All Projects → appsecco → Breaking And Pwning Apps And Servers Aws Azure Training

appsecco / Breaking And Pwning Apps And Servers Aws Azure Training

Licence: other
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

Projects that are alternatives of or similar to Breaking And Pwning Apps And Servers Aws Azure Training

Wstg
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Stars: ✭ 3,873 (+417.09%)
Mutual labels:  pentesting, penetration-testing, application-security
hackipy
Hacking, pen-testing, and cyber-security related tools built with Python.
Stars: ✭ 26 (-96.53%)
Mutual labels:  opensource, penetration-testing, free
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+367.69%)
Mutual labels:  pentesting, penetration-testing, application-security
Librehardwaremonitor
Libre Hardware Monitor, home of the fork of Open Hardware Monitor
Stars: ✭ 685 (-8.54%)
Mutual labels:  free, opensource
Linkedin2username
OSINT Tool: Generate username lists for companies on LinkedIn
Stars: ✭ 504 (-32.71%)
Mutual labels:  pentesting, penetration-testing
Attacking And Auditing Docker Containers And Kubernetes Clusters
Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters
Stars: ✭ 509 (-32.04%)
Mutual labels:  free, pentesting
Netcat
NetCat for Windows
Stars: ✭ 463 (-38.18%)
Mutual labels:  pentesting, penetration-testing
Graviton App
🚀 A modern-looking Code Editor
Stars: ✭ 601 (-19.76%)
Mutual labels:  free, opensource
Passphrase Wordlist
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556 (-25.77%)
Mutual labels:  pentesting, penetration-testing
Habu
Hacking Toolkit
Stars: ✭ 635 (-15.22%)
Mutual labels:  pentesting, penetration-testing
Phishing Frenzy
Ruby on Rails Phishing Framework
Stars: ✭ 643 (-14.15%)
Mutual labels:  pentesting, penetration-testing
Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+737.12%)
Mutual labels:  pentesting, application-security
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-36.72%)
Mutual labels:  pentesting, penetration-testing
Thc Hydra
hydra
Stars: ✭ 5,645 (+653.67%)
Mutual labels:  pentesting, penetration-testing
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+553.81%)
Mutual labels:  penetration-testing, pentesting
Hashview
A web front-end for password cracking and analytics
Stars: ✭ 601 (-19.76%)
Mutual labels:  pentesting, penetration-testing
Powershell Rat
Python based backdoor that uses Gmail to exfiltrate data through attachment. This RAT will help during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends it to an attacker as an e-mail attachment.
Stars: ✭ 636 (-15.09%)
Mutual labels:  pentesting, penetration-testing
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+867.42%)
Mutual labels:  pentesting, penetration-testing
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (-9.61%)
Mutual labels:  pentesting, penetration-testing
Penetration Testing Study Notes
Penetration Testing notes, resources and scripts
Stars: ✭ 461 (-38.45%)
Mutual labels:  pentesting, penetration-testing

Breaking and Pwning Apps and Servers on AWS and Azure - Free Training Courseware and Labs

Breaking and Pwning Apps and Servers AWS+Azure Free Training

Introduction

The world is changing right in front of our eyes. The way we have been learning is going to be radically transformed by the time we all have eradicated the COVID19 from our lives.

While we figure out what is the best way to transfer our knowledge to you, we realise that by the time world is out of the lockdown, a cloud focussed pentesting training is likely going to be obsolete in parts.

So as a contribution towards the greater security community, we decided to open source the complete training.

Hope you enjoy this release and come back to us with questions, comments, feedback, new ideas or anything else that you want to let us know! Looking forward to hacking with all of you!

Description

Amazon Web Services (AWS) and Azure run the most popular and used cloud infrastructure and boutique of services. There is a need for security testers, Cloud/IT admins and people tasked with the role of DevSecOps to learn on how to effectively attack and test their cloud infrastructure. In this tools and techniques based training we cover attack approaches, creating your attack arsenal in the cloud, distilled deep dive into AWS and Azure services and concepts that should be used for security.

The training covers a multitude of scenarios taken from our vulnerability assessment, penetration testing and OSINT engagements which take the student through the journey of discovery, identification and exploitation of security weaknesses, misconfigurations and poor programming practices that can lead to complete compromise of the cloud infrastructure.

The training is meant to be a hands-on training with guided walkthroughs, scenario based attacks, coverage of tool that can be used for attacking and auditing. Due to the attack, focused nature of the training, not a lot of documentation is around security architecture, defence in depth etc. Additional references are provided in case further reading is required.

To proceed, you will need

  1. An AWS account, activated for payments (you should be able to open and view the Services > EC2 page)
  2. An Azure account, you should be able to login to the Azure console

About this repo

This repo contains all the material from our 3 day hands on training that we have delivered at security conferences and to our numerous clients.

The primary things in this repo are:

  • documentation - all documentation in markdown format that is to be used to go through the training
  • setup-files - files required to create a student virtual machine that will be used to create the cloud labs
  • extras - any additional files that are relevant during the training

Getting started

  • Clone this repo
  • Setup the student VM
  • Host the documentation locally using gitbook
  • Follow the docs :)

Step 1 - Setup the student VM

  • the documentation to setup your own student virtual machine, which is required for the training, is under documentation/setting-up/setup-student-virtual-machine.md
  • this needs to be done first

Step 2 - Documentation

  • As all documentation is in markdown format, you can use Gitbook to host a local copy while walking through the training
Steps to do this
  • install gitbook-cli (npm install gitbook-cli -g)
  • cd into the documentation folder
  • gitbook serve
  • browse to http://localhost:4000

License

About Appsecco

At Appsecco we provide advice, testing and training around software, infra, web and mobile apps, especially that are cloud hosted. We also specialise in auditing AWS environments as per the AWS CIS Foundations Benchmark to create a picture of the current state of security in your AWS environment. Our experience has led us to creating multiple hands on training courses like the very popular "Breaking and Pwning Apps and Servers on AWS and Azure" and "Automated Defence using Cloud Services for AWS, Azure and GCP".

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].