Trainer Name: Jayesh Singh Chauhan , Divyanshu Shukla

Title: Defending and Securing the AWS Cloud

Duration: 4 days (4 hrs each day)

Dates: Dec. 19, 2022 To Dec. 22, 2022

Time: 10 a.m. To 2 p.m. IST

Training Objectives

The rapid adoption of cloud services with ever-growing numbers of AWS services has left the security team with the lion's share of work to identify, analyze and secure an organization's assets across multiple clouds. Multiple cloud accounts and the adoption of "hybrid" cloud environments have added more stress to the whole equation of securing cloud infrastructures. The security team has to cater to the growth and adoption of different services in the cloud and make sure that there is no hole left to get into the infrastructure and do a lateral movement.

Cloud Infrastructure security has multiple pieces including but not limited to, threat modeling the infrastructure, understanding holes in services as they get adopted, writing proactive hardened policies, and making sure that if someone misses a configuration then proactively monitor the configuration and network to enforce security back and do all of this while enabling the business. While infrastructure configuration has to be monitored and secured on a regular basis, hardening OS, CI/CD, containers, and Kubernetes clusters also become an integral part of the security team's realm.
"As many services" is directly proportional to "As many avenues to abuse"!

This training approaches cloud security with a multilayer approach by understanding the perimeter of assets/services, securing cloud-native security services, and getting into the detailed security of every important asset/service/instance.

While cloud-native security solutions are relatively easier to implement and are optimized as per their respective environments, this training doesn't limit the security to native solutions. The training gives an equal amount of open source options to implement a similar or better security posture without depending on cloud-native security services and enables the organization to have more granular control over the security of their infrastructure.

Training level: Basic;Intermediate

Training Outlines

Introduction to AWS and its services
Roles and Policies
  • Understanding Managed Policies
  • Writing custom policies
  • Roles and how they leverage policies
Securing IAM
  • AWS IAM and its structure
  • Privilege escalation attacks
  • Designing robust IAM
AWS Trusted Advisor
  • Analysing Trusted Advisor findings
  • Limitations of Trusted Advisor
Auditing cloud resources
  • Achieving CSPM with multiple open source tools
AWS Guard Duty
  • GuardDuty setup and its pricing
  • Generating real-time findings
  • Analysing the real-time findings and actions against them
AWS Inspector
  • Setting up AWS inspector to continuously scan instances
  • Scanning a specific range of EC2 instances
AWS WAF shield
  • Various endpoints where WAF can be attached
  • Setting up WAF to safeguard a vulnerable web application
  • AWS managed rules and third-party rules
  • Writing Custom WAF rules
  • AWS WAF limitations
WAF testing
  • How to test an application with AWS WAF in place
  • Common attack scenarios
  • Cost attached with WAF and how to spike up victim’s WAF cost
  • Leveraging WAF exceptions for workflow continuity
AWS Cognito
  • Cognito and its usage
  • Cognito misconfiguration and attacks
Setting up a SIEM
  • Open Source SIEM manager dashboard
  • Achieving various security compliances with open source
  • Installing agents on EC2 instances and non-cloud endpoints
  • Scaling deploying of SIEM agents across all instances in AWS
Subdomain takeover detection
  • Detecting vulnerable assets using open source tools
  • Automating the detection
SSRF Metadata attack
  • Abusing IMDSv1
  • Security with IMDSv2
  • Patching IMDSv1 at scale
AWS Lambda Security
  • Vulnerable Lambda application setup
  • Abusing serverless vulnerabilities
  • Securing serverless architecture
AWS attack case studies
Hardening OS
  • Auditing ec2 instances with multiple open source
CI/CD enforced security
  • Integrating scans with CI/CD pipeline
  • Setting up deployment checkpoints using open sources
Sensitive keys in code
  • Scanning code for sensitive information using open source tools
  • Methodologies to patch sensitive hardcoded data
  • Writing custom checks for specific sensitive keys format
Docker Security
  • Docker and its architecture
  • AWS native cloud security services for container scanning
  • Docker scanning - Static and Dynamic
Kubernetes Security
  • Kubernetes and its architecture
  • Setting up a vulnerable Kubernetes cluster
  • CIS benchmark scanning and beyond
Cloud CTF

Who Should Attend?

Security Analysts, System Administrators, Pentesters, Cloud Engineers, DevOps Engineers, or anyone who is interested in securing AWS

What to Bring?

  • A laptop with administrative privileges
  • Unfiltered Internet Access
  • Minimum 4GB RAM and 50 GB free hard disk space
  • (Windows Users) Putty and WinSCP

Training Prerequisite

  • Active personal AWS accounts with a credit card attached
  • Familiarity with ssh, git, and Linux basics

What attendees will be provided?

  • Custom AWS AMIs
  • Notes of Hands-on exercises
  • Access to CTF for two week
  • CTF solutions

What to Expect?

  • In-depth understanding of critical AWS services
  • Auditing of Cloud Infrastructure
  • Hardening of Cloud Infrastructure with a multi-layered approach
  • Continuous monitoring capabilities of security posture in AWS

What not to expect?

  • Test AWS accounts

About the Trainer

Jayesh Singh Chauhan is a security professional with 11 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, and PwC, and was the Director of Product Security at Sprinklr Inc in his last job. He currently runs his own Cloud Security Training and Consultancy firm - Cloudurance Security(cloudurancesecurity.com)

He has been a trainer at conferences like Blackhat USA, AppSec NZ, and Nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, and RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEF CON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.

Divyanshu Shukla is a Senior security engineer with more than 5 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. He has also given training and seminars in events like Nullcon, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.