| Description |
1 online resource |
| Summary |
Take your penetration testing career to the next level by discovering how to set up and exploit cost-effective hacking lab environments on AWS, Azure, and GCP Key Features Explore strategies for managing the complexity, cost, and security of running labs in the cloud Unlock the power of infrastructure as code and generative AI when building complex lab environments Learn how to build pentesting labs that mimic modern environments on AWS, Azure, and GCP Purchase of the print or Kindle book includes a free PDF eBook Book Description The significant increase in the number of cloud-related threats and issues has led to a surge in the demand for cloud security professionals. This book will help you set up vulnerable-by-design environments in the cloud to minimize the risks involved while learning all about cloud penetration testing and ethical hacking. This step-by-step guide begins by helping you design and build penetration testing labs that mimic modern cloud environments running on AWS, Azure, and Google Cloud Platform (GCP). Next, you'll find out how to use infrastructure as code (IaC) solutions to manage a variety of lab environments in the cloud. As you advance, you'll discover how generative AI tools, such as ChatGPT, can be leveraged to accelerate the preparation of IaC templates and configurations. You'll also learn how to validate vulnerabilities by exploiting misconfigurations and vulnerabilities using various penetration testing tools and techniques. Finally, you'll explore several practical strategies for managing the complexity, cost, and risks involved when dealing with penetration testing lab environments in the cloud. By the end of this penetration testing book, you'll be able to design and build cost-effective vulnerable cloud lab environments where you can experiment and practice different types of attacks and penetration testing techniques. What you will learn Build vulnerable-by-design labs that mimic modern cloud environments Find out how to manage the risks associated with cloud lab environments Use infrastructure as code to automate lab infrastructure deployments Validate vulnerabilities present in penetration testing labs Find out how to manage the costs of running labs on AWS, Azure, and GCP Set up IAM privilege escalation labs for advanced penetration testing Use generative AI tools to generate infrastructure as code templates Import the Kali Linux Generic Cloud Image to the cloud with ease Who this book is for This book is for security engineers, cloud engineers, and aspiring security professionals who want to learn more about penetration testing and cloud security. Other tech professionals working on advancing their career in cloud security who want to learn how to manage the complexity, costs, and risks associated with building and managing hacking lab environments in the cloud will find this book useful. |
| Contents |
Cover -- Title Page -- Copyright and Credits -- Contributors -- Table of Contents -- Preface -- Part 1: A Gentle Introduction to Vulnerable-by-Design Environments -- Chapter 1: Getting Started with Penetration Testing Labs in the Cloud -- Why build your penetration testing labs in the cloud? -- Recognizing the impact of cloud computing on the cybersecurity landscape -- Exploring how modern cloud applications are designed, developed, and deployed -- Examining the considerations when building penetration testing lab environments in the cloud -- Summary -- Further reading |
|
Chapter 2: Preparing Our First Vulnerable Cloud Lab Environment -- Technical requirements -- Designing our first cloud penetration testing lab environment -- Preparing our first vulnerable environment -- Creating an empty S3 bucket -- Configuring the S3 bucket to host a static website -- Updating the S3 bucket configuration settings -- Uploading files to the S3 bucket -- Testing and hacking our first vulnerable environment -- Inspecting and verifying the S3 bucket's security -- Downloading and inspecting the files stored in the S3 bucket -- Cleaning up -- Summary -- Further reading |
|
Chapter 3: Succeeding with Infrastructure as Code Tools and Strategies -- Technical requirements -- Diving deeper into IaC tools and strategies -- Demystifying IaC -- Leveraging IaC for penetration testing labs -- Embracing IaC best practices and strategies -- Setting up Terraform in AWS CloudShell -- Getting our feet wet with Terraform -- Understanding the core Terraform workflow -- Testing our Terraform setup with a Hello World example -- Understanding the Terraform configuration language -- Demystifying commonly used Terraform configuration blocks |
|
Working with simple Terraform configurations -- Building our vulnerable lab environment with Terraform -- Part 1 of 4 -- Creating an S3 bucket with Terraform -- Part 2 of 4 -- Updating the security configuration of the S3 bucket -- Part 3 of 4 -- Uploading files to the S3 bucket -- Part 4 of 4 -- Cleaning up and deleting the S3 bucket -- Configuring a Terraform backend with state locking -- Understanding Terraform remote backends -- Configuring a Terraform remote backend -- Verifying the state-locking setup -- Part 1 of 4 -- Adding a 60-second delay to the upload script |
|
Part 2 of 4 -- Acquiring the state lock -- Part 3 of 4 -- Testing our state-lock setup -- Part 4 of 4 -- Cleaning up -- Summary -- Further reading -- Part 2: Setting Up Isolated Penetration Testing Lab Environments in the Cloud -- Chapter 4: Setting Up Isolated Penetration Testing Lab Environments on GCP -- Technical requirements -- Preparing the necessary components and prerequisites -- Part 1 of 3 -- Retrieving the IP address of your local machine -- Part 2 of 3 -- Setting up the Google Cloud project -- Part 3 of 3 -- Generating SSH keys to access the attacker VM instance |
| Subject |
Computer security.
|
|
Testing -- Data processing.
|
|
Cloud computing.
|
|
Securities -- Data processing.
|
|
Hacking.
|
|
Sécurité informatique. |
|
Infonuagique. |
|
Valeurs mobilières -- Informatique. |
|
Piratage informatique. |
|
Cloud computing |
|
Computer security |
|
Hacking |
|
Securities -- Data processing |
|
Testing -- Data processing |
| Other Form: |
Print version: 1837632391 9781837632398 (OCoLC)1391328014 |
| ISBN |
9781837639922 (electronic bk.) |
|
1837639922 (electronic bk.) |
|
More Resources