Learning path

Attacking and Defending AWS

Emulate attackers’ tools and techniques to compromise AWS services and understand defensive mitigations to prevent these attacks.

Modules
5
Hands-on labs
17
Difficulty level

intermediate

Path Attacking and Defending AWS

Learn how attackers compromise AWS environments.

  • Compromise EC2 instances
  • Reduce the privileges of policies
  • Abuse Lambda Authorizers
  • Enumerate IAM users
Example learning path completion certificate

Complete this learning path and earn a certificate of completion.

Introduction

Amazon Web Services is the most popular cloud service provider in the world offering hundreds of services. With a large number of businesses adopting cloud technologies like AWS, cyber practitioners must understand the security implications of moving to the cloud.

This pathway will give you hands on access with common misconfigurations across AWS environments and understand defensive mitigations to prevent these attacks including

  • identifying, enumerating and exploiting overly permissive IAM users, roles and policies
  • exploring serverless infrastructure and common attack vectors present within these services
  • exploiting weaknesses in the most common AWS services including S3, EC2, VPC and more

Section 1

Introduction to AWS

Room AWS: Cloud 101AWS: Cloud 101Room AWS Basic ConceptsAWS Basic Concepts

Section 4

Attacking and Defending Serverless

Room AWS LambdaAWS LambdaRoom Lambda - Data ExfiltrationLambda - Data ExfiltrationRoom AWS API GatewayAWS API Gateway

Section 5

IAM Privilege Escalation

Room AWS IAM EnumerationAWS IAM EnumerationRoom AWS IAM Initial AccessAWS IAM Initial Access

We use cookies to ensure you get the best user experience. For more information contact us.

Read more