Trainer Name: Manish Gupta , Yash Bharadwaj

Title: Attacking Hybrid Multi-Cloud Environment

Duration: 4 days (4 hrs each day)

Dates: May 10, 2022 To May 13, 2022

Time: 10 a.m. To 2 p.m. IST

Sold Out

Training Objective

Enterprises across the globe are moving to the Cloud Technology. The technical understanding and enormous cost of rewriting infrastructure-applied applications to re-platform and work with the new cloud concept is a difficult task. The irregularities caused due to mis-understanding / deficit knowledge of New Cloud Concepts offered by leading Cloud Service Providers like AWS, Microsoft Azure and GCP etc have introduced multiple loopholes easily identified and exploited by Threat Actors to abuse and exploit the organization infrastructure.

CyberWarFare Labs training on "Attacking Hybrid Multi-Cloud Environment" aims to provide the trainees with the insights of the offensive / defensive techniques used by the Red Teamers and Blue Teamers in an Enterprise Cloud Infrastructure.

As an Attacker, trainee will not only understand the advanced Real-World Cyber Attacks against various major Cloud Vendors like AWS, Microsoft Azure, GCP but also simulate Tactics, Techniques and Procedures (TTP's) widely used by APT groups practically in the lab environment. As a Defender, trainee will understand various emerging threats and practically approach how to Defend and Secure the Hybrid Multi-Cloud Infrastructure. They will also practically understand widely used Cloud Security Solutions like AWS GuardDuty, Azure Security Centre and GCP Security Command Canter.

Training level: Basic / Intermediate

Training preview

Please feel free to use the training insights from here :
This architecture can be used during promotion :

Training outline

Part-1 : Introduction about Hybrid Multi Cloud Environment
(Module-1 : On-Prem Active Directory Environment)

  • Active Directory Architecture
  • Active Directory & Kerberos based attacks
  • Active Directory based security controls bypass

(Module-2 : Azure Cloud Environment )

  • Azure Identity : Azure AD & RBAC
  • O365 / Microsoft 365
  • Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)

(Module-3 : AWS Cloud Environment)

  • Identity & Access Management
  • AWS Cloud Services (IaaS, PaaS, SaaS)

(Module-4 : GCP Cloud Environment)

  • GCP Identity & Access Management
  • GCP Cloud Services (IaaS, PaaS, SaaS)
  • Google Suite / Workspace + Cloud Identity

(Module-5 : Hybrid Cloud Environment)

  • ADFS & External IDP
  • Hybrid Connected Devices
  • On-Prem to Cloud, Cloud to Cloud, Cloud to on-prem

Part-2 : Enumeration & Initial Access on Cloud Infrastructure
(Module-1 : Unauthenticated Enumeration)

  • Enumerating Information from DNS Records
  • Enumerating Information from Cloud Vendors
  • Leaked secrets from github
  • Enumeration storage & other information from OSINT

(Module-2 : Initial Access)

  • Exploiting Cloud Services
  • Leaked Credentials
  • Compromising CI/CD pipeline
  • Compromising storage accounts

(Module-3 : Authenticated Enumeration)

  • AWS Services
  • AAD, O365, Azure Services
  • Cloud Identity, Google Workspace, GCP Services

Part-3 : Exploiting Hybrid Multi-Cloud Services
(Module-1 : Persistence Access on Multi-Cloud)

  • AWS : cross account, within account
  • Azure : service principal, cross tenant, AAD
  • GCP : Access organization, Cloud Identity
  • Hybrid - On-Premise AD

(Module-2 : Privilege Escalation)

  • Elevating Privileges on AWS
  • Elevating Privileges on Azure
  • Elevating Privileges on GCP
  • Privilege Escalation from on-prem to cloud
  • Privilege Escalation from cloud to on-prem

(Module-3 : Defensive Evasion)

  • Various Techniques on AWS, Azure & GCP

Part-4 : Lateral Movement
(Module-1 : Lateral Movement from Cloud to on-premise)

  • AWS, GCP, Azure to on-premise

(Module-2 : Lateral Movement from on-prem to cloud)

  • On-prem to AWS, GCP, Azure

(Module-3 : Within Multi-Cloud)

  • AWS, GCP, Azure to each other

Part-5 : Case Study - Red Teaming Hybrid Multi Cloud Environment in Simulated Lab
(Initial Access to Data Exfiltration)

What to Bring?

  • System with at least 8GB RAM having VMWare workstation / VirtualBox installed
  • Updated Web Browser

(Team will share updated documentation 2 weeks prior to the training date.)

Training prerequisites

  • Fair Knowledge of Networking and Web Technology
  • An Open mind ( No prior Cloud knowledge is required)

Who Should Attend?

Targeted Audience may include the following group of people:

  • Penetration Testers / Red Teams
  • Cloud Security Professionals
  • Cloud Architects
  • SOC analysts
  • Threat Hunting Team
  • Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud

What to Expect?

In this training, trainee will perform the following in a large simulated Hybrid Multi-Cloud Red Team platform:

  • Inventory Extraction and Attack Map Design for AWS, Azure, GCP & On-Premise
  • Exploit widely used Cloud Services e.g., O365, G-Suite and Azure AD etc
  • Lateral movement from on-premise to Cloud & vice-versa
  • Backdoor Hybrid Multi-Cloud Environment for Stealth Persistence access
  • Abusing Mis-Configured Cloud Services for Privilege Escalation
  • Exfiltrate Sensitive Data from Hybrid Multi-Cloud Environment
  • Bypassing Security Controls in Multi-Cloud Environment
  • Exploiting Multi-Cloud Environment using Open-Source Exploitation Tools / Framework

What attendees will get?

  • Soft Copy of the Course Content
  • Great Knowledge about the Offensive Cloud Techniques used by adversaries
  • Defense Tactics & Techniques against the discussed offensive techniques
  • 15 days full lab access with technical support during & after the training class
  • Custom automated scripts to setup lab scenarios

What not to expect?

Becoming a Cloud Red Team Expert

About the Trainer

Manish Gupta is the Director of CyberWarFare Labs and has 6.5+ years of expertise in offensive Information Security. Where he specializes in Red Teaming Activities in enterprise Environments. His research interest includes Real World Cyber Attack Simulation and Advanced Persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, c0c0n, BSIDES Chapters, X33fcon, NorthSec & other corporate training, etc.

Yash Bharadwaj, Co-Founder & Technical Architect at CyberWarFare Labs with over 5.5 Years of Experience as a Technologist. Highly attentive towards finding, learning, and discovering new TTPs used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning On-Prem infrastructure & Multi-cloud attacks. Previously he has delivered hands-on red/blue/purple team training/talks/workshops at Nullcon, X33fCon, c0c0n, NorthSec, BSIDES Chapters, OWASP, CISO Platform, and YASCON. You can reach out to him on Twitter @flopyash