back to List back

on this page

Hacking and Securing Cloud Infrastructure

post-event
Sold Out
NotSoSecure
TBC
Intermediate
3 Days
Sat 19 Nov - Mon 21 Nov
Sold Out
Venue:

Radisson Blu Hotel, Riyadh Qurtuba
Al Thumama Road, Riyadh, 11263, Saudi Arabia

Timings:
  • Registration starts at 8am
  • Training from 9am to 5pm
Topics:
  • Introduction to cloud computing
  • Enumeration of cloud environments
  • Gaining entry via exposed services
  • Attacking storage services (AWS, Azure, GCP)
  • Attacking azure ad environment
  • I am misconfiguration attacks
  • Post - exploitation
  • Exploiting Kubernetes clusters & containers as a service
  • Auditing and benchmarking of cloud
Overview

This 3-day course cuts through the mystery of Cloud Services (including AWS, Google Cloud Platform (GCP) and Azure) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure. 

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand  and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This class covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Students are required to bring their own laptop that meets the following specs:

  • Should have adminIroot access on it. The laptop must have a virtualization software (virtualbox I VMWare) pre installed. 
  • A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students.
  • The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM
Who should take this course?

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level. 
Prior Pen Test experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common command line syntax will be greatly beneficial.