Tweet
Abhinav Singh - Defender's Guide to Securing Public Cloud Infrastructures
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...nfrastructures
Training description:
This training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.
Course overview:
*IAM*
- Introduction to IAM attack surface.
- Enumerating IAM Permissions for privilege escalations.
- Advance privilege escalation using policy chaining and evading scanning tools.
- Post Infection attack TTPs.
*Security Analytics & Automation at cloud scale*
- Using cloudtrail logs for investigation and Athena for querying.
- Automating athena queries for continuous assessment.
- Building highly scalable, multi-account logging and monitoring infrastructure in AWS.
- Establishing an alerting pipeline.
*Malware detection and investigation on/for cloud infrastructure*
- Quick Introduction to cloud infrastructure security.
- Building clamAV based static scanner for S3 buckets using AWS lambda.
- Integrating serverless scanning of S3 buckets with yara engine.
- Building signature update pipelines using static storage buckets to detect recent threats.
- Malware alert notification through SNS and slack channel.
- Adding advanced context to slack notification for quick remediation.
- Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.
*Forensic Automation for Cloud infrastructure*
- Building an IR 'flight simulator' in the cloud.
- Creating a step function rulebook for instance isolation and volume snapshots.
- lambda functions to perform instance isolation and status alerts.
- Building forensic analysis playbook to extract key artifacts, run volatility and build case tracking.
- Automated timeline generation and memory dump.
- Storing the artifacts to S3 bucket.
Takeaways for the students after completing the class:
* Use cloud technologies to detect & build automated response against IAM attacks.
* Understand and mitigate cloud native pivoting and privilege escalation and defense techniques.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to deploy threat detection services at scale.
* Build notification services to create detection alerts.
* Analyze malware-infected virtual machines to perform automated forensic investigations.
* Define step functions to implement automated forensic artifacts collection for cloud resources.
* Build cloud security response playbooks for defense evasion, persistence and lateral movements.
Student skill level:
Advanced.
- Basic understanding of AWS.
- System administration, linux cli, AWS cli.
- Able to write basic programs in python.
- Familiarity with SQL and KQL queries will be a plus.
What should students bring to the Training?:
- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
- Privileges to disable/change any antivirus or firewall.
Bio:
Abhinav Singh is a cybersecurity researcher with close to a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.
Previous Trainings:
2022: Hack In Paris, Insomnihack, x33fcon, Troopers.
https://hackinparis.com/trainings/#t...ructure-2-days
https://insomnihack.ch/workshops-2022/
https://www.x33fcon.com/#!t/aws.md
2021: Blackhat EU, Troopers, Hack In the Box.
https://www.blackhat.com/eu-21/train...tructure-24306
DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Abhinav Singh
CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test
- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...nfrastructures
Training description:
This training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.
Course overview:
*IAM*
- Introduction to IAM attack surface.
- Enumerating IAM Permissions for privilege escalations.
- Advance privilege escalation using policy chaining and evading scanning tools.
- Post Infection attack TTPs.
*Security Analytics & Automation at cloud scale*
- Using cloudtrail logs for investigation and Athena for querying.
- Automating athena queries for continuous assessment.
- Building highly scalable, multi-account logging and monitoring infrastructure in AWS.
- Establishing an alerting pipeline.
*Malware detection and investigation on/for cloud infrastructure*
- Quick Introduction to cloud infrastructure security.
- Building clamAV based static scanner for S3 buckets using AWS lambda.
- Integrating serverless scanning of S3 buckets with yara engine.
- Building signature update pipelines using static storage buckets to detect recent threats.
- Malware alert notification through SNS and slack channel.
- Adding advanced context to slack notification for quick remediation.
- Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.
*Forensic Automation for Cloud infrastructure*
- Building an IR 'flight simulator' in the cloud.
- Creating a step function rulebook for instance isolation and volume snapshots.
- lambda functions to perform instance isolation and status alerts.
- Building forensic analysis playbook to extract key artifacts, run volatility and build case tracking.
- Automated timeline generation and memory dump.
- Storing the artifacts to S3 bucket.
Takeaways for the students after completing the class:
* Use cloud technologies to detect & build automated response against IAM attacks.
* Understand and mitigate cloud native pivoting and privilege escalation and defense techniques.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to deploy threat detection services at scale.
* Build notification services to create detection alerts.
* Analyze malware-infected virtual machines to perform automated forensic investigations.
* Define step functions to implement automated forensic artifacts collection for cloud resources.
* Build cloud security response playbooks for defense evasion, persistence and lateral movements.
Student skill level:
Advanced.
- Basic understanding of AWS.
- System administration, linux cli, AWS cli.
- Able to write basic programs in python.
- Familiarity with SQL and KQL queries will be a plus.
What should students bring to the Training?:
- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
- Privileges to disable/change any antivirus or firewall.
Bio:
Abhinav Singh is a cybersecurity researcher with close to a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.
Previous Trainings:
2022: Hack In Paris, Insomnihack, x33fcon, Troopers.
https://hackinparis.com/trainings/#t...ructure-2-days
https://insomnihack.ch/workshops-2022/
https://www.x33fcon.com/#!t/aws.md
2021: Blackhat EU, Troopers, Hack In the Box.
https://www.blackhat.com/eu-21/train...tructure-24306
DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Abhinav Singh
CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test
- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included