No announcement yet.

Abhinav Singh - Defender's Guide to Securing Public Cloud Infrastructures

  • Filter
  • Time
  • Show
Clear All
new posts

  • Abhinav Singh - Defender's Guide to Securing Public Cloud Infrastructures

    Abhinav Singh - Defender's Guide to Securing Public Cloud Infrastructures
    Latest details, requirements, description, cost:

    Training description:

    This training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.

    Course overview:

    - Introduction to IAM attack surface.
    - Enumerating IAM Permissions for privilege escalations.
    - Advance privilege escalation using policy chaining and evading scanning tools.
    - Post Infection attack TTPs.

    *Security Analytics & Automation at cloud scale*
    - Using cloudtrail logs for investigation and Athena for querying.
    - Automating athena queries for continuous assessment.
    - Building highly scalable, multi-account logging and monitoring infrastructure in AWS.
    - Establishing an alerting pipeline.

    *Malware detection and investigation on/for cloud infrastructure*
    - Quick Introduction to cloud infrastructure security.
    - Building clamAV based static scanner for S3 buckets using AWS lambda.
    - Integrating serverless scanning of S3 buckets with yara engine.
    - Building signature update pipelines using static storage buckets to detect recent threats.
    - Malware alert notification through SNS and slack channel.
    - Adding advanced context to slack notification for quick remediation.
    - Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.

    *Forensic Automation for Cloud infrastructure*
    - Building an IR 'flight simulator' in the cloud.
    - Creating a step function rulebook for instance isolation and volume snapshots.
    - lambda functions to perform instance isolation and status alerts.
    - Building forensic analysis playbook to extract key artifacts, run volatility and build case tracking.
    - Automated timeline generation and memory dump.
    - Storing the artifacts to S3 bucket.

    Takeaways for the students after completing the class:

    * Use cloud technologies to detect & build automated response against IAM attacks.
    * Understand and mitigate cloud native pivoting and privilege escalation and defense techniques.
    * Use serverless functions to perform on-demand threat scans.
    * Deploy containers to deploy threat detection services at scale.
    * Build notification services to create detection alerts.
    * Analyze malware-infected virtual machines to perform automated forensic investigations.
    * Define step functions to implement automated forensic artifacts collection for cloud resources.
    * Build cloud security response playbooks for defense evasion, persistence and lateral movements.

    Student skill level:


    - Basic understanding of AWS.
    - System administration, linux cli, AWS cli.
    - Able to write basic programs in python.
    - Familiarity with SQL and KQL queries will be a plus.

    What should students bring to the Training?:

    - System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
    - Privileges to disable/change any antivirus or firewall.


    Abhinav Singh is a cybersecurity researcher with close to a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.

    Previous Trainings:

    2022: Hack In Paris, Insomnihack, x33fcon, Troopers.!t/

    2021: Blackhat EU, Troopers, Hack In the Box.

    DATE:Aug 15th to 16th 2022

    TIME:8am to 5pm PDT

    VENUE:Caesars Forum Ballroom

    TRAINER:Abhinav Singh

    CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test

    - 16 hours of training with a certificate of completion for some classes
    - COVID safety: Masks required for indoor training
    - Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
    - Note: Food is NOT included
    Last edited by number6; August 14, 2022, 22:09.

  • #2
    Start time updated from 9am to 8am.