTF for all the attendees. The challenges are meant to evaluate key concepts and skills that you would have gained over the course of the training. By repeating them in a challenge format you will be able to self-evaluate how much of the knowledge has been retained and what are the concepts that you need to practice more.
Hands on challenges for the attendees
Walkthrough of all challenges
Familiarity with AWS console
Ideally you should have started VMs in AWS, configured S3 buckets and have an idea of IAM
Familiarity with Security Testing basics and tools like nmap, Burp Suite
Comfortable using command line tools to login to servers, install packages, executing scripts and applications
Basics of Networking concepts enough to understand Cloud Architecture
Laptop with a modern OS like Windows 10 / OSX / Linux
SSH client installed on the host OS
Ability to connect to the wireless network
Own AWS account which has been activated for payments
Who should attend:
Pentesters and Security Testers
Cloud / IT Professionals
What to expect:
Fast paced training
While we will be using free-tier AWS services as much as possible, you can expect some minimal account charges
What not to expect:
How to build cloud infrastructure
Bharath , Security Automation Engineer, APPSECCO
Bharath is a Security Engineer with Appsecco. He has a strong passion for information security and building solutions that solve real world problems.Bharath is an active member and contributor at various security and developer communities including null open security community. His core interest lies in Application security, Infrastructure security, Reconnaissance and Cloud security.
Bharath has presented at many security and developer conferences including:
Defcon 26: Recon Village
Bsides Delhi 2017
BugcrowdLevelUp 2017 & 2018
Bharath has conducted trainings at various conferences including: