Pentest Cloud Intermediate - 5 days
Description
Cloud technologies are gradually being integrated into the information system of companies. They provide many security mechanisms that are sometimes difficult to understand and force attackers to rethink their methods of intrusion.
During this five-day course, participants will be exposed to the concepts of the three major cloud providers: GCP (Google), AWS (Amazon), and Azure (Microsoft). After having studied the fundamentals they share, their implementation specificities will be detailed and illustrated through complete environments allowing to learn about cloud intrusion techniques. An additional module will also be dedicated to Kubernetes infrastructures.
-
5 days ( 35 hours ) customizable
-
3 course modules on GCP, AWS and Azure + 1 module dedicated to Kubernetes
-
4 complete and individual environments
Public and prerequisites
This training is suitable for people with notions of offensive security but no prior experience in cloud environments. It is aimed primarily at pentesters, system administrators, security architects and developers, but also at any technical profile wishing to enrich their professional career with a security component.
-
Pentesters
-
System administrators
-
Security architects
-
Developers
Good network and Unix knowledge and notions of web intrusion are recommended.
Content
Day 1
Fundamentals: cloud terminology, infrastructure services, network topology, identity and access management, authentication mechanisms ( OAuth ), reminders of Linux security mechanisms ( namespaces, cgroups, seccomp, LSM ), OSINT.
Day 2
Google Cloud Platform: architecture ( organization, folders, projects, resources, regions, and zones), IAM ( permissions, roles, principals, and policies ), authentication ( OAuth 2.0, JWT ), using the gcloud CLI, service discovery methods, abuse of rights on buckets, App Engine and instance implementations ( metadata abuse ), elevation of IAM privileges, network reconnaissance ( VPC, firewall, VPN, peerings ), post-exploitation ( delegation on the domain, bounce on Workspace ), analysis events.
Day 3
Amazon Web Services: architecture ( organization, accounts ), IAM ( identity types, role assumption, policies ), aws CLI usage, service discovery methods, unauthenticated identity enumeration, S3 bucket rights abuse, EC2 ( metadata, lateral movements and poisoning of SSM agents ), Lambdas ( runtime API, persistence, data exfiltration ), Cognito ( user and identity pools ) IAM privilege escalation, network reconnaissance ( VPC, network ACL, security groups ) , persistence ( modification of IAM policies, role chain juggling ).
Day 4
Azure: architecture ( tenants, management groups, subscriptions ), Azure AD ( identity types, access management, Azure AD and RBAC roles ), synchronization in hybrid environment ( PHS, PTA, ADFS ), unauthenticated discovery, use of azure CLI and Az module, authenticated discovery ( ROADrecon, AzureHound ), blob storage implementation, key vault, virtual machines, lateral movements ( Vnet, bastions ).
Day 5
Kubernetes: architecture ( containers, pods, nodes, internal services ), recognition, authentication ( password, certificates, tokens ) and authorizations ( node, ABAC, RBAC, WebHook ), kubectl CLI usage, pod templates and controllers, escapes ( namespaces, PSP, PSA ), network concepts ( ingress, pod to pod, CNI, policies ).