What you'll learn

Understand the fundamentals of AWS security and architecture
Identify vulnerabilities in AWS environments
Exploit vulnerabilities in AWS environments
Recommend mitigation strategies to secure AWS environments
Understand AWS pentesting methodology and tools
Perform automated AWS pentesting
Report and present AWS pentesting results

Course content

4 sections • 25 lectures • 8h 47m total length

Course Overview4:38
AWS Pentesting Policy17:24
Learn the AWS pentesting policy: obtain permission, test permitted services, avoid infringing AWS infrastructure, and responsibly use tools within authorized windows.
AWS Keys22:58
Explore how AWS keys function as credentials for programmatic access, including access key, secret key, and security token for access. Learn where they are stored and how leaks occur.
IAM Security Issues20:42
Explore identity and access management in AWS, focusing on users, roles, policies, and permissions. Highlight security concerns such as weak passwords, missing MFA, rotating keys, and over-permission with S3 access.
S323:56
EC215:57
Lambda12:47
ARNs17:05

AWS CLI21:07
Pacu24:36
AWS Bucket Dump20:51
Explore how AWS bucket dump uses a Python tool to brute-force and download open S3 buckets, uncovering secrets and downloadable files with word lists and grep options.
GrayhatWarfare13:03
Explore gray hat warfare, a web app for AWS pentesting that enumerates S3 buckets and reveals exposed contents with keyword searches, helping identify sensitive information and misconfigurations.

Flaws: Level119:39
Explore flaws.cloud level one by auditing an S3 bucket, discovering open buckets through DNS and NS lookups, using AWS CLI to enumerate objects, and retrieving a secret file.
Flaws: Level218:45
Flaws: Level324:07
Flaws: Level430:27
Explore aws pentesting level 4 by verifying an ec2 instance, identifying a snapshot, creating and attaching a volume from that snapshot, and extracting credentials for post-exploitation testing.
Flaws: Level525:28
Flaws: Level 632:46
Explore flaws level six in AWS pentesting by discovering and analyzing policies, roles, and resource permissions, then test lambda and API gateway access with AWS CLI.

Configure CloudGoat13:50
Install and configure cloud goat to spin up misconfigured aws resources for hands-on security testing, using python, terraform, aws cli, and lambda privacy scenarios.
IAM PrivEsc by Rollback22:22
Explore how rolling back to a previous policy version reveals IAM privilege escalation opportunities by examining attached user policies, policy versions, and the impact of default versions in AWS.
Lambda PrivEsc21:25
Lambda PrivEsc Pt 220:38
Cloud Breach S324:50
Start with only an IP address to reveal an AWS EC2 instance, scan ports, and explore the EC2 metadata service for credentials before accessing S3 buckets with cardholder data.
IAM PrivEsc by Attachment31:07
Explore privilege escalation in AWS by attaching instance profiles and IAM roles to an EC2, then test elevating permissions using meek and mighty roles.
EC2 SSRF27:26

Requirements

It is recommended that learners have completed AWS foundational courses such as AWS Certified Cloud Practitioner or AWS Certified Solutions Architect - Associate before enrolling in the AWS Pentesting course. Additionally, learners should have a good understanding of Linux command-line tools and basic scripting skills.

Description

The AWS Pentesting course is designed to provide learners with the knowledge and skills required to conduct penetration testing on AWS (Amazon Web Services) cloud environments. The course covers various topics related to AWS security, including AWS architecture, identity and access management (IAM), network security, and data protection.

AWS Pentesting, or Amazon Web Services Penetration Testing, is a specialized cybersecurity course that focuses on identifying and exploiting vulnerabilities in AWS infrastructure.

In this course, you will learn the fundamentals of cloud computing and the unique security challenges associated with AWS environments. You will gain hands-on experience with various AWS services and tools, including EC2 instances, S3 buckets, IAM roles, and more.

The course will cover a range of advanced techniques for conducting vulnerability assessments and penetration testing, such as network scanning, web application testing, and privilege escalation. You will also learn how to identify common misconfigurations and weaknesses in AWS security controls, and how to exploit them to gain access to sensitive data and systems.

By the end of the course, you will have a solid understanding of AWS security best practices, and be equipped with the skills and knowledge to conduct effective pentesting engagements in AWS environments.

It is recommended that learners have completed AWS foundational courses such as AWS Certified Cloud Practitioner or AWS Certified Solutions Architect - Associate before enrolling in the AWS Pentesting course. Additionally, learners should have a good understanding of Linux command-line tools and basic scripting skills.

Who this course is for:

Penetration testers
Security analysts
Security engineers
Cloud architects
Security managers

What you'll learn

Explore related topics

Course content

Basic Concepts8 lectures • 2hr 15min

Tools4 lectures • 1hr 20min

Flaws6 lectures • 2hr 31min

CloudGoat7 lectures • 2hr 42min

Requirements

Description

Who this course is for: