Offensive Cloud Security Eğitimi

  • Eğitim Tipi: Classroom / Virtual Classroom / Online
  • Süre: 2 Gün
  • PDF indir
  • Bu eğitimi kendi kurumunuzda planlayabilirsiniz. Bize Ulaşın!
En Yakın Tarih

20 Ocak 2021

2 Gün

This 2-day course cuts through the mystery of Cloud Services (including AWS, Azure and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing a traditional network infrastructure.

Designed for Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, Security Auditors, security enthusiasts and anyone who wants to take their skills to next level.

Prior pentest / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.

Learning Outcomes

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Course Outline

INTRODUCTION TO CLOUD COMPUTING

  • What is cloud and Why it matters
  • Types of clouds and cloud services
  • What changes from conventional security models
  • Shared responsibility model (pizza as a service v2.0)

ATTACKING CLOUD SERVICES

  • Conventional vs cloud infra assessment
  • Legalities around Cloud Pentesting
  • How to approach pentesting cloud services
  • Understanding Metadata API
  • Understand the attack surface in each type of cloud
  • Enumerating for cloud assets

GAINING ENTRY IN CLOUD ENVIRONMENT

  • Lambda attacks
  • Web application Attacks
  • Exposed Service ports

ATTACKING SPECIFIC CLOUD SERVICES

  • Storage Attacks
  • Azure AD Attacks
  • Financial Attacks
  • IAM Attacks : Shadow admins
  • Dormant assets
  • Google Dorking in Cloud Era

POST - EXPLOITATION

  • Maintain access after the initial attack
  • Post access asset enumeration
  • Extracting secrets from Snapshot access

DEFENDING THE CLOUD ENVIRONMENT

  • Setting up Monitoring and logging of the environment
  • Catching attacks using monitoring and logging
  • Metadata API Protection

HOST BASE DEFENCES FOR IAAS

  • Windows server auditing
  • Linux Server Auditing

AUDITING AND BENCHMARKING OF CLOUD

  • Prepare the environment for the audit
  • Automated auditing using open source tools
  • Golden Image / Docker image audits
  • Relevant Benchmarks for cloud
  • Continuous inventory monitoring
  • Continuous monitoring to Detect changes in cloud environment


Eğitimlerle ilgili bilgi almak ve diğer tüm sorularınız için bize ulaşın!

Yakın tarihte açılacak eğitimler

Sınıf eğitimlerimizi İstanbul, Ankara ve Londra ofislerimizde düzenlemekteyiz. Kurumunuza özel eğitimleri ise, dilediğiniz tarih ve lokasyonda organize edebiliriz.

20 Ocak 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
İstanbul, Ankara, Londra

08 Mart 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
İstanbul, Ankara, Londra

17 Mayıs 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
İstanbul, Ankara, Londra

08 Haziran 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
İstanbul, Ankara, Londra

27 Eylül 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
İstanbul, Ankara, Londra

22 Kasım 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
İstanbul, Ankara, Londra

İlgili Eğitimler

Certified in The Art of Hacking

Securing customer data is often crucial when deploying and managing web applications and network i...

  • Classroom
  • Virtual Classroom
  • Online

5 Gün

Application Security for Developers

Security testing (Pen Testing) as an activity tends to capture security vulnerabilities at the end...

  • Classroom
  • Virtual Classroom
  • Online

2 Gün

Practitioner Certificate in Cloud Security

This five day Certified Cloud Security Practitioner course is focused on Cloud Security, encompass...

  • Classroom
  • Virtual Classroom
  • Online

5 Gün

Web Hacking Black Belt Edition

NotSoSecure is pleased to launch their much awaited advanced Web Hacking course. Much like the Adv...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Advanced Infrastructure Hacking

An Advanced Infrastructure Hacking class, new for 2017, designed for those who wish to push their...

  • Classroom
  • Virtual Classroom
  • Online

5 Gün

Security Engineering on AWS

Bu eğitim, AWS Bulutu’nda güvenli kalabilmek için AWS güvenlik hizmetlerinin nasıl etkin bir şekilde...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Microsoft Azure Security Technologies

Bu eğitimde katılımcılar güvenlik kontrollerini uygulamaya koymak, güvenlik duruşunu korumak ve çeşi...

  • Classroom
  • Virtual Classroom
  • Online

4 Gün