Register now for our upcoming December Secure Code Summit! Register Here
Shopping Cart

No products in the cart.

Breaching the Cloud with Beau Bullock

Breaching the Cloud with Beau Bullock

Overview

  • Course Length: 16 hours
  • Support from expert instructors
  • Includes a certificate of completion
  • 12 months access to Cyber Range
Instructor:

This course provides comprehensive insights into cloud-based attack surfaces, a step-by-step methodology for compromising cloud environments, and practical guidance on leveraging open-source tools for effective cloud assessments.

Do you want to level up your cloud penetration testing skills? The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this training course, hacking concepts will be introduced for each of those services.

This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.

Post-compromise techniques of cloud infrastructure differ from the techniques used in typical on-premise environments. You will learn situational awareness techniques that ultimately will impact how you will escalate privileges in the cloud. With most cloud-based authentication being publicly exposed this presents new and interesting persistence techniques that are non-existent to on-premise environments. With productivity tools like G-Suite and Microsoft 365 many organizations are making their email and other data that is normally protected by a firewall available to remote employees. You will learn how to discover, pillage, and exfiltrate data from these services.

Many organizations are fully leveraging cloud services for their production infrastructure. This can include web servers, SQL databases, storage, virtual machines, and more. In this training, you will learn how to assess and compromise these resources. Some cloud deployments are directly connected to on-premise environments via VPN. This presents an opportunity to pivot access from cloud to on-prem or vice-versa.

Finally, in this training, we will not only be attacking cloud infrastructure but also leveraging it for red team operations. You will learn techniques that leverage cloud services for techniques such as phishing, domain fronting, and command & control.

Tools and techniques used on real-world penetration tests against cloud assets will be shared including hands-on demonstrations. At the end of this training, you will have new skills for assessing cloud-based infrastructure!

Virtual (Dec 5th – Dec 6th) – Secure Code Summit

  • December 5th, 2024 9 AM – 6 PM EST
  • December 6th, 2024 10 AM – 6 PM EST

Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO

  • February 4th – 8:30 AM to 5:00 PM MDT
  • February 5th – 8:30 AM to 5:00 PM MDT

Who Should Take This Course

  • Penetration testers
  • Red teamers
  • Cloud security architects
  • Ethical hackers
  • General security practitioners

Audience Skill Level

Everyone. This course somewhat doubles as a general pentesting “crash course” as there are many commonalities between cloud-based pentesting and traditional on-prem pentesting.

Student Requirements

  • A credit card (You will be signing up for cloud service accounts such as Microsoft Azure and AWS. These services require a credit card for signing up.)
  • Check that both Amazon AWS and Microsoft Azure services are available in your country. (Note that if you cannot sign up for these services you will not be able to participate in the labs)
  • Internet access
  • Stable Internet access
  • x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization
    (Apple Silicon is currently not supported)
  • A computer with at least 8 GB of RAM. 16 GB is recommended
  • VMWare Workstation or VMWare Fusion
    (VirtualBox and other VM software is not supported)
  • Windows 10/11, MacOSX+, or a currently supported Linux Distribution 
  • Full Administrator/root access to your computer or laptop
  • System should also have at least 40GB of available disk space to accommodate two VMs

This class is being taught at Wild West Hackin’ Fest at Mile High 2025.

For more information about our conferences, visit Wild West Hackin’ Fest!

Clicking on the button above will take you
to our registration page on the website.

Live Training

  • Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
  • Access to course slides for future reference
  • Tips, tools, and techniques that can be applied immediately upon returning to work
  • Strengthen your skills by solving challenges within the Antisyphon Cyber Range
  • Become part of a community driven to educate and share knowledge

Complete Package

Breaching the Cloud with Beau Bullock
Tickets are no longer available

On Demand Training

  • Train at your own pace with no set course schedule
  • Access to all course resources, including slides and VMs
  • Subject Matter Expert support through Discord
  • Tips, tools, and techniques that can be applied immediately upon returning to work
  • Strengthen your skills by solving challenges within the Antisyphon Cyber Range
  • Become part of a community driven to educate and share knowledge
Choose an access term

$575.00

$575.00

Course Categories:

Cloud, Red Team