AWS is the market leader in cloud computing. It has over 200 services under all three cloud computing models: IaaS, PaaS, and SaaS (and everything in between). Each service solves a different problem and has a different attack surface. Even if successfully compromised, each service would have a different blast radius.
Attacking and defending each AWS service will differ and involves understanding the nitty-gritty of each service. However, the principles are a handful. These principles remain almost the same for other cloud providers, despite their services working slightly differently.
Based on your current role or interests, you can train in one vertical - attack or defense. While such journeys cover the security of each service, the most significant disadvantage is that you are often pushed to think the other side won’t or can’t hinder you.
Moreover, Sun Tzu says in his book The Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
In this 3-day hands-on training, you will attack and defend AWS services, giving you the experience of looking at the same environment from both viewpoints. The training will include guided walkthroughs, real-world scenarios, and coverage of tools that can be used to attack and audit AWS environments. After this training, you will learn different tactics, techniques, and procedures to attack and defend the AWS cloud from Day One.
Attackers will learn a holistic way to approach targets in a pentest. On the other hand, defenders will learn the common issues with AWS services, how to think in graphs, and how to prioritize tasks to reinforce security. Overall, this training will help you find issues/solutions that automated tools fail to see.
Post the supervised learning, we will be having an unsupervised learning activity as a CTF.
Post the supervised learning, you will defend a vulnerable-by-design infrastructure.
Note: Macbooks with M1 chips are not supported due to virtualization issues.
Kumar Ashwin is a skilled information security professional with a focus on web security, cloud security, and DevSecOps. He actively participates in various security communities, including The Open Security Community, Winja, and DEFCON Cloud Village, by speaking at meetups and creating CTFs. Ashwin has also spoken at conferences such as Bsides and c0c0n. As an offensive security specialist, Ashwin excels in identifying vulnerabilities and preventing attacks. His expertise has helped numerous organizations improve their security posture and protect their assets. Check out Ashwin’s blog at https://krash.dev to learn more about his experiences and insights.
Chandrapal Badshah is a Cloud Security Engineer and a Researcher. While his engineer mind secures cloud accounts during the day, his research mind strives to find cloud issues (at scale) during the night. He has experienced security wearing different hats during his career - first as a Product Security engineer, next as a Security Research lead, and now as a person fully focused on Cloud and DevSecOps. He is an AWS Certified Security professional as well. He is a volunteer at Defcon Cloud Village. He has been a co-trainer at BlackHat Asia training and has given talks at community Meetups like null and OWASP. He blogs about his experiments and experiences at https://badshah.io.