Cloud Penetration Testing Training Boot Camp
Learn how to conduct penetration tests on cloud services and applications! This boot camp goes in-depth into the tools and techniques used to exploit and defend cloud infrastructure components with a combination of hands-on labs and expert instruction.
Become a Certified Cloud Penetration Tester, guaranteed!
- Five days of expert, live CCPT training
- Exam Pass Guarantee
- Exam voucher
- Unlimited practice exam attempts
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($599 value!)
- 1-year access to all boot camp video replays and materials
- Pre-study learning path
- Hands-on cyber ranges and labs
- Knowledge Transfer Guarantee
Hands-on labs
Get hands-on penetration testing experience in our custom-built cloud-based lab environment. You will practice using OSINT tools and techniques to gather information about target services and public buckets, abusing metadata endpoints, stealing credentials from cloud instances, attacking storage and database service misconfigurations, and more. You will also learn remediation steps so that the cloud service provider can properly close the security hole.
Training overview
Infosec’s Cloud Penetration Testing Boot Camp is a practical, hands-on training focused on teaching you the skills, tools and techniques required for conducting comprehensive security tests of cloud servers and applications.
You will learn the secrets of cloud penetration testing in an immersive environment, including exploiting and defending AWS and Azure services, building your pentesting toolbox in the cloud, and diving deep into security features and vulnerabilities of cloud infrastructure. You will also learn how to deal with the unique challenges presented by cloud pentesting, such as multi-tenant environments and pivoting. The boot camp also prepares you to earn the Certified Cloud Penetration Tester (CCPT) certification.
What you'll learn
This boot camp provides hands-on cloud infrastructure penetration testing experience and prepares you to earn the CCPT certification. You will leave with skills and in-depth knowledge of the five CCPT domains:
- Common vulnerabilities in cloud environments
- Security features of popular cloud platforms
- Cloud pentesting process and requirements
- Cloud pentesting tools
- Reporting cloud pentest findings and providing recommendations
Who should attend?
- Penetration testers
- Cloud and system administrators
- Application developers
- DevSecOps engineers
- Security consultants
- Security analysts
Prerequisites
Familiarity with cloud and penetration testing concepts and at least one year in an information security role, or equivalent experience, is recommended.
Everything you need to earn your CCPT
- Five days of expert, live CCPT training
- Exam Pass Guarantee
- Exam voucher
- Unlimited practice exam attempts
- 100% Satisfaction Guarantee
- Free annual Infosec Skills subscription ($599 value!)
- 1-year access to all boot camp video replays and materials
- Pre-study learning path
- Hands-on cyber ranges and labs
- Knowledge Transfer Guarantee
Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.
CCPT training schedule
Infosec’s CCPT training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
- Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
- During your boot camp
-
Cloud pentesting process and requirements
- The need for cloud pentesting
- Cloud architecture fundamentals
- Cloud security responsibilities (within service models)
- Unique challenges for cloud pentesting
- Multi-tenancy considerations (data privacy, legal requirements, rules of engagement)
- Cloud attack surface
- Virtualization concepts
- Pentesting methodologies
- Cloud pentesting process
- Pentesting tools: traditional and cloud-specific
- Setting up a cloud pentesting environment
Reconnaissance in the cloud
- OSINT techniques
- Azure and AWS IP ranges
- Tools for obtaining IP and host information (Shodan, Censys, Google dorks)
- Enumerating access with Nimbostratus, ScoutSuite and Prowler
- Finding exposed buckets
- Bucket enumeration with Slurp
- Service discovery
Attacking AWS
- AWS security features
- AWS Console overview
- Working with AWS CLI
- Exploiting remote access protocols (SSH , RDP)
- Exploiting application security misconfigurations
- Abusing EC2 metadata
- Stealing IAM credentials
- EC2 IMDSv2
- Attacking lambda endpoints
- Assessments with AWS Inspector
- Attacking misconfigured S3 buckets
- Discovering and stealing EBS snapshots
- Recovering data from EBS snapshots
- Exploiting AWS RDS misconfigurations
- RDS data pilfering with AWS CLI and Amazon API
- Persistence
Attacking Azure
- Understanding Azure Services
- Mapping Azure Services to AWS Services
- Attacking Azure Virtual Machines
- Attacking Azure Blob Storage misconfigurations
- Extracting data from disk snapshots
- Subdomain takeover via Azure App Services
- Gaining shell access with Azure run command
- Finding and examining Azure SQL Database servers
Attacking containerized and serverless applications
- Understanding containers
- Working with Docker
- Container breakout
- Exploiting misconfigured containers
- Trojanized Docker images
- Understanding Kubernetes
- Attacking deployed applications
- Attacking Kubernetes clusters
- Understanding AWS Lambda
- Attacking serverless applications
Reporting
- Cloud security frameworks and best practices
- Collecting and reporting evidence in cloud accounts, aliases, metadata, keys and AMIs
- Developing and communicating follow-up items
-
- After your boot camp
-
Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-
Sign up