AWS Intrusion Tactics Junior - 2 days
Description
AWS is now a cornerstone platform for hosting and scaling enterprise applications and services. Its extensive functionality and diversity of services (compute, storage, serverless, managed services) create a large attack surface and specific exploitation patterns that attackers and auditors must master.
In this AWS-focused course, participants will learn AWS architecture, IAM mechanisms, common access vectors (EC2 metadata, permission abuse, public S3 buckets), as well as exploitation of serverless services (Lambda) and network mechanisms (VPC, peering, security groups). The course covers reconnaissance, initial access, privilege escalation, lateral movement, persistence and exfiltration, using a low-footprint approach to preserve stealth. Hands-on practical labs on AWS environments, public tooling, case studies and guided exercises, aimed at pentesters, auditors and security teams seeking to strengthen offensive assessment capabilities on AWS.
- 2 days (14 hours)
- Full course module and individual practice environment
- 30% theory / 70% practice
Public and prerequisites
This course is suitable for participants with offensive security fundamentals but no prior AWS experience. It is primarily intended for pentesters, system administrators, security architects and developers, and is also appropriate for any technical profile seeking to add a security-focused specialization to their career.
-
Pentesters
-
System administrators
-
Security architects
-
Developers
Good network and Unix knowledge and notions of web intrusion are recommended.
Content
Day 1
Fundamentals, reconnaissance and initial access: architecture (organization, accounts), IAM (identity types, role assumption, policies), use of the AWS CLI, service discovery techniques, unauthenticated identity enumeration. Exploitation and lateral movement: S3 permission abuse, EC2 (metadata, lateral movement and SSM agent poisoning), Cognito (user and identity pools) and IAM privilege escalation.
Jour 2
Advanced concepts: Lambdas (runtime API, persistence, data exfiltration), network reconnaissance (VPC, network ACLs, security groups), persistence (policy modification, role chaining), log analysis and detection (CloudTrail, CloudWatch, GuardDuty). Practical exercises and realistic scenarios: exploitation of a vulnerable environment.