Breaking and Pwning Apps and Servers on AWS and Azure – Free Training Courseware and Labs
Amazon Web Services (AWS) and Azure run the most popular and used cloud infrastructure and boutique of services. There is a need for security testers, Cloud/IT admins and people tasked with the role of DevSecOps to learn on how to effectively attack and test their cloud infrastructure. In this tools and techniques based training we cover attack approaches, creating your attack arsenal in the cloud, distilled deep dive into AWS and Azure services and concepts that should be used for security.
The training covers a multitude of scenarios taken from our vulnerability assessment, penetration testing and OSINT engagements which take the student through the journey of discovery, identification and exploitation of security weaknesses, misconfigurations and poor programming practices that can lead to complete compromise of the cloud infrastructure.
The training is meant to be a hands-on training with guided walkthroughs, scenario based attacks, coverage of tool that can be used for attacking and auditing. Due to the attack, focused nature of the training, not a lot of documentation is around security architecture, defence in depth etc. Additional references are provided in case further reading is required.
To proceed, you will need
- An AWS account, activated for payments (you should be able to open and view the Services > EC2 page)
- An Azure account, you should be able to login to the Azure console
About this repo
This repo contains all the material from our 3 day hands on training that we have delivered at security conferences and to our numerous clients.
The primary things in this repo are:
- documentation – all documentation in markdown format that is to be used to go through the training
- setup-files – files required to create a student virtual machine that will be used to create the cloud labs
- extras – any additional files that are relevant during the training
Download && Use
Copyright (c) [2020] [Appsecco Ltd.]
