This repository contains all the exercise documentation from the Amazon Cloud Attack and Defense Bootcamp by Pwned Labs. The exercises are designed to help participants develop their skills in attacking and defending AWS environments, leading to the Amazon Cloud Red Team Professional (ACRTP) certification.
The Amazon Cloud Attack and Defense Bootcamp is a comprehensive 4-week instructor-led training for security professionals who want to master AWS security. The bootcamp covers foundational concepts, security tools, and hands-on techniques for attacking, defending, and auditing AWS environments.
The bootcamp prepares you for the Amazon Cloud Red Team Professional (ACRTP) Certification, which tests your ability to apply these skills in real-world scenarios.
By completing this bootcamp and passing the ACRTP exam, you'll gain proficiency in:
- Understanding key Amazon Web Services (AWS) concepts and services.
- Simulating compromises of developer accounts to assess the blast radius.
- Performing AWS security audits and vulnerability remediation.
- Leveraging AWS resources for initial access and lateral movement.
- Using modern phishing techniques to gain access to AWS environments.
- Abusing compromised credentials for lateral and vertical movement.
- Hands-on purple teaming simulating real-world attack and defense scenarios.
- Expanding access through DevOps platforms and OpenID Connect.
- Exploiting misconfigured IAM roles and trust policies.
- Attacking and defending Amazon EC2 and Elastic Beanstalk environments.
- Detecting cloud threats using tools like Splunk, GuardDuty, Athena, and CloudTrail.
Amazon Web Services is the current market leader in public cloud! This comprehensive 4-week bootcamp and associated structured learning path provide students with foundational concepts, essential security tools and techniques, and instruction in attacking, defending, and auditing AWS environments.
Get hands-on with external and assume breach scenarios, and learn how to audit AWS configuration, simulate compromise, and respond to threats.
Having successfully completed the Amazon Cloud Attack and Defense bootcamp and learning path, you'll be prepared to demonstrate your skills in the fully hands-on and unproctored exam lab. The exam challenges you to apply your newfound expertise in completing an exploitation chain and getting the flag.
The exam environment is dynamic, with the flag and scenario changing periodically to ensure the credibility of the Amazon Cloud Red Team Professional (ACRTP) certification when applying for AWS security roles.
You should know your way around the Windows or Linux command line! Although familiarity with AWS is helpful, it isn't required.
Students who successfully complete the 4-week bootcamp and structured learning path, and subsequently pass the exam to earn the Amazon Cloud Red Team Professional (ACRTP) certification, have demonstrated proficiency in the following areas:
- Understand key Amazon Web Services (AWS) concepts and services.
- Simulate compromising a developer account to test the blast radius.
- Perform AWS security audits and remediate vulnerabilities.
- Leverage AWS resources to gain initial access and move laterally.
- Use modern phishing techniques to gain initial access to AWS.
- Abuse compromised credentials for lateral and vertical movement.
- Hands-on purple teaming simulating real-world attacks and defenses.
- Expand access through DevOps platforms and OpenID Connect.
- Exploit misconfigured IAM roles and trust policies to increase access.
- Attack and defend Amazon EC2 and Elastic Beanstalk environments.
- Detect cloud threats using Splunk, GuardDuty, Athena, and CloudTrail.
In addition to the live, instructor-led bootcamp, students get access to a fully structured learning path covering penetration testing, incident detection, and response in AWS. This includes access to selected premium AWS security labs.
The Amazon Cloud Attack and Defense bootcamp showcases trending techniques and tradecraft used by real threat actors, including AMBERSQUID and SCARLETEEL. The realistic labs simulate actual company environments and active users in AWS that you are likely to come across during engagements or in your own organization.
- Identify, replicate, and detect tradecraft from recent cloud breaches.
- Explore various methods to complete the same tasks and become tool-agnostic.
- Learn how to evict threats and rotate/reset various forms of credentials.