#AWS: Hack to defend: exploiting public AWS resources

Dive deep into the often-overlooked world of AWS public resource vulnerabilities across a wide array of services. This workshop goes far beyond exposed S3 buckets, revealing how seemingly harmless configurations in various AWS components can lead to significant security risks. 

Through a mix of real-world scenarios and theoretical misconfigurations, you’ll learn to identify and exploit these vulnerabilities from an attacker’s perspective. Armed with this offensive knowledge, you’ll gain the insights needed to fortify your AWS ecosystem, transforming potential breaches into robust, multi- layered defenses.

Why you should attend

Participants in this workshop will gain a comprehensive understanding of AWS security that goes far beyond common knowledge, positioning them at the forefront public resources security. By learning to identify, exploit, and remediate vulnerabilities across multiple AWS services, attendees will develop a unique “hack to defend” skillset that’s highly sought after in the industry. 

This practical, hands-on experience is exactly what defenders are usually missing when they secure AWS environments: the offensive perspective. The workshop’s innovative approach bridges the gap between offensive and defensive security, enabling participants to transform attack insights into robust defense strategies. 

In an era where cloud breaches are increasingly common, this knowledge isn’t just beneficial – it’s essential. Attendees will leave equipped to immediately enhance their organization’s AWS security posture, making them invaluable assets in the ongoing battle against cloud-based threats.

What you will learn

  • Introduction to AWS Public Resources
  • Identifying Public Resources
  • Exploiting Public Resources (for each relevant AWS service)
  • Real-world Attack Scenarios
  • Remediation Strategies
  • Defensive Techniques
  • Hands-on exercises: Identifying and fixing vulnerabilities in a test environment
  • Conclusion and Q&A

Who is it for

This workshop is primarily designed for mid-level to advanced IT professionals who work with AWS environments, particularly those in cybersecurity roles. 

It’s ideal for:
• Cloud security engineers and architects
• Penetration testers and red team members interested in cloud security
• DevOps professionals responsible for securing AWS infrastructures
• Security analysts and managers overseeing cloud environments

While beginners with a strong foundation in cybersecurity principles can benefit, the workshop assumes a baseline knowledge of AWS services and general security concepts.

Other information & prerequisites

    The participants can participate without any prerequisites. However, for gaining the maximum out of the workshop, it is recommended to:
    – Bring a laptop for doing the practical exercises
    – Have internet access
    – Have AWS CLI installed on their laptop
    – Have a working browser

    Prerequisites:
    • Familiarity with core AWS services (e.g., EC2, S3, IAM)
    • Basic understanding of network security principles
    • Comfort with command-line interfaces and scripting (Python or Bash)

    Recommended knowledge:
    • Experience with AWS security best practices
    • Understanding of common web vulnerabilities and exploitation techniques
    • Familiarity with Linux operating systems

    No specific certifications are required, but participants with AWS Security Specialty or similar certifications will find the content particularly relevant and immediately applicable.

    • Language: ROMANIAN or ENGLISH
    • Duration: 4 hours
    • Minimum students: 8
    • Date: November 27th
    • Venue: To be announced
    • Price:
      • Before October 28th: 200 EURO + vat
      • After October 28th: 250 EURO + vat

    About the trainer

    EDUARD AGAVRILOAE

    Security Researcher | AWS Offensive Security Expert

    An expert in offensive security with a focus on AWS, Eduard specializes in identifying vulnerabilities and providing advanced security solutions. His experience as a security researcher allows him to stay ahead of emerging threats and assist organizations in securing their cloud infrastructures effectively.

    FAQs

    Q: What happens if there aren’t enough participants?
    A: If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

    Q: Are food and accommodation included in the price?
    A:
    The food and accommodation are not included in the price. However, we can recommend nearby accommodation options for your convenience.

    Q: Can I get a refund if I can’t attend after registering?
    A:
    Yes, full refunds are available up to 20 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

    Q: How and when will I receive the details about the location and prerequisites?
    A:
    You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.