Hacking Cloud Infrastructure

As cloud innovation gives birth to new technologies and new threats, now is the time to modernize your cloud security skills and bring them up to the industry standard. Join this hands-on, 2-day course to push your cloud hacking and vulnerability remediation skills to the next level and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.

• Cloud administrators and architects
• Penetration testers and red teamers
• CSIRT/SOC analysts and engineers/blue teams
• Developers
• Security/IT managers and team leads

This course is suitable for anyone with a stake or interest in cloud security, from technical practitioners to decision makers. The syllabus has been designed to cover the latest vulnerabilities and advances in hacking, as well as the skills to penetration test cloud systems and environments and remediate vulnerabilities.

Delegates must have the following to make the most of the course:

• Basic to intermediate knowledge of cybersecurity (1.5+ years’ experience)
• Experience with common command line syntax

• Exploitation techniques to gain cloud entry via exposed services
• Post-exploitation techniques to enumerate systems and achieve exfiltration
• Methods for defending different cloud environments

This course uses a Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is over. By the end, you’ll know how to:

• Think and behave like an advanced, real-world threat actor
• Identify and exploit complex vulnerabilities and security misconfigurations in AWS, Microsoft Azure
• Design your penetration tests around real-world attacker behaviors and tooling, making it relevant to the threats facing your organization
• Identify the attack surface exposure created by cloud-based services such as virtual machines (VMs), buckets, container as a service (CaaS) platforms, and serverless functions 

You’ll be learning hands on:

• Spending most of the session (~70%) on lab-based exercises
• Using lab-based flows to explore and hack lifelike cloud environments.
• Exploiting different cloud and container environments
• Competing in a Capture the Flag (CTF) challenge to test your new skills.
• Discussing case studies with your course leader to understand the real-world impact of the hacks covered.

The cybersecurity skills shortage is felt perhaps nowhere as deeply as in the cloud. With new rulebooks and standards, practitioners often find themselves playing catch up with the latest developments in technology and in the threat landscape. This course is designed to be a highly informative bootcamp to help you advance your skills in the most important and relevant areas of cloudsec. Across two days, you’ll learn about the high-impact vulnerabilities and flaws that could be open in your organization right now and how to fix them.

Our syllabuses are revised regularly to reflect the latest in-the-wild hacks, the newest system releases, and whatever proof of concepts we’ve been developing in our own research. Because they remain so up to date with the threat landscape and security industry standard, many delegates return every 1-2 years to update their skills and get a refresh.

Event Venue

Online