• No products in the cart.

HG235 will teach you cloud-focused pen-test techniques and how to assess modern cloud environments. This course dives deep into topics like containers, microservices, serverless functions, in-memory data stores, and Kubernetes meshes , as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics and techniques for pen-testing in Microsoft Azure and Amazon AWS.


ratings )



This Course Includes

4 weeks

Items in Curriculum

Course Badge

Created by

4 weeks
HG235: Cloud Penetration Testing and Ethical Hacking draws from many skill sets that are required to assess a cloud environment. If you are a penetration tester, this course will help you to understanding how to take your pen-test skills into cloud environments. If you are a cloud architect or cloud security expert, this course will teach you how the attackers are abusing cloud infrastructure to gain a foothold in your cloud environments.   This course dives deep into topics like classic cloud Virtual Machines, buckets, and other new issues that appear in cloud-like in-memory data stores, microservices, serverless functions, files over the cloud, Kubernetes meshes, and containers. The course covers Azure and AWS pen-testing. The objective is not to demonstrate these technologies but rather to teach you how to assess and report on the actual risk that the organizations may face if cloud services are left insecure.   You will learn:  
  • Cloud Assessment Methodology
  • Recon at Cloud Scale
  • IP Addressing and Hosts in Cloud
  • Mapping URLs to Services
  • Commonspeak2 and Wordlists
  • Visualizations Aids
  • Asset Discovery Frameworks
  • Hunting for Key Material
  • AWS User Enumerations
  • Username Harvesting in Azure
  • Discovery Open File Shares
  • Postman and Oauth
  • Unauthenticated Fileshares
  • Microsoft Identity Systems
  • Azure Active Directory
  • Authentication Standards in the Web
  • SAML and Golden SAML
  • Microsoft Graph API and Exfiltration
  • Shell Redirections with socat and ngrok
  • AWS Privilege Escalation
  • Attacking with AWS with PACU
  • AWS IAM Privilege Escalation Paths
  • AWS Compute
  • Amazon KMS and Keys
  • PACU for AWS Attack Automation
  • Azure Virtual Machines and Backdoors
  • Backdooring CI/CD Pipelines
  • SSRF on Cloud Environments
  • Command Line Injections
  • SQL Injections in Cloud
  • Attacks on Serverless Functions
  • Databases, NoSQL, and Exposed Ports
  • Gaining Access to Kubernetes Clusters
  • Backdooring Containers
  • Gaining a Foothold into Cloud Environments
  • Credential Stuffing
  • Heavy and Lite Shells
  • Load Balancer and Proxy Abuse
  • Domain Fronting
  • Familiarity with Linux bash scripting
  • Familiarity with Azure and AWS CLI
  • Understanding of networking and TCP/IP.
  • Understanding of the Metasploit CLI console.
  • Understanding how pivots work.

Course Currilcum

2021 © Aristi Cybertech Private Limited. All rights reserved.