I recently finished Pentester Academy "Cloud Security: AWS Edition" Bootcamp. This is a 5-week instructor led course. Its a fairly new bootcamp they've started, which they appear to offer about once per month. My class was the 4th time they've offered it.
It mainly focuses on the 5 most popular AWS services (IAM, API Gateway, Lambda, DynamoDB and S3), teaching you how to discover vulnerabilities and learning how to create security fixes for them.
I've previously taken a number of Pentester Academy's courses and find them challenging as well as practical.
This bootcamp consists of a 4 hour class, once per week, and homework in the form of Capture the Flag labs, about 10 per week.
They say its a course for all skill levels, but I would recommend it for intermediate or higher as you should be somewhat familiar with the AWS console, CLI and services.
Each lab has a PDF guide, so if you get stuck and need a hint, the guide will help you out. The instructor, which was Jeswin Mathai for my class, walks you through the labs the following week as well. There is also a video recording available after each weeks session to go back and review, or in case you cannot make a session.
Myself, an advanced AWS user, I can say I still learned new things in this course and found many of the labs challenging. And they have a Lab Tech Support Discord channel setup to assist students. Most of the labs took me 15-20 minutes, the more challenging ones took up to an hour.
Each week covers a different area of AWS Security:
- IAM
- API Gateway
- Lambda
- Cloud Databases (DynamoDB and RDS)
- and S3
Starting with IAM they cover a number of privilege escalation paths and some tools you can use to quickly find them. A few highlights from this session were exploiting a misconfigured trust policy, dangerous policy combinations and three ways to get admin access using PassRole.
Week 2, on API Gateway, covered some great exploits for API Gateway, 4 out of the 6 labs for this week contained flags, that you could only get by compromising the gateway using methods like Verb Tampering and exploiting a poor authorizer. And a really interesting one was setting up a VPC Interface endpoint in a different account to exploit API Gateway in the target account.
On to week 3, which focuses on hacking Lambda. There are over 10 labs (different methods to hack lambda). This covered everything from command injection, to deserialization, to exploiting custom runtimes, to not only compromise the app but to also gain access keys. Another really cool lab this week, was creating Python script to brute force a Lambda app using a dictionary attack. I found this week quite interesting as a number of the attack vectors were new to me.
Week 4 continued with exploiting Lambda. In particular this week focuses on 2 stage attacks for Lambda, including how to backdoor a Lambda function to give you persistent access via a reverse shell.
Week 5 covers Cloud Databases and S3. One really cool concept was SQL injection on DynamoDB using PartiQL. Another interesting topic was a method to quickly bypass AWS WAF with an SQL injection. The course also covers using popular pentesting tools like Burp Suite to exploit applications hosted on AWS.
After completing the course there is a 48-hour exam, which you can take any time in the next 60 days. The exam consists of 5 labs with one or two flags each. The exam labs are more difficult than the course labs. Two were on IAM, one on S3, one using API Gateway and the last one using Lambda and DynamoDB. In order to pass the exam you have to solve 4 out of the 5 challenges.
One thing to note is the labs in this course are different than their regular AWS labs on their Attack Defense platform.
In summary, as always, Pentester Academy provides great value in their education and I would recommend this course to anyone working in the AWS security field or planning on taking the AWS Certified Security Specialty Exam. While not an exam preparation class, you will gain hands on experience valuable for the exam. I would recommend it for intermediate to advanced AWS users, the course is marketed toward all levels and it does include some beginner content, but most beginners will find the concepts and exam very challenging.
For more details on this bootcamp, visit: https://bootcamps.pentesteracademy.com/courses
Top comments (0)