Breaching The Cloud Perimeter w/ Beau Bullock


Do you want to level up your cloud penetration testing skills?

The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this free 4-hour workshop, hacking concepts are introduced for each of those services. Learn how to perform reconnaissance against cloud assets and identify common vulnerabilities that lead to compromise of an organization. Tools and techniques used on real-world penetration tests against cloud assets are shared including hands-on demonstrations.

You will leave this workshop with new skills for assessing cloud-based infrastructure!

You can find installation info for downloading and configuring the VMs you’ll need here: https://www.blackhillsinfosec.com/training/breaching-the-cloud-perimeter-setup-instructions/

Join the BHIS Discord Channel to discuss the training with our community: 

https://discord.gg/aHHh3u5 – You can ask questions in the #training-prep-questions channel.

Also, you can download the slides for the training here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/05/Breaching-the-Cloud-Perimeter-Slides.pdf

If you’d like to take this class in June [SOLD OUT] or August, you can register here: https://wildwesthackinfest.com/online-training/breaching-the-cloud/



0:00 – Internet Song

0:54 – Breaching the Cloud For the Very First Time

8:26 – Roadmap to the Sky

13:20 – Cloud Vs On-Prem

17:46 – Whomai

18:34 – Opening Credits

20:35 – AWS V. Azure V. GCP

22:14 – Azure V. Microsoft 365, GCP V G-Suite

23:40 – Cloud Pentest Authorization

26:56 – Pentesting Policies

27:35 – Authentication Methods

34:21 – Azure: Password Hash Synchronization

36:09 – Azure: Pass-Through Authentication

37:47 – Azure: Active Directory Federation Services

41:34 – Azure: Access Tokens

46:18 – AWS: Programmatic Access

47:21 – Cloud Authentication Methods: Google

50:12 – Recon: Cloud Asset Discovery

1:00:41 – I Break For Rapid Fire Questions



0:00 – Recon: Cloud Asset Discovery, Continued

13:05 – Recon: Employees

22:11 – Exploiting Misconfigured Cloud Assets – S3 Buckets

24:25 – EBS Volumes

26:09 – Data In Public Azure Blobs

29:40 – Data In Public Google Storage Buckets

30:43 – Pacu

32:14 – LAB: S3 Bucket Pillaging

46:52 – S3 Code Injection

49:38 – Domain Hijacking

52:30 – I Break For Questions



0:00 – The Biggest, Most Important Section Of This Entire Thing

0:45 – Key Disclosures in Public Repositories

4:34 – LAB: Pillage Git Repos for Keys

11:05 – Password Attacks

18:55 – LAB: Password Spraying

26:03 – Password Protection & Smart Lockout

28:33 – Web Server Exploitation

32:38 – AWS Instance Metadata URL

37:39 – Phishing

39:35 – Phishing: Session Hijack

42:19 – Phishing: G-Suite

44:03 – I Break For Questions



0:00 – The Last Hour

0:18 – Phishing: Remote Access

2:01 – Steal Access Tokens

13:21 – LAB: Authenticate to Azure With Stolen Access Tokens

32:24 – Post-Compromise Recon

34:55 – Post-Compromise Recon: AWS

36:08 – Post-Compromise Recon: Google

36:49 – Post-Compromise Recon: Azure

38:54 – Azure: CLI Access

40:08 – Azure: Subscriptions

42:00 – Azure: User Information

44:42 – Azure: Resource Groups

45:38 – Azure: Runbooks

47:03 – LAB: Azure Situational Awareness

59:44 – Azure: Tools

1:01:02 – Review



If you’d like to take this class in June [SOLD OUT] or August, you can register here: https://wildwesthackinfest.com/online-training/breaching-the-cloud/