Pentesting AWS with Pacu, CloudGoat, and ChatGPT
Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs
Description
Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, and labs. This course uses and teaches 4 primary tools:
CloudGoat
Pacu
ChatGPT
AWS CLI
CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments so that you can follow along throughout the course.
In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu.
We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective.
This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths.
What makes this course different
Production quality: We’ve been developing cloud and security training material for over 7 years and have taught hundreds of thousands of IT professionals all the way from individuals to Fortune 500 companies. Our production quality is top-notch and not only reflects expert experience but focuses on building practical skills with interactive diagrams, realistic lab scenarios, and other interactive elements.
Scenario and Practical-based: This course is 95%+ hands-on. We learn how to set up our tools to get started, and then we learn how to deploy CloudGoat AWS labs. We use those labs to learn hands-on by hacking actual environments. This isn’t a theoretical course, it’s fully practical.
Hands-On and Lab-based: Every practical step we take in the course can be completed in your very own AWS account. We do inform you beforehand if there are any resources that will cost money so you can decide whether you want to complete those labs/steps or not.
FAQ
"Is this course practical or conceptual?"
This course is 95%+ hands-on and practical. There are lessons that describe the scenario that you will be completing, but apart from those, all of the other lessons are hands-on.
"Do I need to have AWS experience before enrolling"
Short answer: Yes. Longer answer: If you've never logged into AWS before, you are attempting to run before you can walk and you won't be able to follow what's going on. Please first learn to use some of the basic AWS services, get familiar with what IAM is, etc...before attempting to pentest AWS environments.
"Do I need prior cybersecurity experience before enrolling?"
While that would be helpful, it's not required. For example, if you are a developer using AWS to ship applications, you will get a lot of value from this course even though you are not a cybersecurity expert.
About the authors
This course was created, developed, and published by Christophe Limpalair. Christophe is the founder and an author at Cybr, where he’s published many courses on topics of ethical hacking. You may also know him from Linux Academy / ACloudGuru, where he taught multiple AWS courses including associate and professional-level AWS certification courses, and helped tens of thousands of learners get certified. He also helped pioneer, develop, maintain, and secure Linux Academy’s cloud Hands-On Labs and Assessments technology which ran as a $1m budget on AWS, and he now runs Cybr's Hands-On Labs platform on AWS.
Christophe has 7+ years of experience working in AWS and building as well as securing production environments. He shares that experience in this course to help you learn how to secure AWS resources and environments.
What You Will Learn!
- Learn hands-on how to exploit AWS cloud misconfigurations
- Build practical skills with step-by-step walkthroughs and labs
- Practice using important tools for AWS pentesting: the AWS CLI, Pacu, CloudGoat, and ChatGPT
- Learn how to perform security assessments of AWS environments and resources
- Learn how to find privilege escalation paths from limited permissions
- See first-hand how badly written IAM policies or badly configured cloud instances and containers can be exploited to gain admin-level privileges
Who Should Attend!
- Individuals who want to perform security assessments of AWS environments and resources
- Individuals who want to test their own organization’s cloud security posture, or that of a client
- Cloud engineers who want to round out their AWS security knowledge