Course Description
This class has being written due to the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our intentionally developed insecure web application built on Microsoft .NET platform. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, like the The Equifax breach in September 2017 for example and application vulnerabilities from popular websites like Facebook, Google, Instagram, Paypal and more
Course Details
Learn How To
- Gain practical experience with tools that will serve you in the future, Learn core infrastructure techniques, Go forward into more advanced infrastructure topics
Prerequisites
- Students must bring their own laptop and must either be able to launch a Docker Container provided by us, which includes all tools required for the class, or have root/admin access and be comfortable installing command line tools and downloading and building tools from source on GitHub, such as AWS CLI and Nimbostratus and more tools
1. Introduction to Cloud Computing
- Introduction to the cloud and why cloud security matters
- Comparison with conventional security models
- Shared responsibility model
- Legalities around Cloud Pentesting
- Attacking Cloud Services
2. Enumeration of Cloud Environments
- DNS-based enumeration
- OSINT techniques for cloud-based asset identification
- Username Enumeration
3. Gaining Entry via Exposed Services
- Serverless-based attacks (AWS lambda)
- PaaS Attack: SSRF Exploitation over AWS Elastic Bean Stalk
- IaaS Attack: Gaining Database Access
4. Attacking Storage Services (Aws, Azure, GCP)
- Exploring files storage
- Exploring SAS URLs in Azure
- Exploit Misconfigured Storage Service
5. Attacking Azure Ad Environment
- Introduction to Azure
- Azure application attacks (App Service, Function App, Enterprise Apps)
6. Azure section Continue
- Abuse Azure Service Principle Misconfiguration
- Azure AD Authentication Methods
- Attacking AWS Incognito Misconfiguration
7. AWS Identity and Access Management
- AWS: Identity and Access Management
- AWS IAM Policies and Roles
- IAM Policy Evaluation
- Roles and Permissions-Based Attacks
- Shadow Admin Attacks
- AWS IAM Access Analyzer
8. Containers as a Service and K8s Exploitation
- Understanding how container technology works (namespaces, cgroup, chroot)
- From docker to Kubernetes
- Identifying vulnerabilities in docker images
- Exploiting misconfigured containers
- Exploiting docker environments and breaking out of containers
- Exploring Kubernetes (k8s) environments
- K8s exploitation and breakouts
- Pivoting to host
- Azure MFA Bypass
- Azure Privilege Escalation
- Azure Dynamic Group Misconfiguration
| Fees Structure : | 22500 INR / 270 USD |
| Total No of Class : | 36 Video Class |
| Class Duration : | 29:30 Working Hours |
| Download Feature : | Download Avalable |
| Technical Support : | Call / Whatsapp : +91 8680961847 |
| Working Hours : | Monday to Firday 9 AM to 6 PM |
| Payment Mode : | Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay) |
| Fees Structure : | 30500 INR / 365 USD |
| Class Duration : | 60 Days |
| Class Recording : | Live Class Recording available |
| Class Time : | Monday to Firday 1.5 hours per day / Weekend 3 Hours per day |
| Technical Support : | Call / Whatsapp : +91 8680961847 |
| Working Hours : | Monday to Firday 9 AM to 6 PM |
| Payment Mode : | Credit Card / Debit Card / NetBanking / Wallet (Gpay/Phonepay/Paytm/WhatsApp Pay) |
