AWS KILL CHAIN

Price:

From €990

Duration:

2 days

Level:

Basic / Medium

Trainer

Christian Martorella

Christian Martorella has been working in the field of information security for the last 17 years. He is currently working as Head of Product Security for Skyscanner. He has also worked as Principal Program Manager in the Skype Product Security team at Microsoft, and Practice Lead of Threat and Vulnerability for Verizon Business, where he led a team of consultants delivering security testing services in EMEA for a wide range of industries, including financial services, telecommunications, utilities and government. Christian has been exposed to a wide array of technologies and industries, giving him the opportunity to work in most areas of IT security and gain experience from both sides of the fence. All this provides him with a unique set of cybersecurity skills and insights.

About the training

The AWS Kill Chain course's first day is an intense hands-on experience. It demonstrates the best hacking techniques and tools to exploit common AWS misconfigurations. Things then escalate rapidly on the second day, as students are guided in the compromise of a production grade AWS infrastructure. This is a unique CTF-style challenge where exploitation of servers, containers and applications is the only way to get access to a set of AWS keys. Working out key permissions and exploiting the AWS infrastructure will be the real challenge.

AWSKC is a hands-on course for penetration testers wanting to deep dive into AWS hacking. The course is laser focused on AWS configuration vulnerability patterns to maximize impact. Students will be introduced to AWS native tools, Cloudformation, AWS CLI and API to help penetration testers fully embrace AWS hacking. AWSKC is also a brutal introduction to the world of penetration testing for established AWS DevOps and architects who want to understand how their infrastructure is attacked and learn how to protect it.

Key Takeaways

• Understand and exploit common AWS vulnerabilities
• Learn how to exploit production-grade AWS infrastructure
• Boost your pentesting capabilities for cloud infrastructure
• Learn the best practices for DevOps teams and system architects

Level: Basic/Medium

Duration: 2 days

Prerequisites:
• Pentest or AWS admin and architecture
• Web protocols such as DNS, SSL and familiarity with python are recommended