Cursos

Hacking and Securing Cloud Infrastruture

1,125.00 +Iva

Dias: 2
Duração: 12 horas
Próxima Data: 28/02/2022 a 03/03/2022
Área: Cybersecurity
Certificação Associada: 156-406 – Check Point Certified PenTesting Expert – Cloud Security (CCPE-C)
Local: Lisboa e Porto

*Curso disponível em Live Training

Quero inscrever-me
REF: NSSHSCI Categoria: Etiqueta:

Descrição

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.

Prior pentest / security experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common Unix command line syntax will be beneficial.

Destinatários

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to next level.

Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and a familiarity with common command line syntax will be greatly beneficial.

Programa

Module 1: INTRODUCTION TO CLOUD COMPUTING

• Introduction to cloud and why cloud security matters
• Comparison with conventional security models
• Shared responsibility model
• Legalities around Cloud Pentesting

Module 2: ENUMERATION OF CLOUD ENVIRONMENTS

• DNS based enumeration
• OSINT techniques for cloud-based asset

Module 3: GAINING ENTRY IN CLOUD ENVIRONME

• Serverless based attacks (AWS Lambda / Azure & Google functions)
• Web application Attacks
• Exposed Service ports

Module 4: ATTACKING SPECIFIC CLOUD SERVICES

• Storage Attacks
• Azure AD Attacks
• Containers and Kubernetes Clusters
• IAM Misconfiguration Attacks
• Roles and permissions-based attacks
• Attacking Cognito misconfigurations

Module 5: POST – EXPLOITATION

• Persistence in Cloud
• Post exploit enumeration
• Snapshot access
• Backdooring the account

Module 6: AUDITING AND BENCHMARKING OF CLOUD

• Preparing for the audit
• Automated auditing via tools
• Golden Image / Docker image audits
• Relevant Benchmarks for cloud

Module 7: DEFENSE: IDENTIFICATION OF CLOUD ASSETS

• Inventory Extraction for AWS, Azure and GCP
• Continuous inventory management

Module 8: DEFENSE: PROTECTION OF CLOUD ASSETS

• Principle of least privilege
• Control Plane and Data Plane Protection
• Financial Protections
• Metadata API Protection
• Cloud specific Protections
• Windows / Linux IaaS auditing

Module 9: DEFENSE: DETECTION OF SECURITY ISSUES

• Setting up Monitoring and logging of the environment
• Identifying attack patterns from logs
• Monitoring in multi-cloud environment

Module 10: DEFENSE: RESPONSE TO ATTACKS

• Automated Defense techniques
• Cloud Defense Utilities
• Validation of Setup

Pré-requisitos

Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.

Outras datas

07/04/2022 a 08/04/2022