Recently i have attended the Cloud security boot-camp from Penetester Academy and has cleared the certification exam (PACSP). This is a simple review about the boot-camp and the certification exam.
The boot-camp consists of 5 x 3 hour live interactive sessions. The instructor Jeswin Mathai knows his domain and has delivered the concepts pretty clear. The live sessions are via Zoom meeting and the participants can interact live through the discord channel. No questions unanswered. The discord channel can be also used for support issues, related to labs , access etc. Over all the training channels, delivery methods were excellent. When you signup for the boot-camp, you receives the access code for 50 days of lab access on their AttackDefense platform.
Now about the course content, this is an AWS cloud pen-testing course and as they mentioned on their website, the syllabus of this boot-camp focuses on the teaching you the fundamentals and exploits for the 5 most commonly used components in AWS deployments:
1. Identity and Access Management (IAM)
2. API Gateway
3. Lambda
4. Cloud Databases
5. Simple Storage Service (Amazon S3)
Each topic has plenty of associated labs, that helps to cement the concepts. This boot-camp also teaches the most popular tools used in pen-testing cloud environments such as ScoutSuit, IAM enumeration, Pacu etc. The IAM section covers almost all IAM related concepts and privilege escalation methods. In my opinion, this is the key area to focus and this is the basics of everything. He also explains the importance of least privileges and how mis-configurations can led to compromise of the cloud account. Enumerating and exploiting API gateway, Lambda services are very interesting. How the lambda functions can be misused and how the mis-configurations can be exploited. End of each session, the instructor will post the homework labs along with the lab solutions. The participants can practice the lab whenever they get time and they can refer the solution videos, in case they got stuck. Or they can post their doubts on the discord channel. There are a total of 44 practice labs.
Once the boot camp is completed, Pentester Academy will send the course completion certificate and the exam voucher code.
Now regarding the paCSP certification exam, the exam is 100% practical and there are 5 lab challenges. You have 48 hours of time and need to finish 4 out of 5 challenges to receive the certification. The certification exam is much harder than the boot-camp labs. Boot-camp labs are related to a particular task or concept, however the exam labs are more realistic and you have to interact with multiple items to get the flags. For example, you start the challenge with a low privileged user, then you need to escalate the privilege and interact with lambda service and from there access the S3 bucket to grab the flag. The exam was extremely informative and fun to do. At first it seems very difficult but if you do the enumeration properly, you will find the ways to exploit.
I recommend this boot-camp to all those who are interested in Cloud and Cloud security. PentesterAcademy has now included an on-demand version of this boot-camp which you can access with the annual subscription (249$).
Link : https://bootcamps.pentesteracademy.com/course/cloud-security-aws-on-demand
Final words, worth money, worth time and you can learn a lot.
Note: I am not affiliated with PentesterAcademy. I couldn't find a review on the paCSP certification. So i just wrote this review, and hopefully others might find this helpful.