DOJO Details/Logistics
Attendance: In-Person
Duration: 3 Days, March 16 - March 18 (Saturday to Monday)
DOJO Abstract :
Enterprises across the globe are moving to the Hybrid Multi-Cloud Technology. The technical understanding and enormous cost of rewriting infrastructure-applied applications to re-platform and work with the new cloud concept is a difficult task. The irregularities caused due to mis-understanding / deficit knowledge of New Cloud Concepts offered by leading Cloud Service Providers like AWS, Microsoft Azure and GCP etc have introduced multiple loopholes easily identified and exploited by Threat Actors to abuse and exploit the organization infrastructure.
CyberWarFare Labs training on "Attacking Hybrid Multi-Cloud Environment" aims to provide the trainees with the insights of the offensive techniques used by the Red Teamers and Blue Teamers in an Enterprise Cloud Infrastructure.
DOJO Agenda:
Attacking Hybrid Multi-Cloud Environment :
Introduction & Authentication to Multi-Cloud:
Introduction to Enterprise Cloud Architecture
Authentication :
AWS
Azure
GCP
Multi-Cloud Enumeration:
Cloud Enumeration
Enumerating & Designing Attack Surface of AWS Cloud Services
Enumerating & Designing Attack Surface of Azure Cloud Services
Enumerating & Designing Attack Surface of GCP Cloud Services
Attacking Mis-configurations in Multi-Cloud:
Leveraging Mis-Configurations
AWS :
Exploit Lambda Function for Persistence & Privilege Escalation
Pivoting & Lateral Movement using AWS VPC
Post-Exploitation by abusing mis-configured AWS Services
Data Exfiltration from S3, RDS, STS & Secret Manager etc
Azure :
Enumerating & Designing Attack Surface of Azure Cloud Services
Pivoting Azure Control Plane to the Date Plane
Stealth Persistence Access of Azure account by Service Principal
Privilege Escalation by abusing mis-configured Role Based Access Control
Mis-use Azure Authentication Methods [PHS, PTA, Federation]
GCP :
Enumerating & Designing Attack Surface of Google Cloud Services
Enumerating & Exploiting Google Kubernetes Services
Post-Exploitation by abusing mis-configured Google Cloud Services
Privilege Escalation by exploiting mis-configured OAuth & IAM
Persistence Access of Google Cloud by Temporary / Permanent Access Token
Hybrid Environment :
Enumerating & Designing Attack Surface from on-premise to multi-cloud
Enumerate & exploit widely used SaaS Services like O365 & G-suite
Lateral movement across Cloud Platforms & On-Premises
Exploit Azure-Active Directory Integration
Gaining Access on Enterprise Environment by mis-using SSO
*Candidates will get FULL 30 Days Cyber Range Lab Access with technical support.
Course Learning Objective :
Red Team Approach in Individual & Multi-Cloud Environment
Key based Authentication for White Box & Black Box Testing
Perform Cyber Kill Chain in Cloud Enterprise Environment
Multiple ways to get initial access, persistence, escalate privileges etc.
Course Pre-requisites :
Fair Knowledge of Networking and Web Technology
Familiarity with CLI
An Open mind
Who Should Take This Course ?
Penetration Testers / Red Teams
Cloud Security Professionals
DevSecOps Team
Last but not the least, anyone who is interested in strengthening their cloud offensive and detection capabilities
What Students Should Bring :
System with at least 16GB RAM
Updated Web Browser
RedCloud OS [https://github.com/RedTeamOperations/RedCloud-OS] VM With Internet Connectivity
About the Instructor: Manish Gupta
Manish Gupta is Director of CyberWarFare Labs having 7.5+ years of expertise in offensive Information Security. Previously he had worked as an operator & team lead at product based companies like Microsoft, Grab & Citrix. He specializes in Red Teaming Activities on enterprise Environment including On-premise & Multi-Cloud. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon Poland, NorthSec Canada & other corporate trainings etc.
CyberWarFare Labs: @cyberwarfarelab