Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Post-Exploitation of Cloud Service Providers

RSA Conference via YouTube

Overview

Explore post-exploitation techniques for cloud service providers in this 54-minute webcast presented by Mohammed Aldoub, an independent security consultant and Blackhat trainer. Gain insights into how hackers attack and pivot within cloud environments, with a focus on AWS. Witness demonstrations of the "barq" AWS post-exploitation tool and learn methods for gaining and maintaining access, including account backdooring, cloud-wide credential theft, and other attack strategies. Designed for penetration testers, this webcast enhances understanding of cloud components and their interactions, enabling better risk assessment and penetration testing in cloud environments. Delve into topics such as EC2 instances, AWS ME, IAM policies, trust relationships, and automated attacks, providing a comprehensive overview of cloud security vulnerabilities and exploitation techniques.

Syllabus

Introduction
Speaker Introduction
Why AWS
How to test AWS services
EC2 overview
Attacking EC2 instances
EC2 Instances
AWS ME
What Attacks Can Work
Training Mode
Print stored secrets
Attack surface
Whats next
IAM
IAM Pass Role
IAM Policy
AWS Escalation Tool
Trust Relationships
Automated Attacks
Sample
Questions

Taught by

RSA Conference

Reviews

Start your review of Post-Exploitation of Cloud Service Providers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.