SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC588: Cloud Penetration Testing
SEC588Offensive Operations
- 6 Days (Instructor-Led)
- 36 Hours (Self-Paced)
Course created by:
Aaron Cure & Moses Frost
Course created by:Aaron Cure & Moses Frost
- GIAC Cloud Penetration Tester (GCPN)
- 36 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 27 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Master modern cloud penetration testing in the cloud environments that dominate the market. Gain hands-on experience testing infrastructure, identity providers, containers, microservices, and more.
Featured Quote
Meticulously designed, SEC588 balances in-depth theory with practical labs, addressing today's pivotal cloud security challenges. This course is indispensable for security professionals seeking cutting-edge knowledge.
Course Overview
SEC588: Cloud Penetration Testing provides comprehensive training empowering security professionals to effectively assess modern cloud environments. The course bridges the gap between traditional penetration testing and cloud-specific challenges, covering critical areas like microservices, serverless functions, and Kubernetes deployments. Students will address unique cloud security challenges including service plane vulnerabilities, shared hosting environments, and cloud-native application assessment, learning practical techniques for testing both AWS and Azure environments, which dominate the market. Whether you are a seasoned penetration tester expanding into cloud or a cloud security professional, the course delivers hands-on experience with modern attack vectors and risk assessment methodologies.
What You’ll Learn
- Learn cloud-specific attack methodologies and service plane vulnerability assessment techniques
- Test microservices, serverless functions, and Kubernetes environments
- Implement AWS and Azure penetration testing strategies and platform-specific tools
- Assess cloud storage systems including buckets and in-memory datastores
- Master cloud-native application security testing and exploitation methods
Business Takeaways
- Develop in-house expertise for comprehensive cloud security assessment
- Bridge the gap between traditional and cloud security testing capabilities
- Ensure security standards across hybrid cloud environments
- Maximize ROI through practical AWS and Azure security knowledge
- Build capability to evaluate third-party cloud service providers effectively
Meet Your Authors
- Slide 1 of 2
Aaron Cure
Principal InstructorAaron is a Senior Security Consultant at Cypress Data Defense and teaches SANS SEC542: Web App Penetration Testing and Ethical Hacking, and SEC588: Cloud Penetration Testing.
Read more about Aaron Cure - Slide 2 of 2
Moses Frost
Senior InstructorMoses has built an impressive career as a Network Architect, DevOps Engineer, and Information Security professional. Today, he works in the Offensive Operations space as a Red Team Operator and serves as the course author for SEC588.
Read more about Moses Frost
Slide 1 of 0
(1/0)
Course Syllabus
Explore the course syllabus below to view the full range of topics covered in SEC588: Cloud Penetration Testing.
Section 1Architecture, Discovery, and Recon at Scale
Cloud penetration testing begins with reconnaissance and discovery. You will understand service provider boundaries, perform internet-scale scanning, and implement asset discovery pipelines, exploring methods for target infrastructure identification, vulnerability discovery, and large-scale reconnaissance strategies that adapt to web-scale environments.
Topics covered
- Cloud testing scope and limitations
- Web-scale reconnaissance methods
- Infrastructure mapping techniques
- Vulnerability scanning frameworks
- Asset discovery implementation
Labs
- Cloud domain discovery pipeline
- Internet-scale port scanning tools
- Advanced vulnerability assessment
- Asset discovery automation
- Reconnaissance data visualization
Section 2Attacking Identity Systems
Students assess authentication mechanisms' inherent vulnerabilities, gaining practical experience testing OAuth and OpenIDConnect, discovering authentication bypasses, and executing attacks like app consent phishing. Comprehensive labs emphasize real-world scenarios, covering Microsoft Graph exploitation and identity systems across major cloud platforms.
Topics covered
- Cloud authentication frameworks
- Username enumeration methods
- Password attack strategies
- Microsoft identity services
- OAuth/OpenID security testing
Labs
- Identity provider enumeration
- Password attack automation
- OAuth exploitation techniques
- Microsoft Graph backdoor setup
- Cloud credential harvesting
Section 3Attacking and Abusing Cloud Services
Advanced privilege escalation and lateral movement techniques are the core of cloud infrastructure testing. Hands-on exercises in AWS and Azure teach students to compromise compute resources and navigate between control and data planes while bypassing common security controls, emphasizing practical exploitation of administrative features and developer tools.
