Attacking and Defending AWS Cloud Environment

In this training, we will cover the basics and fundamentals of AWS first, starting with Identity and Access Management, we will take a look at various policy-based misconfigurations in IAM and how they can be leveraged. We will learn about API Gateway, EC2, ECS, and S3 misconfigurations. Later in this course, we will take a look at web application-based attack vectors and how various attacks can be performed on the lambda environment and cloud databases. We will also take a look at how to get hold of temporary access credentials and gain persistence access on the Lambda environment by injecting our own runtime. We will also cover the best practices to follow in order to mitigate the misconfiguration.

Introduction to Azure Security

In recent times, Azure has become one of the dominant cloud service providers. Most enterprises today have some infrastructure if not all deployed on the cloud and attackers are constantly on the hunt for finding a way into the infrastructure.

Among the recent cloud hacks, around 97 percent are due to misconfigurations and various surveys suggest that in most cases, people were not aware of how misconfiguration can happen in various circumstances. Azure security is a mammoth in itself and a lot of people struggle in getting started with it, for the same reason many cloud administrators and developers are not aware of how misconfigurations and vulnerable applications can be leveraged to get a foothold on the account.

This workshop is a power course for Azure security, we will first cover the fundamentals and building blocks of Azure then we will take a look at the threatscape and attack vectors.