The Offensive Cloud Pentesting shows you have acquired the advanced technical skills and possess the comprehensive knowledge required to design, manage and secure the infrastructure, applications, and the data hosted in the cloud using the best practices which align with the modern-day technological advancements.

 

 

 

COURSE OVERVIEW 

Cloud Penetration Testing Course is high in demand and specialized certification programs, which offensively focuses on cloud penetration testing. Because almost every business now seeks a cloud penetration evaluation to ensure the security of the cloud infrastructure. Cloud computing is complicated and not easy to manage as far as the data center is concerned.


The Offensive Cloud Pentesting reveals that you have gained advanced technical experience and have the thorough knowledge to develop, manage and safeguard cloud infrastructure, applications and data using the best practice that comply with current technological development.


For years, the system workload has shifted to the cloud. And cloud technology consists of a wide number of components such as virtualization. You will be equipped with the latest techniques for cloud-focused penetration testing and will learn how to analyze cloud environments.


As this is an advanced course the candidates are required to know about Hypervisor technology, cloud services, Data Center principles, TCP / IP Suites, networking stacks, standards and SDN, SAN, NAS, DAS, risk management, enforcement, legislation, and regulations, etc. to conduct cloud penetration testing.


Cloud Penetration Testing Course is a practical cloud penetration testing application and applicants conduct offensive penetration tests to identify a cloud infrastructure weakness.

 

 

 

Cloud Penetration Testing Course focuses on: 

# Cloud Penetration Testing technique
# Cloud Formation
# Assessing Cloud Infrastructure
# AWS and Azure Penetration Testing
# Red and Blue Team in Cloud
# Software-Defined Networking
# Microservice
# Cloud API Penetration Testing
# DevSecOps
# Other Cloud technology and Components Assessment 




COURSE DETAILS
 

WHO IS THIS COURSE FOR?
 

- Information Security 

– Consultant, Manager, Security Architect Senior 

– Engineer, Security Director, Solution Architect, Security Analyst, Security Specialist, Compliance, Red team, Blue team

- Anyone who wants to make career in cloud security, data storage, or cloud pentester




Cloud Penetration Testing course PREREQUISITE 

# No Linux or programming language knowledge required.
# Basic IT knowledge and passionate about information security will be more than enough.
# Just go through the free resources about how cloud works provided by hackerSlash.




COURSE SYLLABUS

Domain 1: Hybrid Data Storage in Cloud Computing 

# Brief Introduction to Cloud Computing and Virtualization Technology
# Brief Introduction to Cloud Data Storage Server and Hardware Requirement
# Installing Cloud Storage Server in Premise and in Public Cloud
# Basic Configuration in Cloud Data Server and building a Trusted Pool
# Brief Introduction to various Volumes related to Cloud Data storage Server
# Creating LVM (Logical Volume Manager) for Cloud Data Storage
# Shrinking and Expanding Volume in Cloud Data Storage
# Creating Replicating Volumes and Creating Distributed- Replicating Volume
# Storage Client,Native Client,CIFS (Comman Internet File System) Client in Data Storage Computing
# Manage Permission,setting ACL (Access Control List) and Quotas for Cloud Users
# Troubleshooting IP Related Problem in Storage Server
# Creating NFS (Network File System) Server for Cloud Storage
# Creating Multiple Brick From Single Node
# Configuring Geo-Replication for Disaster Recovery for Cloud Server
# Securing Data and Information in Cloud Storage
# Troubleshooting all storage server, Client Server and other servers
# Implementing Security on Data Storage Server
# Reconnaissance and Information Gathering Process in Data Storage Technology


Domain 2: Cloud Computing and Openstack 

# Brief Introduction to Cloud Architecture and Cloud Computing
# Para-Virtualization and Fully-Virtualization (Hypervisor) Technology
# Exploring Openstack Platform and Openstack Architecture
# Installation Process of Openstack Platform and Exploring Horizon Web Interface
# Installing and Securing Message Broker
# Managing Identity Services and Managing Users in Cloud Platform
# Managing Image Services
# Deploy the Glance Image Service and use glance to upload a system Image
# Block Storage Services and installation of Cinder Services and Manage Volumes
# Attach or Adding Multiple Storage Volume to Cinder
# Installing Openstack Networking
# Managing Networking Services in Openstack Platform
# Metering Service in Openstack Platform
#Orchestration Services Methodology
# Install and Configure the Heat Orchestration Services
# Volume Snapshot in Openstack Platform
# Allocating Floating IP to Instances (Images) in Openstack Platform
# Creating Virtual Router between the two Network (Layer-3 Switch)
# Securing protocols in Openstack Platform


Domain 3: Virtualization and Hypervisor Security 

# Brief Introduction to Virtualization Technology World
# Brief Introduction to Para-Vitalization Product
# Brief Introduction to Fully-Virtualization Product
# General Overview Of Kernel Virtual Machine (KVM)
# Installation and Configuring Process of Virtualization Hypervisor
# Brief Introduction to the Data Center
# Brief Introduction to the Cluster
# Examine Efficiency of Virtualization Hypervisor
# Installation Process of VM (Virtual Machine) Desktop and Para Virtualization Driver
# Installation Process of Multiple Operating in Hypervisor
# Migration Process of Virtual Images From Hypervisor
# Brief Introduction to Penetration Testing Lab for Virtualization Product
# Examine Vulnerability in Virtualization Product
# Security Issues regarding to Virtualization and Hypervisor Security