Topics covered
- AWS IAM attack paths
- Azure compute exploitation
- KMS security testing
- Privilege escalation methods
- Cross-service attack chains
Labs
- AWS CLI exploitation
- Azure VM compromise techniques
- IAM privilege escalation
- AssumeRole attack chains
- Command execution automation
Section 4Vulnerabilities in Cloud-Native Applications
Modern application security testing requires specialized knowledge of serverless functions and container-based microservices. Students explore advanced testing for CI/CD pipelines, infrastructure as code, and cloud-specific injection attacks, engaging in practical exploitation scenarios and understanding complex attack chains in cloud-native environments.
Topics covered
- Cloud-native attack surfaces
- Infrastructure-as-code security
- CI/CD pipeline vulnerabilities
- Serverless security testing
- Cloud database exploitation
Labs
- Terraform state exploitation
- CI/CD pipeline compromise
- Serverless function attacks
- Cloud database assessment
- Command injection techniques
Section 5Infrastructure Attacks and Red Teaming
Container breakout techniques and service mesh exploitation provide the foundation for advanced cloud-based operations. Students explore data exfiltration methods and strategies for building attack infrastructure within cloud environments. Labs focus on real-world scenarios, including Kubernetes cluster exploitation and sophisticated evasion techniques.
Topics covered
- Container security testing
- Kubernetes attack methods
- Red team infrastructure
- Cloud evasion techniques
- Data exfiltration strategies
Labs
- Container escape techniques
- Kubernetes cluster exploitation
- Infrastructure backdoor deployment
- Cloud-based C2 setup
- Domain fronting implementation
Section 6Capstone Event
In a final capstone event, we demonstrate cloud penetration testing's unique demands and the specialized expertise required to go beyond traditional security assessments. Students collaboratively bring their new knowledge to bear on a simulated end-to-end test, reinforcing theory and practice and producing an effective, readable report.
Things You Need To Know
Relevant Job Roles
Threat Detection & Response
Cloud SecurityMonitor, test, detect, and investigate threats to cloud environments.
Explore learning pathSecurity Control Assessment (OPM 612)
NICE: Oversight and GovernanceResponsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.
Explore learning pathVulnerability Analysis (OPM 541)
NICE: Protection and DefenseResponsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense-in-depth architecture against known vulnerabilities.
Explore learning pathApplication Pen Tester
Offensive OperationsApplication penetration testers probe the security integrity of a company’s applications and defenses by evaluating the attack surface of all in-scope vulnerable web-based services, clientside applications, servers-side processes, and more. Mimicking a malicious attacker, app pen testers work to bypass security barriers in order to gain access to sensitive information or enter a company’s internal systems through techniques such as pivoting or lateral movement.
Explore learning pathSystems Testing and Evaluation (OPM 671)
NICE: Design and DevelopmentResponsible for planning, preparing, and executing system tests; evaluating test results against specifications and requirements; and reporting test results and findings.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchase Options?Contact Us
GIAC Certification Attempt
Add a GIAC certification attempt and receive free two practice tests. View pricing in the info icons below.
OnDemand Course Access
When purchasing a live instructor-led class, add an additional 4 months of online access after your course. View pricing in the info icons below.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by first-name.2091727 last-name.2091727Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Singapore, SG & Virtual (live)
Instructed by first-name.794052 last-name.794052Date & TimeFetching schedule..View event detailsCourse price$8,900 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
London, GB & Virtual (live)
Instructed by first-name.794052 last-name.794052Date & TimeFetching schedule..View event detailsCourse price£7,160 GBP*Prices exclude applicable taxes | EUR price available during checkoutEnrollment options - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by first-name.2091727 last-name.2091727Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Chicago, IL, US & Virtual (live)
Instructed by first-name.794052 last-name.794052Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Paris, FR
Instructed by first-name.2091727 last-name.2091727Date & TimeFetching schedule..View event detailsCourse price€8,230 EUR*Prices exclude applicable local taxesEnrollment options - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by first-name.794052 last-name.794052Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes - Location & instructor
Denver, CO, US & Virtual (live)
Instructed by first-name.6818192 last-name.6818192Date & TimeFetching schedule..View event detailsCourse price$8,780 USD*Prices exclude applicable local taxes
Showing 8 of 16
Learn Alongside Leading Cybersecurity Professionals From Around The World
- Slide 1 of 3This course perfectly complements the change in the direction of red team engagement scopes.
- Slide 2 of 3SANS course SEC588 taught me more than I expected. With the rapid development of new technologies offered by cloud providers, SEC588 has given me an important framework for cloud pen testing.
- Slide 3 of 3SEC588 taught me crucial information needed before putting data in a cloud.
Slide 1 of 0
(1/0)
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources