Cloud Security Lab a Week (S.L.A.W)
One cloudsec lab. 15-30 minutes. Every week.
You want free training? We got free training!
Block Public Access is a powerful feature to... block public access? This week we'll learn how to set it up for S3 without pissing people off. Well, piss them off less.
There's a lot to creating a cloud data perimeter, so this week we'll learn what the heck a data perimeter is and use Access Analyzer to get started.
Learn how to use the just-released Resource Control Policies to lock down S3 with nuance and style!
Last week we learned how to misconfigure S3 ACLs. This week we learn how to misconfigure bucket policies. It's important to see why we don't run with scissors.
Before we learn all the cool ways to prevent data leaks, we're going to... leak some data so you know how these messes keep happening.
We've covered a ridiculous amount in this block, so let's pull it together and see why it all matters.
Learn how to create an EBS volume from a snapshot and attach it to a forensics analysis (sorta) server.
Today we'll learn about snapshots with a real-world security scenario that combines snapshots, cross-account sharing, and a Crime Scene Investigation.
The user-data field isn't only for passing in secrets — it can tell an instance to run commands. Today we'll learn how attackers abuse it.
The user-data field is a powerful tool for automation, but can be a major source of risk.
Today we learn how IAM roles work with instances, and how an older (and widely used) essential mechanism can be easily exploited.
Remember how I said to never use IAM users, or give them access keys? Today you'll learn why, as you hack one of my accounts (sorta).