PentesterAcademy AWS Cloud Security Bootcamp Review
Last updated
Last updated
1 month ago, PentesterAcademy had hosted a competition where participants has to write a blog or record a video detailing how they solved one of their labs.
I wrote a blog on escalating SQL injections to RCEs in the Redaxo MyEvents Plugin Lab, which can be found here - https://haxatron.gitbook.io/blog/web/pentesteracademy-weekly-lab-sprint.
I was elated to hear that my writeups was selected as one of the winners for the competition and that, I had won a seat to their AWS Cloud Security Bootcamp.
I have just finished the bootcamp + exam and can say that this was definitely an enjoyable experience for me. In this post I will be doing a review of my experience with the bootcamp + exam (no spoilers!).
The bootcamp is entirely online and consists of 5 sessions (3+ hours each, 1 session per week) of reviewing the different components of AWS. The components are IAM, APIGateway, Lambda, DynamoDB and S3. The sessions were also clear and concise, with the use of many diagrams to help illustrate the concepts and the instructor clarifying any doubts students had. Furthermore, after the session, students could go ahead and ask questions in a separate channel where the instructor also clarify doubts there.
The bootcamp was also flexible as they provide recordings after every session. Since I could not afford to attend the sessions (in my country, the bootcamp lasts from 12am - 3am), I decided to watch the recordings instead.
Provided with the sessions were additional labs where students could practice the skills they learnt on. You can access these labs at any time for 7 weeks after the start of the bootcamp. They complemented the session well as you can witness how the attacks worked and better internalise the lessons learnt.
Overall, I had fun with learning about the subject and can say that this helped me understand AWS security better.
If you had reviewed and understand all the labs covered before taking the exam and you were taking notes (code snippets, enumeration process, etc.), you should have no problems in passing the exam.
48 hours for this exam is more than enough time to complete. Personally, I managed to attain the passing grade (4 out of 5 challenges) in 3.5 hours and completed the entire set in 4.5 hours.
Overall, I enjoyed the exam as it tested me on how well I had grasped the concepts involved.
This bootcamp was definitely a good course which teaches AWS cloud security. You do not need to be an expert at computer security in order to take this course. Just a basic knowledge of Linux command line, how the web works (GET, POST requests) and the OWASP Top 10 (command injection, SQL injection, SSRF, no need to know about bypasses) will suffice.