Cloud Security Training

Many organizations are adopting cloud services to complement their production infrastructure. The number of cloud services that are offered is constantly increasing and includes options such as web servers, SQL servers, virtual machines, and office productivity tools. Many of these cloud-based resources are connected directly to an organization’s production infrastructure.

How do you address the security of your cloud infrastructure? How to ensure your security is sufficient? Learn how a hacker thinks and how you should protect your cloud environment.

Many organizations approach cloud development in a similar manner as they would to traditional IT infrastructure. With cloud-based authentication being available to the public internet, a whole new attack surface emerges. This is especially notable when cloud is used to store sensitive data that is normally protected within the boundaries of a traditional IT environment. By learning you to think as a hacker, you can avoid many pitfalls in configuring your systems in the cloud securely.

Students will also be taught different techniques to escalate their privileges in a cloud environment and finally to compromise different services within the cloud environment.

Why should you attend?

• Understand the basics of Cloud Security and Cloud Security Architecture
• To be able to protect your Cloud and hybrid environment
• Address common misconfiguration and vulnerabilities
• Learn tips and tricks from experts in Cloud Security
• To configure a more secure Cloud environment

Intended Audience

This training is suitable for:

• Blue team members
• Network administrators
• Security testers
• General security practitioners
• Developers
• Security management staff (recommended: day 1 only)
• Non-technical staff with technical affinity (recommended: day 1 only)

Cloud infrastructure is constantly being adopted by organizations across the world. As cloud infrastructure is built and managed differently than on-premise infrastructure, security assessments must also be approached in a different manner. This course aims at demonstrating the new attack vectors that are presented when migrating to a new cloud environment, and to train red teamers and blue teamers alike to identify misconfigurations that can lead to cloud infrastructure compromise.

Required Skills & Expertise

This training is devised for technical personnel. A basic understanding of Linux and Windows command line and infrastructure is needed.

Program

The duration of this training course is of two days but can be adapted for your company needs.

Day 1:

09:00 - 10:30 Cloud Strategic Understanding

• How is the cloud different to a traditional environment
• Different types of clouds
• Cons and Pros of the Cloud
• Cloud Security Basics

10:30 - 12:30 Cloud Architecture Basics

• Cloud Architect security principles
• Cloud Architect mindset

12:30 - 15:00 Cloud Security Elements/Tools

• Common cloud security built-in tools (AWS focus)

15:00 CTF

• At the end of the day we will perform a CTF event to reinforce what was learned in the course

Day 2:

09:00 - 10:30 Vulnerability Management

• CIS benchmark
• Cloud vulnerability scanners

10:30 - 12:30 Cloud Specific Vulnerabilities

• How are cloud vulnerabilities different

12:30 - 14:00 Azure specific security

• Azure specific infrastructure, vulnerabilities and architectures

14:00 - 14:30 Infra as a Code

• How to find and assess vulnerabilities in IaC
• What is IaC, benefits and challenges

14:30 - 15:30 Container/Kubernetes security introduction

• Container and kubernetes introduction
• Container and kubernetes security principle
• Common tools for assessing containers and kubernetes

15:30 CTF

• At the end of the day we will perform a CTF event to reinforce what was learned in the course

Learning Objectives

• Understand the basics of Cloud Security and Cloud Security Architecture
• Gain an insight in how critical vulnerabilities in a Cloud corporate infrastructure can be exploited
• Learn the basics of how an effective vulnerability scan and a Cloud Penetration test can be performed in an enterprise environment
• Learn how to think like a cloud hacker to be able to better protect your Cloud environment