2-DAY TRAINING 4 – Cloud Security Masterclass: Securing Public Cloud Infrastructure




DATE: 24-25 August 2021

TIME: 09:00-17:00 SGT/GMT +8

Date Day Time Duration
24 August Tuesday 09:00-17:00 SGT/GMT +8 8 Hours
25 August Wednesday 09:00-17:00 SGT/GMT +8 8 Hours



Breach investigations, Malware analysis, threat intelligence, and forensic investigation plays a critical role in large scale incident response teams. Traditional analysis tools and  deployment methods are not built to support multiple security teams separated  geographically. Also, cloud-based workloads require additional monitoring which poses another challenge. This training tries to solve the two problems by building scalable and automated services to perform investigations, reporting and alerting for cloud workloads by directly using native cloud services.

The training will begin by covering technical and architectural understanding of the cloud and its services in the introductory phase. We will then dive into the Identity and access management based attack and defense scenarios. The lesson will follow through by deploying attack templates to replicate real-life IAM attack scenarios and countermeasures required to implement Principle of Least privilege.

The second phase of the training will cover cloud infrastructure security. Beginning from building alerting services for common attack scenarios like brute force and account takeover. Then we focus on persistence techniques used by attackers to pivot into the cloud environment and how to defend against such attacks. By using attack templates, we will simulate use-cases like token hijacking and trail deletion, with emphasis on building defensive measures by using cloud native technologies at scale.

The next part of cloud infrastructure security will involve hands-on tool building for automated malware detection by utilizing lambda functions. We will cover CTF exercises on detecting malware at scale across the cloud infrastructure along with integrating additional features like file-type determination and automated signature update through object stores.

In the third phase, we will dive deeper into security monitoring. We will focus on building a SIEM-like detection and alerting capability by deploying Elasticsearch stack and through Slack web-hooks. We will also enhance the capability by building a Security data lake. This would enable large scale security teams to perform threat intelligence and correlation on historic security data.

The fourth phase of the training will focus on forensic investigations. We will learn to build investigation playbooks using step functions to automate the investigation and reporting process. Examples include automated forensic artifact collection by utilizing lambda functions, automated analysis, building timeline, dumping process memory & alerting through Slack or SNS.

In summary, this training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training with CTF-style exercises simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build defensive guard rails against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.

By the end of this training, we will be able to:

  • Use cloud technologies to detect IAM attacks.
  • Understand and mitigate cloud native pivoting and privilege escalation and defense techniques.
  • Use serverless functions to perform on-demand threat scans.
  • Containers to deploy threat detection services at scale.
  • Build notification services to create alerts.
  • Analyze malware-infected virtual machines to perform automated forensic investigations and artifacts collection.
  • Use Elasticsearch and Athena for building SIEM and security data-lake for real-time threat intelligence and monitoring.



Why should you take this course?

This is a unique course which is on the cloud and for the cloud. It not only helps train the individuals on cloud terminologies but also enables them to build scalable defense mechanisms for their services running in the public cloud. The training explicitly focuses on threat detection, Incident response, malware investigations and forensic analysis of cloud infrastructure which is still a very less known domain in the market.


Key Learning Objectives

  • Using cloud native technologies to build your own security services for your applications and services running in the cloud.
  • Building real-time detection, monitoring and response capabilities for threat tracking and intelligence gathering.
  • Building Advanced automated pipelines through Detection-as-code features to defend public cloud infrastructures.


Who Should Attend

  • Red Team members
  • Blue team and Purple team members Cloud Security Teams
  • Incident responders, Analysts Malware investigators and Analysts
  • Threat intelligence analysts and Responders


Prerequisite Knowledge

  • Basic understanding of cloud services
  • System administration and linux cli
  • Able to write basic programs in python


What Students Will Be Provided With

  • PDF versions of slides that will be used during the training.
  • Complete course guide in containing 200+ pages in PDF format. It will contain step-by-step guidelines for all the exercises, labs and detailed explanation of concepts discussed during the training.
  • Slack channel to continue the discussion and access even after the training ends.
  • Infrastructure-as-code templates to deploy the test environments & simulations for continued practice after the class ends.
  • Access to Github account for accessing custom-built source codes and tools. Collection of test malware samples, forensic images, detection rules and queries.


Hardware / Software Requirements

  • Laptop with internet access
  • Free tier account for AWS

Location: TRAININGS Date: August 24, 2021 Time: 9:00 am - 5:00 pm Abhinav Singh