Hacking and Securing Cloud Infrastructure | Nullcon Berlin 2022

Trainer Name: Martin Cernac

Title: Hacking and Securing Cloud Infrastructure

Dates: April 5, 2022 To April 7, 2022

Time: 9 a.m. To 5:30 p.m. CEST

Venue: NH Hotel, Alexanderplatz, Berlin-Germany




Note: Regarding COVID-19 safety, Nullcon will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Nullcon will follow all applicable health regulations required by the local and government authorities.

Description

This 3-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G- Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

Note: Students will have access to a state-of-the-art Hacklab with a wide variety of vulnerabilities to practice exploitation and will receive a FREE 1 month subscription after the class to allow more practice time along with the support portal to clear doubts.

Highlights of our Training:

  • Gaining Entry in cloud via exposed services
  • Attacking specific cloud services
  • Post Exploitation
  • Defending the Cloud Environment
  • Host base Defenses
  • Auditing and benchmarking of Cloud
  • Continuous Security Testing of Cloud

Training level: Intermediate

Overview

Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.
Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

Syllabus

  • Introduction to Cloud Computing
    • Introduction to cloud and why cloud security matters
    • Comparison with conventional security models
    • Shared responsibility model
    • Legalities around Cloud Pentesting
    • Attacking Cloud Services
  • Enumeration of Cloud environments
    • DNS based enumeration
    • OSINT techniques for cloud based asset
  • Gaining Entry via exposed services
    • Serverless based attacks (AWS Lambda / Azure & Google functions )
    • Web application Attacks
  • Attacking specific cloud services
    • Storage Attacks
    • Azure AD Attacks
    • IAM Misconfiguration Attacks
    • Roles and permissions based attacks
    • Attacking Incognito misconfigurations
  • Exploiting Kubernetes Clusters and container as a service
    • Understanding how container technology works
    • Exploiting docker environments and breaking out of containers
    • K8s exploitation and breakouts
    • Exploiting misconfigured containers
  • Post – Exploitation
    • Persistence in Cloud
    • Post exploit enumeration
    • Snapshot access
    • Backdooring the account
  • Auditing and Benchmarking of Cloud
    • Preparing for the audit
    • Automated auditing via tools
    • IaaS Auditing Windows and *nix Environments
    • Golden Image / Docker image audits
    • Relevant Benchmarks for cloud
  • Defending the Cloud Environment
    • Identification of cloud assets (AWS, Azure and GCP)
    • Protection of Cloud Assets
      • Principle of least privilege
      • Control Plane and Data Plane Protection
      • Metadata API Protection
    • Detection of Security issues
      • Setting up Monitoring and logging of the environment
      • Identifying attack patterns from logs *
      • Real time monitoring of logs *
    • Response to Attacks
      • Automated Defense techniques
      • Cloud Defense Utilities
      • Validation of Setup
    • Purple teaming where red and blue exchange notes
    • CTF to reinforce learning

*Demo will be shown by the instructor, Lab time will be provided if time permits. Extended Lab access will be available for 30 days after the class.

KEY TAKEAWAYS

Students will gain knowledge of attacking, exploiting and defending a variety of Cloud infrastructure. First, they will play the part of the hacker, compromising serverless apps, cloud machines, storage and database services, dormant assets and resources.

Students will learn privilege escalation and pivoting techniques specific to cloud environments. This is followed by Infrastructure Defense, secure configuration, auditing, logging, benchmarks.

Students will learn preventive measures against cloud attacks, host-based defense and a number of cloud tools that can help in securing their services and resources. Apply the learning to:

  • Identify weaknesses in cloud deployment
  • Fix the weaknesses in your cloud deployment
  • Monitor your cloud environment for attacks

The free 30 day lab access provides attendee surplus time to learn advanced topics in their own time and at their own pace.


WHO SHOULD TAKE THIS COURSE

Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to the next level.

Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common command line syntax will be greatly beneficial.

STUDENT REQUIREMENTS

Students must bring their own laptops and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre-installed. A customized version of Kali Linux (ova format) containing custom tools and the scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.

WHAT STUDENTS SHOULD BRING

See Student requirement

WHAT STUDENTS WILL BE PROVIDED WITH

Numerous scripts and tools (some public and some NotSoPublic) will also be provided during the training, along with the student handouts.

Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.

About the Trainer

Martin joined the UK NotSoSecure team in 2021. He works with a wide range of NotSoSecure clients, delivering training on topics covering application and cloud security, DevSecOps and infrastructure. Martin also delivers training at large conferences, including Black Hat Europe and Las Vegas. Another part of his role revolves around penetration testing of web applications, infrastructure and networks. He is also involved in Red Team assessments appraising system and network vulnerabilities with little or no prior knowledge of them. Finally, he participates in research efforts concerning new application security threats with some of his research being published on the NotSoSecure blog.