Hacking AWS: Pacu, IAM, EC2
Join our workshop to master pentesting AWS environments, focusing on identifying and exploiting misconfigurations using AWS CLI and PACU. Led by an expert, it's perfect for boosting your cloud security skills.
The workshop starts on November 9th at 10 AM EDT / 7AM PDT / 4PM CET
Online Live Workshop
Unlock Your Inner AWS Hacker in a 4-Hour Intensive Workshop!
This course will expose you to AWS security by walking you through the identification and exploitation of AWS misconfiguration on various cloud services
What skills will you gain?
Pentesting cloud services / Linux commands / AWS CLI / PACU / AWS administration

Become an S3 Buckets ethical hacking wizard
Elevate your cloud security skills and become an expert in safeguarding S3 Buckets from potential threats!

Become an expert in ethical hacking of EC2 instances
You'll gain hands-on experience with penetration testing techniques, securing cloud configurations, and using essential tools to detect and mitigate potential threats.
Why take it NOW?
A good number of organizations are shifting their application and IT infrastructure to the cloud for scalability and cost efficiency reason, on the other hand there is currently a spike in the cyber-attacks and compliance regulation in the cloud, security assessment tools are widely available, but the skills need to actively export cloud platforms are limit. According to Zippia, career growth for cloud security engineers is estimated to reach 32 percent between 2018 and 2028. Cloud security engineers are in demand because cloud networking and infrastructure have become essential tools for companies across industries. This course will expose you to the needed skills and put you in front of other professionals in the field.
Master
40
steps
Includes
4.5h
live training
Over
11 hrs
of content
What we'll cover
This course walks you through identifying and exploiting misconfigurations in AWS cloud services, using tools like AWS CLI and PACU. Led by a seasoned cybersecurity expert, this session is perfect for those looking to boost their cloud security expertise.
Module 1
ETHICAL HACKING OF IAM User
Step 2
Step 4
Configuration of connection from Pacu to AWS account
Step 5
Firing the iam_enum_permissions command
Step 6
Exploitation of the AWS PutUserPoicy
Module 2
ETHICAL HACKING OF EC2 instances
Step 1
Installation of Pacu
Free
Step 2
Creation of IAM user
Step 3
Generation of access and secret keys
Step 4
Configuration of connection from Pacu to AWS account
Step 5
Firing the iam_enum_permissions command
Step 6
Establishing persistence with Pacu
Step 7
Performing remote code execution
Module 3
ETHICAL HACKING OF S3 BUCKETS
Step 1
Installation of the AWS CLI tool
Step 2
Use of reverse look up to carry out OSINT for S3 buckets
Step 3
Connecting to the S3 buckets that are publicly accessible
Step 4
Creation of AWS user
Step 5
Generation of access and secret keys
Step 6
Creation of AWS CLI profile with generated keys
Step 7
Connecting from the AWS CLI to the AWS account
Step 8
Dumping the sensitive information to Kali directory
Step 9
Identification of git repo in S3 buckets
Step 10
Running the sync command to dump the files
Step 11
Identification of commit codes
Step 12
Checking for commit codes to access the code
Module 4
COMPROMISING EC2 CREDENTIALS
Step 1
Download git file to your local directory using the was sync command
Step 2
Run the git checkout of the discovered git code
Step 3
Copy out the access and secret keys discovered
Step 4
Create a new profile and connect using the discovered keys
Step 5
Point your browser on the new flaws.cloud
Step 6
Perform enumeration of users via the AWS Security Token Services (GetCallerIdentity API)
Step 7
Obtain the IAM user to get the AWS account ID
Step 8
Use the EC2 describe-snapshot-attribute command to get permission associated with the snapshots
Step 9
Create a volume with the discovered snapshot id
Step 10
Mount the created volume to a newly created EC2 VM using the EC2 attach-volume.
Step 11
Download the key pair and SSH into it
Step 12
Transverse the directory in search of passwords hidden in files

Meet your instructor
Oluwatola Mustapha is a seasoned cybersecurity expert with a robust background in AWS security, penetration testing, and cloud infrastructure protection. His professional journey includes securing and testing cloud environments at Guaranty Trust and Eat’n’Go Ltd, where he deployed and safeguarded AWS instances. His certifications, such as AWS Certified Security Specialist, CEH, and CySA+, further validate his technical skills. With hands-on experience across numerous industries and a proven track record in both red team and blue team roles, Oluwatola is highly capable of leading workshops on hacking AWS effectively.
Ready to start watching?
Watching solo? Or looking to get your team up to speed? We've got you covered.
Full Course
$
159
-
96 in-depth video tutorials
-
Nearly 11 hours of content
-
Master the art of pentesting AWS environments
-
Lifetime access
-
Understand database indexes at a deep level
Early Access