Remote Training (Dec 7-8) : DevSecOps Masterclass 2020 Discoverer Edition Register Now

AWS Security

Is securing AWS akin to securing traditional infrastructures? The short answer: no. The long answer is in this course.

Training Objective and Course Overview

There is a popular misconception that all services that are deployed in Cloud Environments are automatically secure. This is untrue. Cloud Environments can be vulnerable and exposed to compromise similar to self-hosted, on-prem environments. The major difference is that the techniques and approaches that attackers use to compromise on-prem environments differ from cloud-native deployments and environments. Security on Amazon Web Services is often treated similar to enterprise security, but this is not a scalable or effective strategy. Our trainings on AWS are designed to give you powerful hands-on and practical perspective of AWS Security and its implementations

What attendees will learn

The Attacking Cloud Native Stacks - AWS Class, is a hardcore, hands-on training that gives you a 100% offensive perspective of attacking cloud-native services on AWS environments. This training is a collection of techniques that is very useful to red-teamers, pentesters and other infosec professionals at large. Participants will learn various methods of Recon, Mapping, Vulnerability Discovery, Exploitation and Post-Exploitation techniques that are specific to Cloud-native environments on AWS. You will learn by deploying intentionally-vulnerable deployments on your AWS account and learn how you can exploit these vulnerabilities, perform Privilege Escalation on the cloud and use those techniques in real-world AWS environments

In our AWS Cloud Security Automation Class, we focus on automating cloud infrastructure, with security being front and center. The class is an intermediate/advanced deep-dive into automation techniques and implementation possibilities against traditional server-based stacks to more new-age micro service and Cloud-Native stacks.

Training Variants

  • Cloud and Cloud Security - An Overview
  • Shared Responsibility Model - An Introduction
  • Legal Considerations and Rules of Engagement for Cloud Pentesting and Red-Teaming Engagements
  • Overview of the Offensive Cloud Threat Model
  • Reconnaissance and Mapping for Cloud-Native deployments
  • Enumerating resources on S3 and other Object Storage APIs (Digitalocean Spaces, Azure Block Blobs, GCP Cloud Storage)
  • Github Recon techniques to identify exposed Cloud credentials and accounts
  • Set up and Configuration of Vulnerable Labs on Cloud Environment using tools like Terraform and AWS-CDK
  • Hands-on: Privilege Escalation - Cloud-Native Stacks
  • Exploiting SSRF and other RCE flaws (10 different ways) to gain access to IAM Credentials
  • Exploiting Lambda Functions with RCE and SSRF Flaws
  • Financial Exhaustion Attacks against Lambda Functions
  • Hands-on: Access Control Attacks against vulnerable JWT Deployments
  • OAuth Attacks
  • Overview and Introduction to GraphQL
  • Common Security problems with GraphQL Deployments
  • Hands-on: Attacking GraphQL Applications
  • Terraform 101
  • AWS CloudFormation
  • Deploying an intentionally insecure stack with EC2, VPCs and Terraform
  • Securing Server-deployments with AWS Systems Management
  • Setting up Continuous Logging and Monitoring for the stack
  • Cloudwatch Logs
  • CloudTrail API Events
  • Cloudwatch Alerts based on security anomalies
  • Setting up a Continuous Vulnerability Scanning Deployment for the Server environment
  • Detecting Credential Compromise in our EC2 environment
  • Contrasting our insecure deployment with our new, secure deployment
  • Deploying our intentionally vulnerable serverless application on AWS Lambda and DynamoDB and S3
  • Automated discovery and hardening of insecure IAM privileges on Serverless Stack
  • Leveraging Amazon KMS and SSM (Parameter store) to secure sensitive information and KV secrets
  • Setting automated monitoring and event-driven security workflows for our serverless stack

I really appreciate how immersive the events are and think the combination of lecture and labs are great

- Training Attendee, Confidential (Premier University)

I like how the instructors include real world examples and incorporate it into a lab assignment. Our teachers were very knowledgeable about all the topics we covered and they were able to answer all questions asked, and they successfully helped troubleshoot technical issues some users were having with their respective systems

Conference Features

Our Application Security and Cloud Security programs is a regular feature at marquee application security conferences across the world.

Frequently Asked Questions

What are the major concepts covered in this training?

The training covers a host of different concepts some of them being introduction to AWS, typical vulnerabilities in cloud deployments, AWS security features like IAM, securing containerised AWS environments, AWS lambda and continuous delivery with AWS.

Are there any practical sessions in this course or is it mostly theoretical?

This training includes a healthy mix of both theoretical and practical sessions. Therefore while new concepts introduced in the class are discussed in great detail it is followed by real world case studies and hands-on exercises.

Is this training more developer focused or is it security oriented?

The course is beneficial to both development and security teams alike as both offensive and defensive security considerations are covered in this training.

Book your seat for our virtual training and labs

AWS Offensive Edition

2 Days
(6 Hours per day)


Dates Coming Soon ! 

Get Notified

AWS Cloud Security
Automation Recipes

2 Days
(3 Hours per day)


Dates Coming Soon ! 

Get Notified

Would you rather have a private training conducted for your team? Enter your details here

    By checking this box you agree to receive communication on we45's events, product or solution offerings by email to your contact information.

    You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

    By clicking submit below, you consent to allow we45 to store and process your personal data to provide you the requested information.

    Additional Resources

    Sub-Domain Takeover in AWS

    Understand how an unclaimed Amazon Web Services S3 bucket can escalate to a sub-domain takeover with corresponding mitigation strategies and best practices involved.

    How To: Amazon Inspector with Terraform

    Amazon Inspector is a Vulnerability Scanning Service from Amazon that works in an “agent-based” mode against specific Operating Systems on EC2. More on its usage here.

    An Introduction to DynamoDB Injection

    If you are working with AWS Lambda (Serverless), chances are that you would be working with AWS’s NoSQL Database, DynamoDB. Learn about an attack scenario specific to DynamoDB.