Conquer the cloud: Master offensive security strategies
OffSec Learning Path: Offensive Cloud Security
Outsmart attackers and proactively defend your cloud assets (data centers, infrastructure, applications, and more). Delve into sophisticated cloud penetration testing, CI/CD pipeline exploitation, and container escape techniques. Learners will:
Uncover and exploit complex cloud vulnerabilities
Harden cloud configurations for maximum resilience
Skillfully analyze and remediate cloud-specific threats
One of three cloud security Learning Paths
Outsmart cloud-based attacks
This Learning Path goes beyond fundamental practices, transforming you into a cloud security specialist. Master advanced cloud reconnaissance, CI/CD attack techniques, and countermeasures for container escapes.
Who is this Learning Path for?
- Penetration testers eager to specialize in cloud environments
- Security teams seekings to address cloud-specific weaknesses
- Ambitious learners ready to master advanced offensive cloud security
Learning objectives
- Master cloud-native attack vectors and secure cloud configurations.
- Identify and leverage CI/CD weaknesses for tactical offense.
- Learn to break out of containers and gain control of underlying systems.
- Implement robust authentication and authorization in the cloud.
- Understand and prevent deserialization-based attacks and cloud applications.
Key modules in the Offensive Cloud Learning Path
Public Cloud Reconnaissance - External Probing
- Identifying public cloud resources online by reconnaissance of DNS attributes, discovering publicly shared resources, and some examples of techniques to abuse the CSP API to obtain more information about the target.
Attacking CI/CD: Leaked Secrets to Poisoned Pipeline
- Discover a web application using an insecure S3 bucket. From the S3 bucket we'll discover credentials in a leftover git folder which gives us access to giteat. From there we'll find a Jenkinsfile which we can exploit. The final exploit will result in full compromise of the environment.
Attacking CI/CD: Dependency Chain Abuse
- By discovering custom build dependencies in an application, we'll discover a method to inject malware into the dependency which will be executed in production. From production, we'll find a vulnerability in Jenkins which will get us access to the entire environment.
Cloud Reconnaissance - Post-Compromise - IAM
- This module will analyze the procedures and techniques involved in reconnaissance and enumeration once an attacker gets an initial access of compromise to a CSP account.
Attacking CI/CD: Insufficient Flow Control
- We'll start by finding a git server with registration open. From there we'll discover builders for some docker images. We'll insert malware into the docker images which will be pushed to production.
Container Escapes: Information Gathering, Host Interaction, Sensitive Data Exposure
- Gathering the required information which will be used to escape out of a container.
Offensive Cloud overview
9
modules
107
hours of content (approx.)
98
labs
Earning an OffSec Learning Badge
Showcase your growing secure coding proficiency! Upon completing 80% of the Offensive Cloud Learning Path, you'll receive an exclusive OffSec badge signifying:
- Specialized expertise: In-depth cloud vulnerability identification and mitigation
- Industry recognition: Adds a powerful OffSec credential to your skillset
- Hands-on mastery: Proven ability to execute cloud security techniques in practice
Why train your team with OffSec?
Cloud-specific focus
Skills honed for real-world cloud security challenges
Attacker's edge
Understand the exploiter's mindset to build proactive cloud defenses
Ahead of the curve
Stay updated on cutting-edge cloud attack trends
Start learning with OffSec
All
access
Learn
Unlimited
$5799/year
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Large teams
Learn
Enterprise
Get a quote
Flexible terms and volume discounts available.
Learn Unlimited provides individuals and organizations with unlimited access to the OffSec Learning Library. This includes all courses, content and learning paths. Learners also receive unlimited exam attempts and time in any of our hands-on lab environments.
What’s included
1 year of access to unlimited courses & content
Unlimited exam attempts during your subscription
365 days of lab access
1 year of unlimited access to all fundamental content and OffSec curated Learning Paths
PEN-103 + unlimited KLCP exam attempts
PEN-210 + unlimited OSWP exam attempts
3 downloads of course material
FAQ
- Public Cloud Reconnaissance - External Probing
- Public Cloud Reconnaissance - Post-Compromise - IAM
- Attacking CICD Leaked Secrets to Poisoned Pipeline
- Attacking CICD Insufficient Flow Control
- Attacking CICD Dependency Chain Abuse
- Container Escapes Information Gathering
- Container Escapes Interacting with the Host
- Discovering Exposed Docker Sockets
- Discovering Exposed Kubernetes Dashboards
- Offensive mindset: Learn to think like an attacker to anticipate and thwart cloud-based threats.
- Practical application: Hands-on labs reinforce your ability to identify and mitigate real-world cloud vulnerabilities.
- Up-to-date expertise: Our training reflects the dynamic nature of cloud security, ensuring your skills remain relevant.
Start your journey today
New to cybersecurity and want to get educated on fundamental content before signing up?
Check out CyberVersity - our free resource library covering essential cybersecurity topics.
Learn more