AWS Penetration Testing course

AWS Penetration Testing & Security

Course PDF:

Course Overview

The Amazon Web Services (AWS) Penetration Testing training course is designed to help candidates with the skills required to perform penetration testing on one of the most popular Cloud Computing platforms. This Practical-focused training includes an overview of AWS Services like computing, storage, networking, databases, and security, after which we participants will explore the concepts of Penetration Testing on AWS services. Most organizations have misconfigured policies for AWS services such as S3, EC2, Lambda, VPC, RDS, EBS, etc., which attackers can exploit. So this course is designed to help you identify the misconfigurations in AWS-configured policies and help in understanding the underlying security architecture. Practical cloud pentesting skills will be reinforced through hands-on labs and real-world scenarios. By the end of the course, learners will gain a solid understanding of AWS architecture and how to secure it.

Syllabus

Chapter I- Introduction to AWS Cloud and Security
  • Basics of AWS and cloud computing
  • Shared Responsibility Model
  • Cloud service models (IaaS, PaaS, SaaS)
  • NIST Cloud Architecture
  • Key AWS services overview (EC2, S3, IAM, RDS, Lambda, etc.)
  • Introduction to AWS global infrastructure
  • Key terminology: Regions, Availability Zones, Budget
  • AWS penetration testing policy and scope
  • Permissible vs prohibited activities
  • Methodology and ethics of cloud penetration testing
Chapter II- Configuring the Lab Environment
  • Creating a Free Tier AWS Account
  • Setting up Budget Alerts
  • Installing and Configuring the AWS CLI
  • Enabling Autocomplete for the AWS CLI
  • Installing CloudGoat
  • Installing Pacu
  • Creating Free Accounts on Cybr and Pwned Labs
Chapter III- Understanding IAM in AWS
  • IAM Users, Groups, and Roles
  • IAM Policies (JSON structure and permission boundaries)
  • AWS STS and temporary credentials
  • MFA and IAM best practices
  • Principle of least privilege
  • 3.4 User and Policy Enumeration
  • 3.5 Group and Role Enumeration
  • Using Pacu to Automate Enumeration
  • Challenge Labs
  • IAM Security Guidelines
Chapter IV- AWS S3 Buckets
  • Introduction to S3
  • Creation and Management of S3 Buckets
  • Utilizing S3 for Object Storage and Ensuring Data Consistency
  • S3 Security Measures and Bucket Policies
  • Implementing S3 Versioning
  • Identifying, Listing, and Downloading from Buckets
  • Challenge Labs
  • S3 Security Guidelines
Chapter V- Network Security in AWS
  • Virtual Private Cloud (VPC) fundamentals
  • Security Groups vs Network ACLs
  • Subnetting and route tables
  • NAT Gateways, Internet Gateways, and Bastion Hosts
  • VPN and Direct Connect security
  • VPC peering and PrivateLink
Chapter VI- AWS Lambda
  • Introduction to Serverless Architecture
  • Creation and Deployment of Lambda Functions
  • Integration of Lambda with Other AWS Services
  • Utilizing Event Triggers
  • Lambda Enumeration (Console)
  • Lambda Enumeration (CLI / Pacu)
  • Challenge Labs
  • Lambda Security Guidelines
Chapter VII- AWS EC2 Service
  • Initiating and Setting Up EC2 Instances
  • Understanding EC2 Instance Types and Their Use Cases
  • Management of EC2 Instances and Security Groups
  • Launching Windows and Linux Instances
  • Configuration of Web Servers
  • Implementing Elastic IP
  • Load Balancing Varieties with EC2
  • Auto Scaling Applications with EC2
  • Snapshots of Volumes and Instances
  • EC2 Enumeration (Console)
  • EC2 Enumeration (CLI / Pacu)
  • Challenge Labs
  • EC2 Security Guidelines
Chapter VIII- Data Security and Encryption
  • Data classification and handling
  • Encryption at rest and in transit
  • AWS S3 bucket policies and public access settings
  • Using AWS KMS and customer-managed keys
  • Secrets Manager
Chapter IX- AWS Privilege Escalation
  • Overview of Privilege Escalation in AWS
  • Challenge Labs
  • Security Guidelines
Chapter X- AWS Security Tools and Services
  • AWS Security Hub
  • AWS CloudTrail
  • AWS CloudWatch
  • AWS Inspector
  • AWS GuardDuty
  • AWS KMS (Key Management Service)
  • AWS WAF and AWS Shield
Chapter XI- Capstone Challenges
  • Real-world Lab Introduction
  • Setting up a real-world lab
  • Identifying vulnerabilities
  • Exploiting vulnerabilities
Chapter XII- AWS Security Best Practices and Hardening
  • Securing root account and credentials
  • Logging and monitoring best practices
  • Hardening EC2, S3, IAM, and Lambda
  • Real-world misconfigurations and lessons learned

Download the PDF

AWS Penetration Testing & Security Syllabus- CyberiumX
Book a Demo