Adoption of cloud technology increases at rapid pace. Startups and enterprises alike move their IT from
small-scale data centers to modern cloud providers. The cloud is not just a better data center though.
Rather, the change comes along with fundamentally different operating models that traditionally trained
technical staff is often unfamiliar with.
Proponents tout scalability, reliability and security as the main advantages of cloud infrastructure. But if you look at the news, few days pass without major security breaches exposing millions of customer records. How does this fit together? Could lack of knowledge cause people to get simple things wrong?
Don't let this happen to you! This lab will introduce you to AWS - the most important cloud provider right now - and illustrate how small configuration mistakes can lead to big problems. We assume no knowledge of AWS whatsoever and introduce selected parts of it. You will learn what they do and how to use them. In several small exercises you will then use your new knowledge to play attacker and break into a vulnerable AWS account, until you finally own it. This will teach you how to set things up properly.
Preparation: If you can, please install Python and the AWS CLI. You will need it to complete the exercises.
- Python: https://docs.python.org/3/using/index.html
- AWS CLI (needs Python): https://docs.aws.amazon.com/en_pv/cli/latest/userguide/cli-chap-install.html
Structure: Presentation, exercises with laptops
Required Skills: General CS background, for exercises be able to use command line tools
Required Equipment: Laptop required
Maximal number of participants: 20
Dominic Breuker works as Tech Lead for Data Platform at solarisBank, a Berlin-based tech company with a banking license building a digital banking platform other companies can use of offer financial services. Before, he built up engineering for several FinTech startups with HitFox Group and Finleap and received a PhD in Information Systems from the University of Münster.