Get certified, guaranteed
Everything you need to earn your CCPT
- 90-day extended access to Boot Camp components, including class recordings
- 100% Satisfaction Guarantee
- Exam Pass Guarantee
- Exam voucher
- Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
- Hands-on cyber ranges and labs
- Knowledge Transfer Guarantee
- Pre-study learning path
- Unlimited practice exam attempts
Award-winning training you can trust
What you'll learn
Training overview
Infosec’s Cloud Penetration Testing Boot Camp is a practical, hands-on training focused on teaching you the skills, tools and techniques required for conducting comprehensive security tests of cloud servers and applications.
You will learn the secrets of cloud penetration testing in an immersive environment, including exploiting and defending AWS and Azure services, building your pentesting toolbox in the cloud, and diving deep into security features and vulnerabilities of cloud infrastructure. You will also learn how to deal with the unique challenges presented by cloud pentesting, such as multi-tenant environments and pivoting. The boot camp also prepares you to earn the Certified Cloud Penetration Tester (CCPT) certification.
Before your boot camp
Prerequisites
Familiarity with cloud and penetration testing concepts and at least one year in an information security role, or equivalent experience, is recommended.
Syllabus
Training schedule
Cloud pentesting process and requirements
- The need for cloud pentesting
- Cloud architecture fundamentals
- Cloud security responsibilities (within service models)
- Unique challenges for cloud pentesting
- Multi-tenancy considerations (data privacy, legal requirements, rules of engagement)
- Cloud attack surface
- Virtualization concepts
- Pentesting methodologies
- Cloud pentesting process
- Pentesting tools: traditional and cloud-specific
- Setting up a cloud pentesting environment
Reconnaissance in the cloud
- OSINT techniques
- Azure and AWS IP ranges
- Tools for obtaining IP and host information (Shodan, Censys, Google dorks)
- Enumerating access with Nimbostratus, ScoutSuite and Prowler
- Finding exposed buckets
- Bucket enumeration with Slurp
- Service discovery
Attacking AWS
- AWS security features
- AWS Console overview
- Working with AWS CLI
- Exploiting remote access protocols (SSH , RDP)
- Exploiting application security misconfigurations
- Abusing EC2 metadata
- Stealing IAM credentials
- EC2 IMDSv2
- Attacking lambda endpoints
- Assessments with AWS Inspector
- Attacking misconfigured S3 buckets
- Discovering and stealing EBS snapshots
- Recovering data from EBS snapshots
- Exploiting AWS RDS misconfigurations
- RDS data pilfering with AWS CLI and Amazon API
- Persistence
Attacking Azure
- Understanding Azure Services
- Mapping Azure Services to AWS Services
- Attacking Azure Virtual Machines
- Attacking Azure Blob Storage misconfigurations
- Extracting data from disk snapshots
- Subdomain takeover via Azure App Services
- Gaining shell access with Azure run command
- Finding and examining Azure SQL Database servers
Attacking containerized and serverless applications
- Understanding containers
- Working with Docker
- Container breakout
- Exploiting misconfigured containers
- Trojanized Docker images
- Understanding Kubernetes
- Attacking deployed applications
- Attacking Kubernetes clusters
- Understanding AWS Lambda
- Attacking serverless applications
Reporting
- Cloud security frameworks and best practices
- Collecting and reporting evidence in cloud accounts, aliases, metadata, keys and AMIs
- Developing and communicating follow-up items
Guaranteed results
Our boot camp guarantees
Exam Pass Guarantee
If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Unlock team training discounts
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.
Enroll in a boot camp
-
Exam Pass Guarantee
-
Exam Pass Guarantee
-
Exam Pass Guarantee
-
Exam Pass Guarantee
Similar boot camps
More learning opportunities
-
Most popularBoot camp
CompTIA Security+ Training Boot Camp
Infosec’s CompTIA Security+ Boot Camp teaches you information security theory and reinforces that theory with hands-on exercises to help you learn by doing. You’ll learn how to configure and operate many different technical security controls — and leave prepared to pass your Security+ exam.
Learn More
-
#1 FOR BEGINNERSBoot camp
Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification
Infosec’s authorized CCNA Dual Certification Boot Camp helps you build your knowledge of networking and provides hands-on experience installing, configuring and operating network devices — all while preparing you to earn two Cisco certifications.
Learn More
-
Most requestedBoot camp
(ISC)² CISSP® Certification Training and Boot Camp
Take your career to the next level by earning one of the most in-demand cybersecurity certifications. Infosec’s CISSP training provides a proven method for mastering the broad range of knowledge required to become a Certified Information Systems Security Professional.
Learn More