CtrlK

Introduction
Warning
Setting up the Student Virtual Machine
- Setup the Student Virtual Machine
Setting up AWS Accounts
Setting up Google Cloud Accounts
- Getting Started with Google Cloud web
- Setting up gcloud and authentication
Pentesting Requirements for the Cloud
- AWS Pentesting Requirements
- Google Cloud Pentesting Requirements
What the network will look like
- The AWS and Google Cloud network access for this training
Cloud Compute with AWS
- AWS Cloud compute
- AWS Serverless
  - Attacking AWS Lambda via Triggers
Compute with Google Cloud
- Google Cloud VM Instances - Lab setup
- Google Cloud Cloud Run
  - Attacking Google Cloud Run
WAF Bypasses in AWS and Google Cloud - Demo
- AWS WAF
  - AWS WAF Byte Size Bypass
- Google Cloud WAF
  - Google Cloud WAF Bypass
Cloud Storage with AWS
- Cloud storage in AWS
  - Abusing AWS S3 misconfigurations
  - Discovering and pillaging EBS
Cloud Storage with Google Cloud
- Cloud Storage in Google Cloud
  - Discovering and Abusing Google Storage - GCS
Cloud Databases in AWS
- Cloud Databases in AWS
  - AWS RDS Exploitation via Snapshots
Cloud Databases in Google Cloud
- Cloud Databases in Google Cloud
  - Google Firestore Mis-configurations
AWS Identity and Access Management
- AWS Identity and Access Management
  - Misconfigurations with AWS IAM
  - Privilege Escalation via Policy Versions
Google Cloud Identity and Access Management
- Google Cloud IAM
  - Misconfigurations with Google Cloud IAM
  - Stealing API Keys and Service Account Tokens
OSINT on the cloud
- OSINT against cloud targets
Subdomain Takeovers in AWS (CloudFront)
- Subdomain Takeover using a dangling Cloudfront
Security Tools
Challenges
- Capture The Flag
Solutions
Nuking Resources in AWS and Google Cloud
- Running aws-nuke
- Google Cloud Delete Resources
Additional References
- Additional References
About Us
- About Us

Powered by GitBook

On this page

About Appsecco
About the trainers

About Us

About Us

About Appsecco

Appsecco

About the trainers

Riyaz Walikar
Rohit Jadav
Bhagavan Bollina

PreviousAdditional References NextAbout Appsecco

Last updated 2 years ago