Cloud Penetration Testing Training Boot Camp

Transform your career in 5 days

Learn how to conduct penetration tests on cloud services and applications! This boot camp goes in-depth into the tools and techniques used to exploit and defend cloud infrastructure components with a combination of hands-on labs and expert instruction.

4.6 (738 ratings)

Affirm Financing available
Exam Pass Guarantee

Course essentials

Boot camp at a glance

  • Method

    Online, in-person, team onsite

  • Duration

    5 days

  • Experience

    1-3 years of experience

What you'll learn

Training overview

Infosec’s Cloud Penetration Testing Boot Camp is a practical, hands-on training focused on teaching you the skills, tools and techniques required for conducting comprehensive security tests of cloud servers and applications.

You will learn the secrets of cloud penetration testing in an immersive environment, including exploiting and defending AWS and Azure services, building your pentesting toolbox in the cloud, and diving deep into security features and vulnerabilities of cloud infrastructure. You will also learn how to deal with the unique challenges presented by cloud pentesting, such as multi-tenant environments and pivoting. The boot camp also prepares you to earn the Certified Cloud Penetration Tester (CCPT) certification.

Who should attend

Who Should Attend Image
  • Penetration testers
  • Cloud and system administrators
  • Application developers
  • DevSecOps engineers
  • Security consultants
  • Security analysts

Award-winning training you can trust

Ready to discuss your training goals? We've got you covered.

Complete the form and book a meeting with a member of our team to explore your learning opportunities.

This is where the error message would go.

Step 1

Finish

Thanks! We look forward to meeting with you!

What's included

Everything you need to know

 Certification Logo
  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Hands-on cyber ranges and labs
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts

What makes the Infosec CCPT prep course different?

You can rest assured that the CCPT training materials are fully updated and synced with the latest version of the CCPT exam. With 20 years of training experience, we stand by our CCPT training with an Exam Pass Guarantee. This means if you don’t pass the exam on the first attempt, we’ll pay for your second exam at no additional cost to you!

Before your boot camp

Prerequisites

Before enrolling in the Cloud Penetration Testing Training Boot Camp, it is recommended that you have:

  • Familiarity with cloud and penetration testing concepts and at least one year in an information security role, or equivalent experience

Syllabus

Training schedule

Day 1
Morning session

Introduction

Cloud pentesting process and requirements

  • The need for cloud pentesting
  • Cloud architecture fundamentals
  • Cloud security responsibilities (within service models)
  • Unique challenges for cloud pentesting
  • Multi-tenancy considerations (data privacy, legal requirements, rules of engagement)
  • Cloud attack surface
  • Virtualization concepts
  • Pentesting methodologies
  • Cloud pentesting process
  • Pentesting tools: traditional and cloud-specific
  • Setting up a cloud pentesting environment
Afternoon session

Reconnaissance in the cloud

  • OSINT techniques
  • Azure and AWS IP ranges
  • Tools for obtaining IP and host information (Shodan, Censys, Google dorks)
  • Enumerating access with Nimbostratus, ScoutSuite and Prowler
  • Finding exposed buckets
  • Bucket enumeration with Slurp
  • Service discovery
Evening session

Optional group & individual study

Schedule may vary from class to class

Day 2
Morning session

Attacking AWS

  • AWS security features
  • AWS Console overview
  • Working with AWS CLI
  • Exploiting remote access protocols (SSH , RDP)
  • Exploiting application security misconfigurations
  • Abusing EC2 metadata
  • Stealing IAM credentials
  • EC2 IMDSv2
  • Attacking lambda endpoints
  • Assessments with AWS Inspector
  • Attacking misconfigured S3 buckets
  • Discovering and stealing EBS snapshots
  • Recovering data from EBS snapshots
  • Exploiting AWS RDS misconfigurations
  • RDS data pilfering with AWS CLI and Amazon API
  • Persistence
Afternoon session

Attacking AWS continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 3
Morning session

Attacking Azure

  • Understanding Azure Services
  • Mapping Azure Services to AWS Services
  • Attacking Azure Virtual Machines
  • Attacking Azure Blob Storage misconfigurations
  • Extracting data from disk snapshots
  • Subdomain takeover via Azure App Services
  • Gaining shell access with Azure run command
  • Finding and examining Azure SQL Database servers
Afternoon session

Attacking Azure continued

Evening session

Optional group & individual study

Schedule may vary from class to class

Day 4
Morning session

Attacking containerized and serverless applications

  • Understanding containers
  • Working with Docker
  • Container breakout
  • Exploiting misconfigured containers
  • Trojanized Docker images
  • Understanding Kubernetes
  • Attacking deployed applications
  • Attacking Kubernetes clusters
  • Understanding AWS Lambda
  • Attacking serverless applications
Afternoon session

Attacking containerized and serverless applications continued

Evening session

Attacking containerized and serverless applications continued

Day 5
Morning session

Reporting

  • Cloud security frameworks and best practices
  • Collecting and reporting evidence in cloud accounts, aliases, metadata, keys and AMIs
  • Developing and communicating follow-up items
Afternoon session

Take CCPT exam

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

You're in good company

EH

The instructor was able to take material that prior to the class had made no sense, and explained it in real world scenarios that were able to be understood.

Erik Heiss, United States Air Force
MJ

I really appreciate that our instructor was extremely knowledgeable and was able to provide the information in a way that it could be understood. He also provided valuable test-taking strategies that I know not only helped me with this exam, but will help in all exams I take in the future.

Michelle Jemmott, Pentagon
RC

The course was extremely helpful and provided exactly what we needed to know in order to successfully navigate the exam. Without this I am not confident I would have passed.

Robert Caldwell, Salient Federal Solutions

Enroll in a boot camp

July 15, 2024 - July 19, 2024

Online only

August 12, 2024 - August 16, 2024

Online only

November 18, 2024 - November 22, 2024

Online only

March 17, 2025 - March 21, 2025

Online only