Penetration Testing and Red Teaming on AWS

سرفصل های دوره

Exploit and Assess AWS Cloud Environment

1. Introduction

1. Course Introduction

2. Cloud Fundamentals

1.1 Cloud fundamentals.pdf

1. Introduction to Cloud Computing

2. Virtualization in Cloud Computing

3. Key Characteristics

4. Types of Cloud

5. Deployment Models

6. Shared Responsibility

3. AWS and Services

1.1 AWS Overview.pdf

1. Introduction to AWS

2. What is AWS Cloud

3. AWS Regions and Availability Zones

4. AWS services

5. AWS Computing Services

6. AWS Storage Services

7. AWS Network Services

8. Content Delivery Network

9. Route 53

10.1 aws security services.pdf

10. Security services

11. IAM Services

12. AWS Infrastructure Security

13. AWS Inventory and configuration Services

14. AWS data encryption options

15. AWS Logs and Monitoring Services

4. AWS Shared Responsibility model

1.1 AWS Shared Responsibility model.pdf

1. Shared Responsibility Model

2. Security of the Cloud

3. Security in the Cloud

5. AWS Penetration Testing and Red Teaming

1.1 AWS Penetration Testing.pdf

1. What is covered

2. Why Penetration testing is required

3. What is required

4. System requirements

5.1 AWS configure.txt

5. Creating and Configuring API Keys

6. Installing AWS Cli and Configuring Profiles

7. Configuring Multiple Profiles

6. Know Your Attack Surface

1. Common AWS attack surfaces

2. Method and Approach for AWS Penetration testing

7. Detecting and Testing External Assets

1. External Endpoints and Services - Penetration testing approach

2. Identifying external endpoints and services

3.1 shodan-googledorks queries.xlsx

3. OSINT Tools - Shodan and Google Dorks

4. OSINT Tools - Certstream

5. Using Netcraft

6.1 ipranges.txt

6. Introduction to AWS IP Ranges

7. AWS IP Ranges - Use Cases

8. AWS-IPS Go based tool

9.1 Collection of s3 tools.pdf

9. Recon - S3 Buckets

10. Changes in AWS S3 bucket access control

11. Using different tools for recon

12. Enumerating Public IPs and External Endpoints

8. Identify and Exploit through IAM misconfiguration

1.1 IAM-AWS CLI.pdf

1. IAM - Inroduction

2. IAM - Key Components

3. IAM - Key Terms

4. Policies and Permissions

5. Demo - Creating User

6. Policies in detail

7. Demo - Creating Policy

8. Policy Versions

9. More Policies

10. Trust Relationships

11. Least Privilege Access

12. Resource based policies

13. Attaching multiple policies

14. Demo - Attaching and Detaching AWS Managed Policy for a user

15. Demo - Multiple Policy Version

9. Tools for Identityfying the IAM Misconfigurations

1.1 AWS IAM Privilege Escalation Methods.pdf

1. Using AWS Escalate

2. Using cloudfox

10. IAM - Privilege Esaclation

1. Privilege Escalation from same level access to administrative access

2. Privilege Escalation scenerios

3. Priviledge Escalation - Practical Demo

4. Priviledge Escalation - Practical Demo

11. EC2 instance enumeration and identifying the misconfiguration

1.1 AWS EC2 Cli.pdf

1. EC2 instances enumeration

2. EC2 instances - Root volume Manipulation

3. Domo - Back door using Auto Scaling launch template

4. Back door using Auto Scaling launch template

5. EBS Volumes are not attached

6. Volume Snapshots are not encrypted

12. Exploit through EC2 Instance Metadata Services

1.1 Instance Metadata and User Data.pdf

1. EC2 Instance Metadata Services

2. Instance Metadata Vulnerabilities

3. Instance Metadata Demo

4. Instance Metadata Version 2

5. Identifying the instance Metadata Version used

6. EnableDisable Instance Metada versions

7. EC2 Instance with SSRF Vulnerability - Demo

8. EC2 Instance with SSRF Vulnerability - Demo

9. Enabling Version 2 of Instance Metadata

13. Simple Storage Services (S3) and Vulnerabilities