Domain 4: Cloud Penetration Testing 

# Brief Introduction to Cloud Architecture and Cloud Computing
# Para-Virtualization and Fully-Virtualization (Hypervisor) Technology
# Exploring Openstack Platform and Openstack Architecture
# Installation Process of Openstack Platform and Exploring Horizon Web Interface
# Installing Cloud Storage Server in Premise and in Public Cloud
# Basic Configuration in Cloud Data Server and building a Trusted Pool
# Brief Introduction to various Volumes related to Cloud Data storage Server
# Creating LVM (Logical Volume Manager) for Cloud Data Storage
# Shrinking and Expanding Volume in Cloud Data Storage
# Creating Replicating Volumes and Creating Distributed- Replicating Volume
# Storage Client, Native Client, CIFS (Comman Internet File System) Client in Data Storage Computing
# Installation and Configuring Process of Virtualization Hypervisor
# Managing Data Center,role of Data center in Cloud Technology world and Security Topology
# Creating Thousand of Clusters in Cloud and Managing Cluster in Cloud
# Examine Efficiency of Virtualization Hypervisor
# Installation Process of Multiple Operating in HyperVisor
# Migration Process of Virtual Images From HyperVisor
# TCP IP packet Analysis
# Advanced Sniffing Technique in Cloud
# Network Traffic Image Capturing in Cloud
# Pentesting SSH Server in cloud
# Vulnerability Analysis With Nessus - Nessus Vulnerability Scanner
# Advanced Wireless Testing in Cloud
# Wireless Penetration Testing in Cloud
# MAC-Spoofing Technique
# Designing a DMZ in Cloud
# Snort Analysis in Cloud
# Brief Introduction to Advanced Exploits and Tools in Cloud
# AIDE (Advanced Intrusion Detection Environment) in Cloud
# Securing System from IP-SPOOFING in Cloud
# Penetration Testing Methodologies in Cloud
# Customers and Legal Agreement
# Rules of Engagement
# Penetration Testing Planning and Scheduling in Cloud
# Pre-penetration Testing Scheduling in Cloud
# External Penetration Testing in Cloud
# Internal Penetration Testing in Cloud
# DNS Reconnaissance(Advanced DNS Reconnaissance)
# Pentesting Cloud IPV6 systems
# DNS Penetration Testing in Cloud
# Intercepting and Manipulation (Packet Crafting) of packets in cloud
# Exploring Web Proxies and working Process
# SSLSNIFF in Cloud Environment
# Pentesting NFS Server in Cloud and Securing NFS Server
# Password Escalation and Cracking Technique
# Implement SYN FLOOD and ICMP FLOOD
# Advanced DDOS Attack on SSL(Secure Socket Layer-https)
# Virus and Trojan Detection Technique
# Penetration testing to Digital Certificate(Cryptography)
# Securing data and Information and various Technology (Cryptography)
# Exploring HeartBleed Vulnerability
# Geo-Replication for Disaster Recovery in Cloud Environment
# Exploring BashShell (ShellShock) Vulnerability


Domain 5: AWS/Azure Penetration Testing 

# How to setup AWS Account
# How to setup Linux Server & Windows Server in AWS
# Assess OWASP TOP 10 Vulnerability in Cloud Infrastructure
# Writing our own scripts to scan Cloud infrastructure
# Performing Penetration Testing on Firewall
# Automate Cloud Infrastructure Deployment using Cloud Template
# S3 Bucket creation, permission, versioning and exploring other hidden features
# Object vs Block Storage
# Cloud Account Takeover attack
# Assess Firewall Security Group
# VM Escaping Attack
# Offensive Cloud API Exploitation and Security
# SSH Attacks and Security
# IAM (Identity and Access Management)- User, Group and Permission
# Exploring SDN (Software Defined Network)
# Cloud RBAC (Role Based Access Control)
# Cloud ABAC (Attributes Based Access Control)
# Assessing Crypto Algorithm
# Cryptography Penetration Testing
# Management Place Attack (AWS-Dashboard)
# Automate Penetration Testing on Cloud Infrastructure
# Go beyond OWASP Top-10
# AWS Enumeration and Post Exploitation Attacks
# Privilege Escalation Attack to gain access
# Performing Penetration Testing on AWS Elastic Compute Cloud (EC2)
# Performing Penetration Testing on AWS Simple Storage Service(S3)
# IAM Misconfiguration & IAM policy structure
# Offensive API Request Attacks
# Advanced DOS and DDOS Attack using Automate Bots
# Pivoting into Virtual Private Cloud Attacks
# Attacking AWS Logging and Security
# SSRF Attacks and Security
# DNS Penetration Testing
# Cloud WAF and Security Implementation
# Cloud Infrastructure Defence Technique
# Cloud Threat Modelling
# Performing Penetration Testing on various other cloud services
# Offensive Sniffing in Cloud Infrastructure
# Cloud SIEM (Security Incident Event Management)
# SECAAS (security as a service)
# OAUTH & SAML Bypass
# Federated Identity and Cloud Broker Services
# Cloud based IDS and IPS Configuration and Management
# Report Writing with POC (Proof of Concept)




Duration:

4 Months



Pricing:

# 20,000 Taka for Bangladeshi Students

# $300 USD for International Students



Contact us:

Need Technical Assistance? Speak with a support representative by Mailing - hackerslash@icloud.com