This training course has been delivered successfully at Blackhat (USA), DEFCON (USA), Hack in Paris (France), Lascon (USA), SaintCon (USA), Insomihack (Switzerland), HITB (Netherlands), Troopers (Germany) in the past and this year.
EarlyBird - $2750 (+ GST)
General - $3000 (+ GST)
Late - $3300 (+ GST)
GST is 10% in Australia
Course Abstract:
Enhance your cloud security knowledge to defend AWS & Azure infrastructure and apps through building automated detection, alerting, and response systems. This training offers hands-on lab exercises & CTF challenges(metal coins to win) for a practical learning experience.
This hands-on CTF-style training focuses on elevating your security knowledge into the cloud. Learn to defend your AWS & Azure cloud infrastructure by building automated detection, alerting and response pipelines for your workloads by using native cloud services. This training focuses on building security knowledge on the cloud and for the cloud.
By the end of this training, we will be able to:
* Use cloud technologies to detect & build automated responses against IAM & AD attacks.
* Understand and mitigate advanced identity-based attacks like pivoting and privilege escalation and build defense techniques against them.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to build threat detection services at scale.
* Build notification services to create detection alerts.
* Analyze malware-infected virtual machines to perform automated forensic investigations.
* Define step functions & logic apps to implement automated forensic artifacts collection for cloud resources.
* Build cloud security response playbooks for defense evasion, persistence, and lateral movements.
* Perform advanced security investigations through architecting and deploying security data-lake for real-time threat intelligence and monitoring.
* Enforce multi-cloud security strategy through assessments, compliance checks and benchmarking automation.
Abhinav Singh is a cybersecurity researcher with a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker and trainer at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.
https://www.linkedin.com/in/abhinavbom
Course Syllabus
Day 1
Introduction
- Introduction to cloud services
- Basic terminologies: IAM, VPC, AMI, serverless, ARNs etc.
- Understanding cloud deployment architecture.
- Introduction to Logging services in cloud.
- Introduction to shared responsibility model.
- Setting up your free tier account.
- Setting up AWS command-line interface.
- Understanding Cloud attack surfaces.
Detecting and monitoring against IAM attacks
- Identity & Access management crash course.
- Policy enumeration from an attacker's & defender's perspective.
- Detecting and responding to user account brute force attempts.
- Building anomaly detection using CloudWatch events.
- Building controls against privilege escalation and access permission flaws.
- Attacking and defending against user role enumeration.
- Brute force attack detection using cloudTrail.
- Automated notification for alarms and alerts.
- Exercise on detecting IAM attacks in a simulated environment containing web application compromise and lateral movement.
Malware detection and investigation on/for cloud infrastructure
- Quick Introduction to cloud infrastructure security.
- Building clamAV based static scanner for S3 buckets using AWS lambda.
- Integrating serverless scanning of S3 buckets with yara engine.
- Building signature update pipelines using static storage buckets to detect recent threats.
- Malware alert notification through SNS and slack channel.
- Adding advanced context to slack notification for quick remediation.
- Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.
Day 2
Threat Response & Intelligence analysis techniques on/for Cloud infrastructure
- Integrating playbooks for threat feed ingestion and Virustotal lookups.
- Building a SIEM-like service for advance alerting and threat intelligence gathering using Elasticsearch.
- Creating a Security datalake for advance analytics and intelligence search.
- Building dashboards and queries for real-time monitoring and analytics.
- CTF exercise to correlate multiple logs to determine the source of infection.
Network Security & monitoring for Cloud Infrastructure
- Understanding Network flow in cloud environment.
- Quick introduction to VPC, subnets and security groups.
- Using VPC flow logs to discover network threats.
- VPC traffic mirroring to detect malware command & Control.
Azure AD Attacks & Defenses
- Azure AD enumeration & permission gathering.
- Privilege escalation & lateral movement through RBAC, service principals etc.
- Auditing & logging in Azure.
- Detecting attacks through KQL queries.
Day 3
Forensic Acquisition, analysis and intelligence gathering In Cloud
- Building an IR 'flight simulator' in the cloud(AWS).
- Creating an API service for automated instance isolation and volume snapshots(AWS).
- lambda functions to perform instance isolation and status alerts(AWS).
- Automating alerts using Sentinel(Azure) for threat analysis.
- Automating threat response through Azure logic apps.
- Implementing rulebook for cloud IR in an enterprise.
- Enforcing security measures and policies to avoid instance compromise.
Multi-cloud Compliance
- Building a multi-cloud security assessment & monitoring strategy.
- Automatic inventory and change detection in a multi-cloud environment.
- Implementing compliance standards and benchmark standards(CIS) to the cloud environment.