Abhinav Singh - Cloud Security Masterclass Defender's Guide to Securing AWS & Azure Infrastructure $2,000
Name of Training:
Cloud Security Masterclass Defender's Guide to Securing AWS & Azure Infrastructure
This is a unique course that is on the cloud and for the cloud. It helps train individuals on cloud terminologies and enables them to build scalable defense mechanisms for their services running in the public cloud. The training explicitly focuses on threat detection, Incident response, malware investigations, and forensic analysis of cloud infrastructure which is still a very less known domain in the market. The training will not use cloud-native security tools, but will focus more on building generic analysis pipelines that can be implemented in any cloud environment.
- Using cloud native technologies to build your own security services for your applications and services running in the cloud.
- Building real-time detection, monitoring and response capabilities for threat tracking and intelligence gathering.
- Building Advanced automated pipelines through Detection-as-code features to defend public cloud infrastructures.
## Who Should Take This Course:
- Red Team members
- Blue team and Purple team members
- Cloud Security Teams
- Incident responders, Analysts
- Malware investigators and Analysts
- Threat intelligence analysts and Responders
This hands-on CTF-style training focuses on elevating your security knowledge into the cloud. Learn to defend your AWS & Azure cloud infrastructure by building automated detection, alerting and response pipelines for your workloads by using native cloud services. This training focuses on building security knowledge on the cloud and for the cloud.
This training takes both investigator and builder approach towards security. It teaches you the fundamentals of cloud infrastructure security and focuses on building highly scalable threat detection, monitoring, and response tools by using cloud-native services like serverless, containers, object stores, IAM/AD, logic apps, SQL/KQL queries and much more.
By the end of this training, we will be able to(applies to both AWS & Azure):
* Use cloud technologies to detect & build automated responses against IAM & AD attacks.
* Understand and mitigate advanced identity based attacks like pivoting and privilege escalation and build defense techniques against them.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to build threat detection services at scale.
* Build notification services to create detection alerts.
* Analyze malware-infected virtual machines to perform automated forensic investigations.
* Define step functions & logic apps to implement automated forensic artifacts collection for cloud resources.
* Build cloud security response playbooks for defense evasion, persistence and lateral movements.
* Perform advanced security investigations through architecting and deploying security data-lake for real-time threat intelligence and monitoring.
* Enforce multi-cloud security strategy through assessments, compliance checks and benchmarking automation.
Hands-on: 65-70%. Lecture: 30-35%.
Day 1: 6 hands-on labs: Approximately 6 hours
Day 2: 5 hands-on labs: Approximately 6 hours.
This has homework or after class exercises: students will be provided with Cloudformation templates for next day's lessons.
- PDF versions of slides that will be used during the training.
- Complete course guide containing 200+ pages in PDF format. It will contain step-by-step guidelines for all the exercises, labs, and a detailed explanation of concepts discussed during the training.
- 20+ pages of cloud security rulebook to implement cloud security controls in an enterprise.
- 15 day access to Slack channel & CTF platform.
- Infrastructure-as-code templates to deploy the test environments & simulations for continued practice after the class ends.
- Access to Github account for accessing custom-built source codes and tools.
- Collection of test malware samples, forensic images, detection rules and queries.
Keywords: Cloud Security, DevSecOps, Red-team, Blue team, Infrastructure security
- Defcon Las Vegas, Aug 2022: https://training.defcon.org/products/abhinav-singh-defenders-guide-to-securing-public-cloud-infrastructures
- Hack in Paris June 2022: https://hackinparis.com/trainings/#training-2022-cloud-security-masterclass-defenders-guide-to-securing-public-cloud-infrastructure-2-days
- Insomnihack, Geneva, March 2022
- Blackhat EU 2022: https://www.blackhat.com/eu-22/training/schedule/#cloud-security-masterclass---defenders-guide-to-securing-public-cloud-infrastructure-28220
- OWASP Lascon 2022, SaintCon 2022.
- Blackhat EU 2021: https://www.blackhat.com/eu-21/training/schedule/#cloud-security-masterclass-defenders-guide-to-securing-public-cloud-infrastructure-24306
- Troopers 2021, 2020: https://troopers.de/troopers22/trainings/slwggf/
- HITB 2020, 2021.
Abhinav Singh is a cybersecurity researcher with a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker and trainer at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.
Trainer(s) social media links:
https://twitter.com/abhinavbom : @abhinavbom
- Quick Introduction to AWS & Azure cloud services.
- Basic terminologies: IAM, VPC, AMI, serverless, ARNs etc.
- Introduction to Logging services in cloud.
- Setting up your free tier account.
- Setting up AWS & Azure command-line interface.
*Cloud Attack Surface*
- Cloud service enumeration for attack surface identification.
- Exploiting serverless functions and harvesting cloud credentials.
*Detecting and monitoring against AWS IAM attacks.*
- Identity & Access management crash course.
- Policy enumeration from an attacker's & defender's perspective.
- Detecting and responding to user account brute force attempts.
- Building controls against privilege escalation and access permission flaws.
- Attacking and defending against user role enumeration.
- Brute force attack detection using cloudTrail & Athena SQL queries.
- Automated notification for alarms and alerts.
- Exercise on detecting IAM attacks in a simulated environment containing web application compromise and lateral movement.
*Malware detection and investigation on/for cloud infrastructure*
- Quick Introduction to cloud infrastructure security.
- Building clamAV & Yara based static scanner for S3 buckets using AWS lambda.
- Building signature update pipelines using static storage buckets to detect recent threats.
- Malware alert notification through SNS and slack channel.
- Adding advanced context to slack notification for quick remediation.
- Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.
*Threat Response & Intelligence analysis techniques on/for Cloud infrastructure*
- Integrating playbooks for threat feed ingestion and Virustotal lookups.
- Building a SIEM-like service for advance alerting and threat intelligence gathering using Elasticsearch.
- Creating a Security datalake for advance analytics and intelligence search.
- Building dashboards and queries for real-time monitoring and analytics.
- CTF exercise to correlate multiple logs to determine the source of infection.
*Azure AD Attacks & Defenses*
- Azure AD enumeration & permission gathering.
- Privilege escalation & lateral movement through RBAC, service principals etc.
- Auditing & logging in Azure.
- Detecting attacks through KQL queries.
*Forensic Acquisition & analysis In the Cloud.*
- Building an IR 'flight simulator' in the cloud(AWS).
- Creating an API service for automated instance isolation and volume snapshots(AWS).
- lambda functions to perform instance isolation and status alerts(AWS).
- Automating alert using Sentinel(Azure) for threat analysis.
- Automating threat response through Azure logic apps.
- Implementing rulebook for cloud IR in an enterprise.
- Enforcing security measures and policies to avoid instance compromise.
- Building a multi-cloud security assessment & monitoring strategy.
- Automatic inventory and change detection in a multi-cloud environment.
- Implementing compliance standards and benchmark standards(CIS) to the cloud environment.
Beginners and Intermediate.
- Free tier account for AWS with command line tools installed.
- Free Tier account for Azure with command line tools installed.
- Read and complete the pre-training briefing document that will be sent a week before the training date.
What students should bring:
- Laptop with Wi-Fi capability.
- Basic understanding of cloud services.
- System administration and linux cli.
- Able to write basic programs in python.
- Familiarity with SQL and KQL queries will be a plus.
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Abhinav Singh
- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.