Cloud Scanning Workshop

Learn how to identify threats and vulnerabilities in your cloud environments.
CloudScanningWorkshop_Assets_470x382.jpg

Attackers evolve to exploit new opportunities including attacks against cloud systems. As defenders, we also need to evolve, developing new skills and understanding in how attackers exploit cloud platforms. In this workshop you will get a hands-on look at a module from SEC504: Hacker Tools, Techniques and Incident Handling with course author, SANS Fellow, Joshua Wright. Joshua will talk you through enumerating cloud targets and the cloud scanning process, then walk through the scanning exercise, and finally you’ll work on scanning vast ranges of cloud targets to discover shadow cloud systems in the lab environment.

*The module is 45 minutes lecture (total video 54:53) and 20 minutes hands-on lab exercise.

VM instructions and system requirements can be found below.

VM Instructions and System Requirements


Prior to the workshop: Download the Cloud Incident Response workshop virtual machine. Double-click on the OVA file to import the VM with VMware. Boot the VM after import, then login with the username sec504 and the password sec504.

When you are beginning the hands-on lab exercise, login to Slingshot Linux, then you can access lab materials simply by opening Firefox in the VM from the Applications -> Internet menu.

System Requirements:

  • VMware to launch a customized Slingshot Linux distribution (VMware Workstation Pro, VMware Workstation Player, or VMware Fusion for macOS; trial versions of all three are available, and VMware Workstation Player is available for free for non-commercial use.)
  • 30 GB free hard drive space
  • At least 8 GB RAM