Red Teaming in AWS Cloud Environment 1.1 Introduction 1.1.1 Identity & Access Management (IAM) 1.1.2 S3 Bucket 1.1.3 EC2 Instance 1.2 Authentication Methods 1.2.1 AWS CLI 1.3 CLI Based Enumeration 1.4 Red Team Ops in AWS Cloud 1.4.1 Initial Access 1.4.2 Privilege Escalation 1.4.3 Lateral Movement 1.4.4 Data Exfiltration
Red Teaming in Azure Cloud Environment 2.1 Introduction 2.1.1 Entra ID 2.1.2 VM Instance 2.1.3 Resource Based Access Control (RBAC) 2.1.4 Office 365 2.2 Authentication Methods 2.2.1 az CLI 2.2.2 Azure PowerShell Module 2.3 CLI Based Enumeration 2.4 Red Team Ops in Azure Cloud 2.4.1 Initial Access 2.4.2 Privilege Escalation 2.4.3 Lateral Movement 2.4.4 Data Exfiltration
Red Teaming in GCP Cloud Environment 3.1 Introduction 3.1.1 Google Workspace 3.1.2 Identity & Access Management (IAM) 3.1.3 Google Storage Services 3.1.4 Google Service Accounts 3.1.5 VM Instance 3.2 Authentication Methods 3.2.1 gcloud CLI 3.3 CLI Based Enumeration 3.4 Red Team Ops in Azure Cloud 3.4.1 Initial Access 3.4.2 Privilege Escalation 3.4.3 Lateral Movement 3.4.4 Data Exfiltration
This is an entry-level exam which will validate the candidate’s understanding of core fundamentals related to the AWS cloud and related security topics. Candidates should have knowledge of common cloud security misconfigurations, best security practices, defense-in-depth measures as well as an overview of monitoring and responding against the common security threats on AWS cloud.
This is an intermediate-level exam. Candidates should have prior knowledge and experience of network pentesting and familiarity with its common tactics, techniques and procedures. They should be able to demonstrate their practical knowledge on Network security topics by completing a series of tasks on identifying and exploiting vulnerabilities that have been created in the exam environment to mimic the real world scenarios.
Exam syllabus
Common OSINT Techniques
Network Mapping and Target Identification
Brute-force Attacks
Vulnerability Identification and Exploitation using Common Hacking Tools
Application Server Flaws
Insecure Protocols
*nix Vulnerabilities
Insecure File permissions
Security Misconfigurations Leading to Privilege Escalation Attacks
Windows Active Directory Attacks (on-premise)
OS Credential Dumping and Replay
Kerberoasting; Golden and Silver Tickets
Password Attacks and Password Cracking
Administrative Shares Exploitation
Persistence Techniques
Lateral Movements
Common Security Weaknesses affecting Cloud Services
This is an entry-level exam. Candidates should have prior knowledge (both theoretical and practical) of common application security related topics such as the OWASP Top 10 issues, common security misconfigurations, best security practices, defense-in-depth measures as well as an overview of how vulnerabilities can be exploited in the real world scenario.
Exam syllabus
Input Validation Mechanisms
Blacklisting
Whitelisting
Cross-Site Scripting
SQL Injection
XML External Entity attack
Cross-Site Request Forgery
Encoding, Encryption and Hashing
Authentication related Vulnerabilities
Brute force Attacks
Password Storage and Password Policy
Understanding of OWASP Top 10 Vulnerabilities
Security Best Practices and Hardening Mechanisms.
Same Origin Policy
Security Headers.
TLS security
TLS Certificate Misconfiguration
Symmetric and Asymmetric Ciphers
Server-Side Request Forgery
Authorization and Session Management related flaws –
Insecure Direct Object Reference (IDOR)
Privilege Escalation
Parameter Manipulation attacks
Securing Cookies.
Insecure File Uploads
Code Injection Vulnerabilities
Business Logic Flaws
Directory Traversal Vulnerabilities
Security Misconfigurations.
Information Disclosure.
Vulnerable and Outdated Components.
Common Supply Chain Attacks and Prevention Methods.
Web Application Penetration Testing Methodology (10%)
Accurately assess a web application based on methodological, industry-standard best practices.
Identify and prioritize testing objectives based on business impact and risk assessment.
Web Application Reconnaissance (15%)
Perform a comprehensive passive and active reconnaissance on designated target web applications by utilizing tools and techniques such as WHOIS lookups, DNS enumeration, and network scanning.
Extract information about a target organization’s domains, subdomains, and IP addresses.
Utilize fuzzing techniques to discover input validation vulnerabilities in web applications.
Utilize Git-specific tools to automate the discovery of secrets and vulnerabilities in code.
Authentication Attacks (15%)
Test various authentication methods (e.g., Basic, Digest, OAuth) by executing practical attacks such as credential stuffing and brute force.
Identify common vulnerabilities in SSO implementations and their potential impacts.
Identify and exploit Session Management vulnerabilities (e.g., session fixation and hijacking).
Identify and exploit weaknesses in OAuth and OpenID Connect protocols.
Injection Vulnerabilities (15%)
Identify and exploit SQL injection vulnerabilities in web applications, including error-based, blind, and time-based techniques.
Utilize SQLMap and other tools to automate SQL injection attacks and demonstrate effective exploitation.
Identify and exploit NoSQL injection vulnerabilities in web applications, demonstrating hands-on skills in manipulating data in NoSQL databases.
Extract sensitive data from compromised databases using advanced querying techniques.
API Penetration Testing (25%)
Conduct hands-on penetration tests on API endpoints to identify and exploit vulnerabilities effectively.
Utilize automation tools for API vulnerability testing and demonstrate efficiency in identifying vulnerabilities.
Analyze API endpoints for potential parameter manipulation vulnerabilities and demonstrate exploitation techniques.
Conduct tests to identify vulnerabilities related to rate limiting, such as denial-of-service (DoS) attacks and resource exhaustion.
Demonstrate the ability to bypass or manipulate rate limiting mechanisms in a controlled testing environment.
Server-Side Attacks (10%)
Identify and exploit SSRF (Server-Side Request Forgery) attacks against server-side services.
Perform deserialization attacks to manipulate server-side objects, leading to arbitrary code execution or privilege escalation.
Perform LDAP injection attacks against web application directories to bypass authentication or extract sensitive information.
Filter Evasion & WAF Bypass (10%)
Analyze and test WAF rules to identify weak configurations, demonstrating practical bypass techniques.
Perform hands-on WAF evasion techniques, such as encoding, obfuscation, and payload fragmentation, to bypass filtering mechanisms.
Bypass input validation mechanisms through obfuscation, payload encoding, and altering content types, focusing on SSRF and XXE exploitation.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
