Do you want to level up your cloud penetration testing skills?
The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this free 4-hour workshop, hacking concepts are introduced for each of those services. Learn how to perform reconnaissance against cloud assets and identify common vulnerabilities that lead to compromise of an organization. Tools and techniques used on real-world penetration tests against cloud assets are shared including hands-on demonstrations.
You will leave this workshop with new skills for assessing cloud-based infrastructure!
You can find installation info for downloading and configuring the VMs you’ll need here: https://www.blackhillsinfosec.com/training/breaching-the-cloud-perimeter-setup-instructions/
Join the BHIS Discord Channel to discuss the training with our community:
https://discord.gg/aHHh3u5 – You can ask questions in the #training-prep-questions channel.
Also, you can download the slides for the training here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/05/Breaching-the-Cloud-Perimeter-Slides.pdf
If you’d like to take this class in June [SOLD OUT] or August, you can register here: https://wildwesthackinfest.com/online-training/breaching-the-cloud/
0:00 – Internet Song
0:54 – Breaching the Cloud For the Very First Time
8:26 – Roadmap to the Sky
13:20 – Cloud Vs On-Prem
17:46 – Whomai
18:34 – Opening Credits
20:35 – AWS V. Azure V. GCP
22:14 – Azure V. Microsoft 365, GCP V G-Suite
23:40 – Cloud Pentest Authorization
26:56 – Pentesting Policies
27:35 – Authentication Methods
34:21 – Azure: Password Hash Synchronization
36:09 – Azure: Pass-Through Authentication
37:47 – Azure: Active Directory Federation Services
41:34 – Azure: Access Tokens
46:18 – AWS: Programmatic Access
47:21 – Cloud Authentication Methods: Google
50:12 – Recon: Cloud Asset Discovery
1:00:41 – I Break For Rapid Fire Questions
0:00 – Recon: Cloud Asset Discovery, Continued
13:05 – Recon: Employees
22:11 – Exploiting Misconfigured Cloud Assets – S3 Buckets
24:25 – EBS Volumes
26:09 – Data In Public Azure Blobs
29:40 – Data In Public Google Storage Buckets
30:43 – Pacu
32:14 – LAB: S3 Bucket Pillaging
46:52 – S3 Code Injection
49:38 – Domain Hijacking
52:30 – I Break For Questions
0:00 – The Biggest, Most Important Section Of This Entire Thing
0:45 – Key Disclosures in Public Repositories
4:34 – LAB: Pillage Git Repos for Keys
11:05 – Password Attacks
18:55 – LAB: Password Spraying
26:03 – Password Protection & Smart Lockout
28:33 – Web Server Exploitation
32:38 – AWS Instance Metadata URL
37:39 – Phishing
39:35 – Phishing: Session Hijack
42:19 – Phishing: G-Suite
44:03 – I Break For Questions
0:00 – The Last Hour
0:18 – Phishing: Remote Access
2:01 – Steal Access Tokens
13:21 – LAB: Authenticate to Azure With Stolen Access Tokens
32:24 – Post-Compromise Recon
34:55 – Post-Compromise Recon: AWS
36:08 – Post-Compromise Recon: Google
36:49 – Post-Compromise Recon: Azure
38:54 – Azure: CLI Access
40:08 – Azure: Subscriptions
42:00 – Azure: User Information
44:42 – Azure: Resource Groups
45:38 – Azure: Runbooks
47:03 – LAB: Azure Situational Awareness
59:44 – Azure: Tools
1:01:02 – Review
If you’d like to take Beau’s class, you can register here:
Available live/virtual and on-demand!
