Back to All Events

Attacking Hybrid Multi-Cloud Environment


  • secwest.net Vancouver Canada (map)

DOJO Details/Logistics

  • Attendance: In-Person

  • Duration: 3 Days, March 16 - March 18 (Saturday to Monday)

 

DOJO Abstract :

Enterprises across the globe are moving to the Hybrid Multi-Cloud Technology. The technical understanding and enormous cost of rewriting infrastructure-applied applications to re-platform and work with the new cloud concept is a difficult task. The irregularities caused due to mis-understanding / deficit knowledge of New Cloud Concepts offered by leading Cloud Service Providers like AWS, Microsoft Azure and GCP etc have introduced multiple loopholes easily identified and exploited by Threat Actors to abuse and exploit the organization infrastructure.

CyberWarFare Labs training on "Attacking Hybrid Multi-Cloud Environment" aims to provide the trainees with the insights of the offensive techniques used by the Red Teamers and Blue Teamers in an Enterprise Cloud Infrastructure.

 

DOJO Agenda:

Attacking Hybrid Multi-Cloud Environment :

  • Introduction & Authentication to Multi-Cloud:

    • Introduction to Enterprise Cloud Architecture

      • Authentication :

        • AWS

        • Azure

        • GCP

  • Multi-Cloud Enumeration:

    • Cloud Enumeration

      • Enumerating & Designing Attack Surface of AWS Cloud Services

      • Enumerating & Designing Attack Surface of Azure Cloud Services

      • Enumerating & Designing Attack Surface of GCP Cloud Services

  • Attacking Mis-configurations in Multi-Cloud:

    • Leveraging Mis-Configurations

      • AWS :

        • Exploit Lambda Function for Persistence & Privilege Escalation

        • Pivoting & Lateral Movement using AWS VPC

        • Post-Exploitation by abusing mis-configured AWS Services

        • Data Exfiltration from S3, RDS, STS & Secret Manager etc

      • Azure :

        • Enumerating & Designing Attack Surface of Azure Cloud Services

        • Pivoting Azure Control Plane to the Date Plane

        • Stealth Persistence Access of Azure account by Service Principal

        • Privilege Escalation by abusing mis-configured Role Based Access Control

        • Mis-use Azure Authentication Methods [PHS, PTA, Federation]

      • GCP :

        • Enumerating & Designing Attack Surface of Google Cloud Services

        • Enumerating & Exploiting Google Kubernetes Services

        • Post-Exploitation by abusing mis-configured Google Cloud Services

        • Privilege Escalation by exploiting mis-configured OAuth & IAM

        • Persistence Access of Google Cloud by Temporary / Permanent Access Token

      • Hybrid Environment :

        • Enumerating & Designing Attack Surface from on-premise to multi-cloud

        • Enumerate & exploit widely used SaaS Services like O365 & G-suite

        • Lateral movement across Cloud Platforms & On-Premises

        • Exploit Azure-Active Directory Integration

        • Gaining Access on Enterprise Environment by mis-using SSO

*Candidates will get FULL 30 Days Cyber Range Lab Access with technical support.

 

Course Learning Objective :

  • Red Team Approach in Individual & Multi-Cloud Environment

  • Key based Authentication for White Box & Black Box Testing

  • Perform Cyber Kill Chain in Cloud Enterprise Environment

  • Multiple ways to get initial access, persistence, escalate privileges etc.

 

Course Pre-requisites :

  • Fair Knowledge of Networking and Web Technology

  • Familiarity with CLI

  • An Open mind

 

Who Should Take This Course ?

  1. Penetration Testers / Red Teams

  2. Cloud Security Professionals

  3. DevSecOps Team

  4. Last but not the least, anyone who is interested in strengthening their cloud offensive and detection capabilities

 

What Students Should Bring :

  • System with at least 16GB RAM

  • Updated Web Browser

  • RedCloud OS [https://github.com/RedTeamOperations/RedCloud-OS] VM With Internet Connectivity

 

About the Instructor: Manish Gupta

Manish Gupta is Director of CyberWarFare Labs having 7.5+ years of expertise in offensive Information Security. Previously he had worked as an operator & team lead at product based companies like Microsoft, Grab & Citrix. He specializes in Red Teaming Activities on enterprise Environment including On-premise & Multi-Cloud. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon Poland, NorthSec Canada & other corporate trainings etc.

CyberWarFare Labs: @cyberwarfarelab

 
 
Previous
Previous
March 16

x86-64 Intel Firmware Attack and Defense

Next
Next
March 16

Hunting the Adversary: Applying Cyber Threat Intelligence