Workshop

Seasides 2025 Edition

AWS Hacking and Security - From Zero to Hero

AWS Hacking and Security – From Zero to Hero

AWS Hacking and Security – From Zero to Hero

AWS is the world’s most commonly used and subsequently most attacked cloud provider. Understanding how developers in your company use AWS, how cloud infrastructure is likely deployed in your company, what default configurations are a security problem and how business priorities of your company will end up introducing the most easy to abuse security flaws is important if you want to get a handle on AWS security.

We will learn this through this hands-on training which will attempt to take you on a journey as an attacker, focused on breaking apps and servers in AWS through various interactive and hands-on scenario-driven labs.

This fast-paced, hands-on workshop will allow you to:

  • Understand the security implications of using common AWS services (S3, EC2, RDS, IAM) and bonus on (Serverless/EKS)
  • Perform exploitation to show impact once a misconfiguration is identified
  • Show how to fix the configuration to either:
    • Mitigate the Exploit
    • Reduce the risk of data theft/ransomware
    • Pitfalls of applying a fix to the cloud environment
AWS Hacking and Security – From Zero to Hero

Training Outline – Courseware

Following section lists the topics that will be covered. Topics will be hands-on with full documentation.

Getting started and setting up

As Cloud Security professionals, we will get familiar with the AWS cloud console, and use the AWS CloudShell to set up a vulnerable AWS cloud environment.

Scenario 1 – Misconfigurations in IAM – The backbone of all things in AWS

This scenario will take the participants through multiple misconfigurations in AWS IAM, how we can audit IAM to find these misconfigurations, exploit them to elevate privileges and fix these issues to secure AWS.

Scenario 2 – Attacking and securing S3 while preserving business priorities

This scenario will cover attacking the AWS S3 service, understanding how business requirements and developer needs result in poor configurations that are insecure. We will learn about implementing some defensive controls that enhances AWS S3 security.

Scenario 3 – EC2 services that are often misconfigured by developers

This scenario will cover misconfigurations in various EC2 services that are often created as a result of developers wanting to ship fast. We will exploit EC2 and see how the service can be made secure.

Scenario 4 – How business requirements cause developers to expose RDS

This scenario will abuse misconfigurations in RDS arising from developers using legacy techniques to reach databases. The misconfigurations will be detected, exploited and fixed to understand the attacker mindset and what developers can do to stay secure.

Scenario 5 – Bonus content on Serverless and EKS

Attacks and defenses on EKS, privilege escalation, token stealing and data stealing. Attacks and defense on serverless Lambda and understanding code changes that would enhance security of the system.

Using AWS Security Stack and the Pricing and Complexity Challenges

We will take a look at some of the common defensive services available in AWS including and understand why these are expensive and difficult to use by developers and users alike.

CTF!

We will end the training with a fun Capture the Flag to hack systems, find flags and race to the finish line! Documentation for the CTF will be made available as part of the training after the training.

Pre-requisites

Pre-requisites

The pre-requisites are very minimal. The way our training is designed, a basic understanding of the following concepts can get you up and running through the exercises in no time:

  • Familiarity with the AWS console – The console is very intuitive and can be used by folks who have never seen it before.
  • Some experience with using tools like nmap – We will be sparingly using these tools, and even when we are, the steps are all documented.
  • Comfortable with using a terminal program like cmd or bash – We will be running some commands over SSH and bash.
  • Basics of networking – If you know how to ping and find your IP address using the command line, you are good to follow what’s happening in class.
Class Requirements

Class Requirements

This is a hands-on class. The following requirements need to be met to gain maximum value from the class:

  • An activated AWS account. Please ensure you are using your own account as sharing accounts between students can result in some of the labs working incorrectly.
  • Laptop with a modern OS: Windows 10 / macOS / Linux
  • Updated browsers such as Chrome, Firefox
  • Ability to connect to a wireless/wired network
  • Bring your own internet devices

The training is meant to be hands-on for beginners with AWS Security. Prior knowledge of AWS services is recommended but not mandatory. The training will cover basics to a few advanced concepts to ensure you truly go from Zero to Hero