AWS Security Masterclass with Riyaz Walikar

AWS Security Masterclass - Sessions

The AWS Security Masterclass has 10 sessions.
The topics cover the hacker mindset, detection and exploitation of various AWS Security weaknesses and key AWS security concepts!

Session 1 - AWS Security Intro and the Hacker Mindset

Setting up your AWS account for the class (and rest of the sessions), understanding the hacker mindset and the AWS Well Architected Framework's Security Pillar.

Link to Video
Link to Slides
Session 2 - AWS IAM Misconfigurations

Exploiting IAM misconifugrations in users, roles, tokens and policies.

Link to Video
Link to Slides
Session 3 - AWS S3 Misconfigurations

Exploiting S3 bucket policies, discovering and attacking public buckets and bucket access control lists.

Link to Video
Link to Slides
Session 4 - AWS EC2's EBS Misconfigurations

Exploiting unencrypted EBS volumes and storage snapshots. Treasure hunting using automatation and disk analysis.

Link to Video
Link to Slides
Session 5 - AWS EC2's AMI Misconfigurations

Working with AWS AMIs, extracting data and potential uses cases for public AMI distribution and access control.

Link to Video
Link to Slides
Session 6 - Let’s Hack Stuff!

Mini mid Masterclass Hackathon. Everyone gets to detect, identify and exploit misconfigurations in the services covered and find flags!

Link to Video
Link to Slides
Session 7 - AWS EC2 Misconfigurations

Weaknesses in compute configurations, exploiting metadata services and instance profiles.

Link to Video
Link to Slides
Session 8 - AWS Lambda Serverless Misconfigurations

Exploiting misconfigurations in AWS Lambda, accessing source functions, exploiting Lambda triggers and attached roles.

Link to Video
Link to Slides
Session 9 - AWS RDS Misconfigurations

Exploiting AWS RDS misconfigurations at the service level, snapshots and clusters.

Link to Video
Link to Slides
Session 10 - AWS Hands-on Hacking

Masterclass Hackathon. Everyone gets to detect, identify and exploit misconfigurations in EC2, Lambda and RDS. Certificate distribution.

Link to Video
Link to Slides

Who should join?

This masterclass is for those who want to hack AWS.
You know AWS has misconfigurations that can be exploited. Now you want to learn the what and the how.

✅ We want you to get the most out of this masterclass. This AWS Security Masterclass is best suited with the following kept in mind.

✅ You have hands-on experience with AWS services

You work with AWS all the time. You know what IAM, S3, EC2, EBS etc. mean and have hands-on experience of setting these up and managing resources.

✅ Cloud Security in AWS is in your radar

Not only you understand and know AWS, you are interested in the security bits. You don't need to know a lot about AWS security, but we assume since you are responsible for taking care of AWS in your team, you do have some exposure to it.

✅ You are comfortable setting up AWS services and resources practically

The masterclass will quickly get into technical details. While you may be new to security, masterclass works best for those who can setup services, do basic troubleshooting on their own.

✅ You can work on the command line too

Willing to do automation with security tools, do hands on and learn together!

🔴 Not the best fit in case of the following.

🔴 You lack hands-on experience with AWS services

Everyone's cloud journey can be unique. Some of you may have studied and learned about AWS through books and courses with a strong theoretical foundation. While that is a great way to become a master, our class is built around hands-on so not the best fit.

🔴 Cloud security is a brand new world for you

If you are not familiar with the terms used commonly in security, you haven't setup cloud services then you will likely struggle to keep up in class

🔴 You have never used your operating system's command line terminal

We need you to have a basic foundation using the command line terminal to keep up in the masterclass.

About Your Trainer

Riyaz Walikar

Riyaz has been hacking and breaking software since 17+ years now. From ships to printers to WiFi to cloud applications, databases and more.

He is the founder and chief cloud security hacker at KLOUDLE.

Frequently Asked Questions

The AWS Security Masterclass has 10 sessions.
The topics cover the hacker mindset, detection and exploitation of various AWS Security weaknesses and key AWS security concepts!

What is AWS Security Masterclass?

AWS Security Masterclass is set of ten live sessions where you will learn how develop a hacker mindset, detect and exploit various AWS Security weaknesses and key AWS security concepts.

Is this a free class?

Yes. The class is completely free to attend. There is no payment required.

Why are you doing this for free?

Riyaz loves to teach hacking to people and generally feeds off classroom and student energies. He loves to share knowledge with interested people on how to hack and exploit misconfigurations in various cloud providers and their services. This helps Riyaz understand how different folks use their cloud and what are their security challenges. Eventually all of this makes KLOUDLE better for everyone 😀

How long is a session?

Typically each session will be between 45-60 minutes

What do I need to have to be able to do this class well

Register, get a working AWS account and show up for the class! That's it! 😀. As with anything in the public cloud, please understand that the masterclass may incur some nominal cost for starting and running certain cloud services. Don't worry we will guide you on how to minimize this per session.

How will the sessions be conducted?

All the sessions will take place over a Google Meet. Registered participants will be emailed the event details and the invite after their confirmation.

What makes Riyaz such an expert?

Riyaz has been hacking for the last 17+ years across various domains of web, mobile, wireless, cloud and container technologies. He is well known security evangelist and researcher in the web, cloud and container space and has led teams at PwC, Citrix and Appsecco before becoming the Chief Hacker at Kloudle, where he leads the R&D for the product and runs the Kloudle Academy (an online learning platform by Kloudle). He loves to teach and has conducted several trainings and talks at conferences like BlackHat, nullcon, OWASP Appsec and a bunch of other developer conferences. He has also authored 2 books and is an active writer on multiple blogs.