Intro to AWS Pentesting

8 H 47 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
  • Basic Concepts
    • Course Overview
    • AWS Pentesting Policy
    • AWS Keys
    • IAM Security Issues
    • S3
    • EC2
    • Lambda
    • ARNs
  • Tools
    • AWS CLI
    • Pacu
    • AWS Bucket Dump
    • GrayhatWarfare
  • Flaws
    • Flaws: Level1
    • Flaws: Level2
    • Flaws: Level3
    • Flaws: Level4
    • Flaws: Level5
    • Flaws: Level 6
  • CloudGoat
    • Configure CloudGoat
    • IAM PrivEsc by Rollback
    • Lambda PrivEsc
    • Lambda PrivEsc Pt 2
    • Cloud Breach S3
    • IAM PrivEsc by Attachment
    • EC2 SSRF

Course Overview

4 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

In this episode, we will discuss the intended audience, purpose, scope, and structure of this 'Intro to AWS Pentesting' series.

You're watching ITPro TV. [MUSIC] >> Hey there, I'm your host Sophia Goodwin, and I'm here with Mr Daniel Lowrie. We're gonna tell you a little bit about the wonderful world of this course that we've got called intro to AWS Pen Testing, Daniel, are you ready for this? >> I am ready for this. I've been ready for this. I was born ready for this. My typing skills might not be ready for this but we will struggle through and learn some interesting things. This will be a lot of fun. >> He's gonna be our subject matter expert for this course. Daniel, can you give us a little bit of information about your background, why you are qualified? >> Sure, how am I qualified to teach you this? Great question. Well, here's the thing. I've been doing IT for a hot minute now, over 20 years. At this point I've got industry recognized certifications and systems and networking. I've done security for at least the last five years as my focus in my job role. So focusing mostly on Red Team security, Pen Testing, ethical hacking, those types of things. So that definitely gives me a leg up with what we're gonna do today. And as well as I have some background in AWS as well, and I thought what better thing to do than marry the two things together and teach you good folks out there what we can do, what we're looking for when we're doing a Cloud Pen Test against the cloud platform itself. So it should be a good time. >> I suppose I can accept those qualifications. I suppose you meet the qualifications. So if somebody's looking at taking this course, why should they do that? >> Well, if you are already in the Pen Testing Red teaming sphere or even if you're a defender and wanna have a better grasp on what you can do to try to secure your AWS environments, this is all for you, right? So you got that background, you already work in AWS, you understand a bit about ABS. You've dealt with it or maybe that's the platform that your organization is using on a day to day. And you thought, I wonder if there's any security problems. We should probably look into that. This is what's up. So if you've got some Pen Testing background, you've got some offensive type of security background or even blue team defensive type of background, this is gonna be for you. Cuz then you're gonna be able to take those skills and things that you learned, apply that to the AWS environment and see if you can find some security flaws that might lead to a very bad day for you. Hopefully plug those holes before they become an issue. Well, that's as good a reason as any, in my opinion. So, what is gonna be the structure of this course? So the way we're gonna structure this course is we're gonna kind of take you from start to finish. Remember, this is an intro course. We're not getting too deep in the weeds. We're gonna take a look at some of the more basic elements. So if you've never really worked at AWS before specifically with the AWS CLI in the terminal area, we wanna get you familiarized with that as well as some of the tools. We're gonna kind of run down a couple of the tools that are useful for us, but mostly focusing on that AWS CLI is gonna be our bread and butter throughout this thing. We're gonna take a look at interesting tools though, that could be helpful in the long run. And then of course we're gonna use scenarios to help give us context and lab environment basically, for us to be able to attempt to work our way through these vulnerabilities that are common to the AWS world, right? So basically we're gonna start is learn a little bit about AWS, some of the basics in there, pick up a couple of tool sets and then jump in with vulnerabilities through scenario-based reinforcement to see how does that work out and how does that look in a real life scenario. >> Well, I'd love meet some scenario-based enforcements. So, I'm excited about that. Why are you excited about this course? >> Cuz it's fun, fun, fun. Can be a bit frustrating, not gonna lie because you got to kinda keep your cart and horse and chickens and eggs all in their right spot so that everything works correctly. If you make a little typos and as you'll see me do throughout the series, I am sure I'm not sinless perfection, I will make mistakes. But we'll work our way through those things and ultimately get to see some really cool stuff and learn about how AWS does things so that we can start to see maybe my environment has some of these vulnerabilities. That's what's exciting about it to me, is to be able to apply this to real world life and see if you can maybe find a problem before it is a problem. >> That was beautiful Daniel. >> Thank you. >> You've got me raring to go, I'm excited about this. So, thank you for joining us for our overview of this course and let's get ready to jump into the [UNKNOWN] world of intro to AWS Pen Testing. >> Thank you for watching ITPro TV. [MUSIC]