images
SecurityBSides Trainings

Course Description

Enterprises across the globe are moving to the Cloud Technology. The technical understanding and enormous cost of rewriting infrastructure- applied applications to re-platform and work with the new cloud concept is a difficult task. The irregularities caused due to mis-understanding / deficit knowledge of New Cloud Concepts offered by leading Cloud Service Providers like AWS, Microsoft Azure and GCP etc have introduced multiple loopholes easily identified and exploited by Threat Actors to abuse and exploit the organization infrastructure. CyberWarFare Labs training on "Attacking Hybrid Multi-Cloud Environment" aims to provide the trainees with the insights of the offensive / defensive techniques used by the Red Teamers and Blue Teamers in an Enterprise Cloud Infrastructure. As an Attacker, trainee will not only understand the advanced Real-World Cyber Attacks against various major Cloud Vendors like AWS, Microsoft Azure, GCP but also simulate Tactics, Techniques and Procedures (TTP's) widely used by APT groups practically in the lab environment. As a Defender, trainee will understand various emerging threats and practically approach how to Defend and Secure the Hybrid Multi-Cloud Infrastructure. They will also practically understand widely used Cloud Security Solutions like AWS GuardDuty, Azure Security Centre and GCP Security Command Centre. Candidates will get Module Wise Custom Terraform Scripts to practice under their own account and a 30 Days Full Lab Access to practice.

Prerequisite

  • Fair Knowledge of Networking and Web Technology
  • Familiarity with CLI
  • An Open mind *No prior Cloud knowledge is required.
  • Minimum 3-5 years in Penetration Testing Domain

Instructor - Manish Gupta

Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Where he specializes in Red Teaming Activities on enterprise Environment. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate trainings etc.

Instructor - Yash Bharadwaj

Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 4.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDRs, Pwning Active Directory infrastructure, stealth enterprise networks & Multi cloud attacks. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Nullcon, X33fCon, NorthSec, BSIDES Chapters, OWASP, CISO Platform, YASCON.

Key Learning Objective

Attacking AWS Cloud

Attacking Azure Cloud

Attacking GCP Cloud

Attacking Hybrid Cloud

Attacking Hybrid Multi-Cloud

Agenda

    • 09:00-18:00 Room: TBD

      Day 1: Attacking AWS Cloud

      2023-07-04
      • Enumerating & Designing Attack Surface of AWS Cloud Services
      • Exploit Lambda Function for Persistence & Privilege Escalation
      • Pivoting & Lateral Movement using AWS VPC
      • Post-Exploitation by abusing mis-configured AWS Services
      • Data Exfiltration from S3, RDS, STS & Secret Manager etc
    • 09:00-18:00 Room: TBD

      Day 2: Attacking Azure Cloud

      2023-07-05
      • Enumerating & Designing Attack Surface of Azure Cloud Services
      • Pivoting Azure Control Plane to the Date Plane
      • Stealth Persistence Access of Azure account by Service Principal
      • Privilege Escalation by abusing mis-configured Role Based Access Control
      • Mis-use Azure Authentication Methods [PHS, PTA, Federation]
    • 09:00-18:00 Room: TBD

      Day 3: Attacking GCP Cloud

      2023-07-06
      • Enumerating & Designing Attack Surface of Google Cloud Services
      • Enumerating & Exploiting Google Kubernetes Services
      • Post-Exploitation by abusing mis-configured Google Cloud Services
      • Privilege Escalation by exploiting mis-configured OAuth & IAM
      • Persistence Access of Google Cloud by Temporary / Permanent Access Token
    • 09:00-18:00 Room: TBD

      Day 4: Attacking- Hybrid Cloud and Hybrid Multi-Cloud

      2023-07-07
      • Lateral movement from one Cloud Platform to another Cloud Platform
      • Enumerate & exploit widely used SaaS Services like O365 & G-Suite
      • Exploit Trusted Relationship for expanding the access
      • Enumerating & Designing Attack Surface from on-premise to multi-cloud environment
      • Pivoting from on-premise environment to Cloud environment & vice-versa
      • Exploit Azure-Active Directory Integration
      • Gaining Access on Enterprise Environment by mis-using SSO
      • Abusing Federation Service Authentication