Making Mistakes Publicly: Cloud Edition – Aviata Solo Flight Challenge Chapter 1

  • Tuesday, 16 Apr 2024 10:00AM EDT (16 Apr 2024 14:00 UTC)
  • Speaker: Moses Frost

Public Cloud Environments can make things, well, rather public. While there are ways to prevent this, and the cloud providers have made strides, retroactive changes are not a thing. As such, we still find very poorly configured environments today. 

Join us for this first of eight workshops in the Aviata Solo Flight Challenge Workshop series. We will show you how to look at a target organization's misconfigured public items. This lab will begin by showing you how to obtain a user's account number; from here, you can further look for public items in different storage environments. Finally, you can take advantage and find additional things within the environment.

Each monthly workshop in the series is independent of the others. There are no technical or educational dependencies from one to the others.

Who Should Attend

This workshop is ideal for IT security professionals, network engineers, and system administrators who are focused on strengthening cloud security through effective penetration testing techniques.

Learning Objectives

  • Modeling attack groups that are currently untracked but are compromising cloud assets
  • Look at the attack surfaces and how to discover open buckets, open images, open snapshots which could lead to sensitive information leakage
  • Learn to how to detect and harden these environments

Scroll down for prerequisites and laptop requirements.

Aviata Cloud - Solo Flight Challenge

Prerequisite Knowledge

  • Comfortability in Linux Command Line
  • Basic Knowledge of AWS Administration
  • Basic Usage of running Terraform (build, apply, destroy)
  • System Administration usage in SSH
  • This workshop supports content and knowledge from SEC588: Cloud Penetration Testing

System Requirements

Amazon AWS Range

  • You must bring an AWS Account to launch a system and connect remotely. If you need an AWS account, you can create a free tier account with root access at
  • You will need to be able to run Terraform locally and create objects within this account.
  • You will need a set of Access Keys to your account to move into the docker container

Local device

  • You must run a local version of Docker with/ X86 support on it. ARM processors such as Mac M1 are not going to be supported

Future Workshops

Follow the Aviata Cloud Solo Flight Challenge Workshop Series throughout 2024 with free monthly cloud security workshops that will walk you through how various knowledge and hands-on skills work together to create a secure cloud environment for your organization.