Trainer Name: Riyaz Walikar , Rohit Jadav
Title: Breaking and Pwning Apps and Servers on AWS and Google Cloud – Post Pandemic Edition
Duration: 3 Days
Dates: Sept. 6, 2022 To Sept. 8, 2022Sold Out
About 60% of the world's cloud infrastructure is shared between AWS, Azure, and GCP. More and more organizations are moving their infrastructure to the cloud with the promise of scalability, robustness, higher resource bandwidth for far less, ease of use, and security.
With this shift, there is an ever-increasing demand for cloud security professionals to be able to securely design, implement, defend, attack, and repair cloud configurations and services. A lot of enterprises operate entirely on the cloud and with everyone learning to work remotely, there are additional challenges that come into play when dealing with security.
The current state of the industry creates a need for security testers, Cloud/IT admins, and people tasked with the role of DevSecOps to learn - how to effectively attack and test their cloud infrastructure before the bad guys. Security vendors need to hire folks who specialize in conducting cloud penetration tests and configuration reviews all the while expanding in scope and services.
In this Post Pandemic version of tools and techniques-based training, we will cover attack approaches, create your attack arsenal in the cloud, and distilled deep dive into AWS and Google Cloud services and concepts that should be used for security. Attacks on the Azure cloud will be mentioned when similar attack scenarios are being covered for AWS and Google Cloud.
The training covers a multitude of scenarios taken from our vulnerability assessment, penetration testing, and OSINT engagements which take the student through the journey of discovery, identification, and exploitation of security weaknesses, misconfiguration, and poor programming practices that can lead to complete compromise of the cloud infrastructure.
The training is meant to be hands-on training with guided walkthroughs, scenario-based attacks, and coverage of tools that can be used for attacking and auditing. Due to the attack, and focused nature of the training, we will not be spending a lot of time on security architecture, defense-in-depth, etc. While mitigations will be covered, we will point out the relevant security documentation provided by the cloud provider for further self-study.
We expect the trainees to bring their own AWS and Google Cloud account for the training. We will be providing detailed instructions on how to ensure that you are ready to tackle the class before you arrive for it.
Training level: Intermediate
Day 1 (Cloud Compute, Serverless, Load Balancers, and Kubernetes)
Day 2 (Cloud Storage, Cloud Databases, and IAM)
Day 3 (OSINT, Cloud Networking, Security tools, CTF)
Riyaz Walikar is the Chief Hacker and Co-Founder at Kloudle, a cloud security SaaS product used by Engineers to automate cloud security so that they can go back to focusing on building great stuff! He also serves as a Technical and Strategic Advisor at Appsecco. He has over a decade of experience in offensive security, hacking his way into web applications, mobile apps, wireless networks, thick clients, and cloud and container-based infrastructure.
As part of his professional career, he has led security testing teams at Microland, PwC, Citrix, and Appsecco. He likes to evangelize cybersecurity and has been a speaker/trainer and multiple hacker conferences around the world including BlackHat, DefCON, OWASP AppsecUSA, Nullcon, and c0c0n.
He has co-authored 2 books and loves teaching cybersecurity which he does through various online blogs and publications, in-person and online training programs, community talks, conference presentations, and beer sessions.
When he is not writing/breaking code, you can find him dabbling in photography, playing video games, googling for weight loss solutions, stargazing, or laughing at his own jokes.
Rohit is a Cloud security team lead with Appsecco. He has a strong passion for information security and has 7 years of experience in the field. His areas of expertise are Application Security, Infrastructure security, Reconnaissance, and Cloud security. He has led penetration testing engagements in many countries and performed numerous onsite engagements. He is an active member of the null open security community.