Cloud Security Lab a Week (S.L.A.W)
One cloudsec lab. 15-30 minutes. Every week.
You want free training? We got free training!
We've covered a ridiculous amount in this block, so let's pull it together and see why it all matters.
Learn how to create an EBS volume from a snapshot and attach it to a forensics analysis (sorta) server.
Today we'll learn about snapshots with a real-world security scenario that combines snapshots, cross-account sharing, and a Crime Scene Investigation.
The user-data field isn't only for passing in secrets — it can tell an instance to run commands. Today we'll learn how attackers abuse it.
The user-data field is a powerful tool for automation, but can be a major source of risk.
Today we learn how IAM roles work with instances, and how an older (and widely used) essential mechanism can be easily exploited.
Remember how I said to never use IAM users, or give them access keys? Today you'll learn why, as you hack one of my accounts (sorta).
Time to see our hard work in action, as we deliberately expose an instance to see what happens.
We learn a cool way to log activity into S3 using Session Manager
We've been using Session Manger in our labs. Today we'll level up with logging and command line access.
In this lab we will connect to an instance on a totally private subnet, without inbound or outbound Internet access, using a VPC Endpoint.
We've been at this over 6 months, so I suppose we should actually run something.