homepage
Open menu
Contact Sales

Making Mistakes Publicly: Cloud Edition – Aviata Solo Flight Challenge Chapter 1

  • Tuesday, 16 Apr 2024 10:00AM EDT (16 Apr 2024 14:00 UTC)
  • Speaker: Moses Frost

Public Cloud Environments can make things, well, rather public. While there are ways to prevent this, and the cloud providers have made strides, retroactive changes are not a thing. As such, we still find very poorly configured environments today. 

Join us for this first of eight workshops in the Aviata Solo Flight Challenge Workshop series. We will show you how to look at a target organization's misconfigured public items. This lab will begin by showing you how to obtain a user's account number; from here, you can further look for public items in different storage environments. Finally, you can take advantage and find additional things within the environment.

Each monthly workshop in the series is independent of the others. There are no technical or educational dependencies from one to the others.

Learning Objectives

  • Modeling attack groups that are currently untracked but are compromising cloud assets
  • Look at the attack surfaces and how to discover open buckets, open images, open snapshots which could lead to sensitive information leakage
  • Learn to how to detect and harden these environments

Scroll down for perquisites and laptop requirements.

Login to Register
Aviata Cloud - Solo Flight Challenge

Requirements to complete this lab

Amazon AWS Range

  • You must bring an AWS Account to launch a system and connect remotely. If you need an AWS account, you can create a free tier account with root access at https://aws.amazon.com/free/

  • You will need to be able to run Terraform locally and create objects within this account.

  • You will need a set of Access Keys to your account to move into the docker container

Local device

  • You must run a local version of Docker with/ X86 support on it. ARM processors such as Mac M1 are not going to be supported

Prerequisite Knowledge

  • Comfortability in Linux Command Line

  • Basic Knowledge of AWS Administration

  • Basic Usage of running Terraform (build, apply, destroy)

  • System Administration usage in SSH

This workshop supports content and knowledge from SEC588: Cloud Penetration Testing

Future Workshops

Follow the Aviata Cloud Solo Flight Challenge Workshop Series throughout 2024 with free monthly cloud security workshops that will walk you through how various knowledge and hands-on skills work together to create a secure cloud environment for your organization.

Related Content

Blog
CLD_-_Aviata_Cloud_Solo_Flight_Challenge_-_General_-_Workshop_340_x_340.jpg
Cloud Security
Aviata Cloud Solo Flight Challenge
Master cloud security by tackling this free series of workshops.
Cloud_Ace_Final.png
SANS Cloud Security
read more
Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
CLD_-_Blog_-_Prevent_Cloud_Incidents_from_Becoming_Cloud_Breaches_340_x_340.jpg
Cloud Security
Prevent Cloud Incidents from Becoming Cloud Breaches
Explore the mission of the newly renamed SEC510: Cloud Security Controls and Mitigations.
BrandonEvans_Headshot_370x370.png
Brandon Evans
read more