1. S3 - Introduction

2. S3 Introduction

3. S3 Permissions

4. Creating a S3 Bucket

5. Accessing the buckets

6. Creating Bucket Policy for accessing S3 Buckets

7. Creating User Policy for accessing S3 Buckets

8. Scan the public S3 Bucket

9. Modify the policies

10. Summary

14. Detecting and Exploiting AWS RDS

1. AWS RDS Introduction

2. Scanning and Exploiting the RDS

15. Exploiting - AWS Lambda, API Gateway and Cloudfront

1. Serverless Architecture and AWS Lambda - Introduction

2. Creating Lambda fuction

3. Enumerating and Manupluating Lambda Versions

4. Enumerating Lambda through AWS Cli

5. Exploiting through Lambda versions

6. Exploit using vulnerable Lambda configuration

7. Other Lambda vulnerabilities

8. Introduction to Amazon API Gateway

9. API Gateway Attack Surfaces

10. Exploiting DynamoDB tables using Lambda function and API gateway

11. Exploiting API Gateway using mailicious Payload file

12. AWS Cloudfront

13. AWS Cloudfront - How its working

14. Cloudfront Attack surfaces

15. Finding the Attack Surfaces and Exploiting Cloudfront

16. Vulnerability Testing through OWASP ZAP

17. AWS Cloudfront Hijack

18. Cloudfrunt tool - Identifying misconfigured CloudFront domains

16. Exploiting through security groups

1.1 AWS CLI and Tools for Security Groups.pdf

1. Security Groups - allowing access to external world

2. Exploiting through Security Groups

3. Detecting external open ports

4. Other Tools - Detecting external open ports

17. Tools used for assessing security risks in cloud environments

1.1 Tools Repo.txt

1. Popular tools for assessing security risks in cloud environments

2. Tools - Pacu

3. Enum and exploit using Pacu

4. Tools - Cloudfox

5. Exploiting with Cloudfox

6. Tools - Scout Suite

7. Security Audit using Scout Suite

18. Exploiting AWS ECR and ECS

1. AWS ECR - Introduction

2. Enumerating AWS ECR

3. AWS ECR Managed policies

4. AWS ECR Custom policies

5. Tools for testing the security of AWS ECR

6. AWS ECR Vulnerability Scan

7.1 AWS ECS Security - Potential Misconfigurations.pdf

7. AWS ECS - Introduction

8. ECS Misconfiguration potential opportunities

9. AWS ECS Enumeration

10. Exposure of Containers

11. Identifying Container Breakouts

12. Tools for identifying container breakouts

13. Practical demonstration of AWS ECS Cli and Backdoor

19. AWS WAF Security

1. AWS WAF Introduction

2. Detecting a WAF

3. Deploying OWASP Juice Shop application and testing

4. Bypassing WAF - Demonstration using Juice Shop Application

5. AWS WAF Limitations

6. AWS WAF 8KB request body inspection

7. Testing AWS 8KB request body Payload

8. Generate AWS WAF Bypass payloads using tool

9. Creating AWS WAF Bypass payloads using gotestwaf

20. AWS Route 53 Exploitation and Vulnerabilities

1.1 AWS Route53 - Highly available and scalable Domain.pdf

1. AWS Route 53 an Introduction

2. Exploring DNS Services through AWS console

3. Overview of Route53 Misconfigurations

4. Overview of DNS Attacks

5. AWS Rout53 Access and Policies

6. Dangling delegation records in Route 53

7. Detecting the misconfigurations of Zones and Records

8. Demontrating the Subdomain Takeover

21. AWS CICD Attacks

1.1 cicd.pdf

1. CICD - Introduction

2. Code Commit - Understanding the Security and Misconfigurations

3. Code Build - Understanding the Security and Misconfigurations

4. Code Pipeline- Understanding the Security and Misconfigurations

5. How AWS Policies works in CICD

22. Putting it all together - End to End Cloud Assessment

1. How to do end to end Penetration Testing or Red Teaming exercise

2.1 This is a Sample report templat1.pdf

2. Preparing a widespread report

45,900 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy