Attendees will gain understanding in the following topics:
* Introduction to Cloud Computing
* Why cloud matters
* How cloud security differs from conventional security
* Types of cloud services
* Shared responsibility model
* Legalities around attacking / pen testing cloud services.
* Understanding the Attack Surfaces of various Cloud offerings, such
as IaaS, PaaS, SaaS, FaaS
* Enumerating Cloud Services
* Understanding metadata APIs
* Exploiting serverless applications
* Owning cloud machines
* Attacking cloud services such as storage service or database
services w.r.t different providers
* Examples and case studies of various cloud hacks
* Privilege escalation (horizontal and vertical) and pivoting
techniques in cloud
* Obtaining persistence in cloud and performing post exploitation
* Exploiting dormant assets: Id’s, services, resources groups,
security groups and more
* Cloud Infrastructure Defence
* Monitoring and logging
* Benchmarks
* Auditing Cloud Infrastructure (Manual and automated approach)
* Base Images / Golden Image auditing for Virtual Machine / Container
Infrastructure
* Preventive measures against cloud attacks
* Host-based Defence
* Using Cloud services to perform continuous monitoring and defence
* Ending CTF to reinforce the learning
WHO SHOULD TAKE THIS COURSE?
Cloud Administrators, Developers, Solutions Architects, DevOps
Engineers, SOC Analysts, Penetration Testers, Network Engineers,
security enthusiasts and anyone who wants to take their skills to next
level.
Prior pen test experience is not a strict requirement, however, some
knowledge of Cloud Services and a familiarity with common command line
syntax will be greatly beneficial.
WHAT WILL THIS COURSE COVER?
To view the full course outline please click here
[https://www.notsosecure.com/hacking-training/cloud-hacking/]
REFUNDS
Refunds available if notice is given before at least 7 days before the
event date
culture
2636
Views
10/06/2020 Last update