SEC588: Cloud Penetration Testing

Overview

SEC588 will equip you with the latest in cloud-focused penetration testing techniques and teach you how to assess cloud environments. The programme dives into topics like cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, and containers, as well as identifying and testing in cloud-first and cloud-native applications. You will also learn specific tactics for penetration testing in Azure and Amazon Web Services, particularly important given that AWS and Microsoft account for more than half the market. It's one thing to assess and secure a data center, but it takes a specialised skillset to truly assess and report on the risk that an organisation faces if its cloud services are left insecure.

Key Takeaways

At the end of this programme, you will be able to draw from many skill sets that are required to properly assess a cloud environment. If you are a penetration tester, the programme will provide a pathway to understanding how to take your skills into cloud environments. If you are a cloud-security-focused defender or architect, the programme will show you how the attackers are abusing cloud infrastructure to gain a foothold in your environments.

The programme dives into topics of classic cloud Virtual Machines, buckets, and other new issues that appear in cloud-like microservices, in-memory data stores, files in the cloud, serverless functions, Kubernetes meshes, and containers. The programme also covers Azure and AWS penetration testing, which is particularly important given that AWS and Microsoft account for more than half of the market. The goal is not to demonstrate these technologies but rather to teach you how to assess and report on the actual risk that the organization could face if these services are left insecure.

Who Should Attend

• Please refer to the job roles section.
• Both attack-focused and defense-focused security practitioners will benefit greatly from SEC588 by gaining a deep understanding of vulnerabilities, insecure configurations, and the associated business risk to their organizations. This programme benefits Penetration Testers, Vulnerability Analysts, Risk Assessment officers, DevOps Engineers, Site Reliability Engineers, and those working in many other areas.

Prerequisites

This programme has many labs, so it is critical that you come prepared with the following base level of knowledge:

1. Familiarity with Linux bash - Not expert level, but a base understanding.
2. Basic familiarity with Azure and AWS CLI tools - Watching a simple introductory video will suffice.
3. Base understanding of networking and TCP/IP.
4. Rudimentary understanding of the Metasploit CLI console.
5. Understanding how pivots work.