Hacking AWS: Pacu, IAM, EC2

Join our workshop to master pentesting AWS environments, focusing on identifying and exploiting misconfigurations using AWS CLI and PACU. Led by an expert, it's perfect for boosting your cloud security skills.

The workshop starts on November 9th at 10 AM EDT / 7AM PDT / 4PM CET

Online Live Workshop

Unlock Your Inner AWS Hacker in a 4-Hour Intensive Workshop!

This course will expose you to AWS security by walking you through the identification and exploitation of AWS misconfiguration on various cloud services

What skills will you gain?

Pentesting cloud services / Linux commands / AWS CLI / PACU / AWS administration

Become an S3 Buckets ethical hacking wizard

Elevate your cloud security skills and become an expert in safeguarding S3 Buckets from potential threats!

Become an expert in ethical hacking of EC2 instances

You'll gain hands-on experience with penetration testing techniques, securing cloud configurations, and using essential tools to detect and mitigate potential threats.

Why take it NOW?

A good number of organizations are shifting their application and IT infrastructure to the cloud for scalability and cost efficiency reason, on the other hand there is currently a spike in the cyber-attacks and compliance regulation in the cloud, security assessment tools are widely available, but the skills need to actively export cloud platforms are limit. According to Zippia, career growth for cloud security engineers is estimated to reach 32 percent between 2018 and 2028. Cloud security engineers are in demand because cloud networking and infrastructure have become essential tools for companies across industries. This course will expose you to the needed skills and put you in front of other professionals in the field.

Master

40

steps

Includes

4.5h

live training

Over

11 hrs

of content

What we'll cover

This course walks you through identifying and exploiting misconfigurations in AWS cloud services, using tools like AWS CLI and PACU. Led by a seasoned cybersecurity expert, this session is perfect for those looking to boost their cloud security expertise.

Module 1

ETHICAL HACKING OF IAM User

Step 1

Free

Step 4

Configuration of connection from Pacu to AWS account

Step 5

Firing the iam_enum_permissions command

Step 6

Exploitation of the AWS PutUserPoicy

Module 2

ETHICAL HACKING OF EC2 instances

Step 1

Installation of Pacu

Free

Step 2

Creation of IAM user

Step 3

Generation of access and secret keys

Step 4

Configuration of connection from Pacu to AWS account

Step 5

Firing the iam_enum_permissions command

Step 6

Establishing persistence with Pacu

Step 7

Performing remote code execution

Module 3

ETHICAL HACKING OF S3 BUCKETS

Step 1

Installation of the AWS CLI tool

Step 2

Use of reverse look up to carry out OSINT for S3 buckets

Step 3

Connecting to the S3 buckets that are publicly accessible

Step 4

Creation of AWS user

Step 5

Generation of access and secret keys

Step 6

Creation of AWS CLI profile with generated keys

Step 7

Connecting from the AWS CLI to the AWS account

Step 8

Dumping the sensitive information to Kali directory

Step 9

Identification of git repo in S3 buckets

Step 10

Running the sync command to dump the files

Step 11

Identification of commit codes

Step 12

Checking for commit codes to access the code

Module 4

COMPROMISING EC2 CREDENTIALS

Step 1

Download git file to your local directory using the was sync command

Step 2

Run the git checkout of the discovered git code

Step 3

Copy out the access and secret keys discovered

Step 4

Create a new profile and connect using the discovered keys

Step 5

Point your browser on the new flaws.cloud

Step 6

Perform enumeration of users via the AWS Security Token Services (GetCallerIdentity API)

Step 7

Obtain the IAM user to get the AWS account ID

Step 8

Use the EC2 describe-snapshot-attribute command to get permission associated with the snapshots

Step 9

Create a volume with the discovered snapshot id

Step 10

Mount the created volume to a newly created EC2 VM using the EC2 attach-volume.

Step 11

Download the key pair and SSH into it

Step 12

Transverse the directory in search of passwords hidden in files

Meet your instructor

Oluwatola Mustapha is a seasoned cybersecurity expert with a robust background in AWS security, penetration testing, and cloud infrastructure protection. His professional journey includes securing and testing cloud environments at Guaranty Trust and Eat’n’Go Ltd, where he deployed and safeguarded AWS instances. His certifications, such as AWS Certified Security Specialist, CEH, and CySA+, further validate his technical skills. With hands-on experience across numerous industries and a proven track record in both red team and blue team roles, Oluwatola is highly capable of leading workshops on hacking AWS  effectively.

Ready to start watching?

Watching solo? Or looking to get your team up to speed? We've got you covered.

Full Course

$ 159
  • 96 in-depth video tutorials
  • Nearly 11 hours of content
  • Master the art of pentesting AWS environments
  • Lifetime access
  • Understand database indexes at a deep level
Early Access

Team Pricing

$ 1590
  • We offer team discounts on the full course based on the number of team members you'd like to purchase for.

Frequently Asked Questions

I'm having issues with the course. Who can I contact?

Oh no! Send us an email at hello@hakin9.org.

Can I get an invoice?

Absolutely! After making a purchase we will automatically email you a receipt. If you need a more detailed invoice, just email us.

Do you offer discounts?

Sure, if you live in a country where the USD price is too high or if you are a student, don't hesitate to email us!

Scroll to Top