AWS Pentesting Bootcamp - November 2025
What to Expect?
The AWS Pentesting Bootcamp is an intensive 4-week hands-on training program for cybersecurity professionals, penetration testers, and cloud engineers to master offensive security in AWS. You will learn cloud recon, IAM privilege escalation, metadata/SSRF abuse, container and serverless exploitation, S3/RDS data exposure, KMS/Secrets abuse, and detection evasion through real-world scenarios in a safe, sandboxed environment.
This structured bootcamp includes instructor-led sessions, guided labs, and post-module report writing to help you develop (and demonstrate) practical skills. Complete the training and earn the Certified AWS Penetration Tester (CAPT) certification, validating your expertise in offensive cloud security and red teaming on AWS.
- 4 Live Sessions (~6 Hours Each)
- 30-Day Free Lab Access
- 20+ Practical Lab Exercises
- Report Writing Practice
- One Free Attempt for the CAPT Exam
Get Certified (CAPT)
Earn the Certified AWS Penetration Tester (CAPT) certification to validate your expertise in AWS exploitation, red teaming tactics, and cloud security bypass techniques. This certification proves your ability to conduct real-world attack simulations against AWS environments, making you a valuable asset in cloud security. Gain hands-on experience through labs and instructor-led training, preparing for roles like Red Teamer (Cloud) or Cloud Penetration Tester. Participants receive a CAPT certificate upon completing the bootcamp and passing the practical exam.
Prerequisites
- Basic Cloud Concepts
- Basic Pentesting & Security Concepts
- Basic Command Line & PowerShell Skills
Bootcamp Agenda
Session 1: AWS Foundations & IAM Exploitation
- Overview of AWS global architecture, accounts, Organizations, and regions
- Shared responsibility model and attacker mindset in cloud environments
- IAM fundamentals: users, groups, roles, policies, and trust relationships
- Exploiting overly permissive policies and role misconfigurations
- Privilege escalation paths: AssumeRole abuse, inline/managed policy flaws, and cross-account access
Session 2: Exploiting Compute & Storage Services (EC2 & S3)
- EC2 attack surface: metadata service (IMDSv1/v2), SSRF vectors, temporary credential theft
- Snapshot, AMI, and key pair exposure for data access and persistence
- Stealing EC2 instance credentials
- S3 exploitation: bucket policies, ACL misconfigurations, public access patterns
- Presigned URL abuse, enumeration of objects, and cross-region data exfiltration
- Exfiltrating sensitive S3 data
Session 3: Serverless & Federation Exploitation
- Lambda attack surface: environment variables, deployment package secrets, over-privileged execution roles
- API Gateway misconfigurations: authorizer bypasses, improper request validation, mapping template flaws
- Event-driven privilege escalation via SQS, SNS, and EventBridge
- Cognito misconfigurations: improper app client settings, token manipulation, identity pool escalation
- Bypassing Cognito authentication flows
Session 4: KMS/Secrets, IaC Abuse & Detection Evasion
- Key Management Service (KMS) policy flaws and grant abuses
- Secrets Manager and Parameter Store exploitation for lateral movement
- Infrastructure-as-Code backdoors: CloudFormation, Terraform, and CodePipeline attacks
- Detection gaps: bypassing GuardDuty, tampering with CloudTrail, and creating stealthy persistence
- Red-team tradecraft: chaining misconfigurations into full kill-chain exploitation
- Report Writing
Bootcamp Schedule (November 2025 Batch)
This live bootcamp is delivered over four consecutive Saturdays, starting from November 8th, 2025, and concluding on November 29th, 2025.
- Live, Instructor-led Training via Zoom
- Private Discord Community for Discussions and Q&A
- Recorded Sessions Available after each Class
Live Session Dates
Session 2: Saturday, November 15 @ 2 pm–6 pm IST
Session 3: Saturday, November 22 @ 2 pm–6 pm IST
Session 4: Saturday, November 29 @ 2 pm–6 pm IST
Who Should Join This Bootcamp?
- Penetration testers expanding into cloud engagements
- Security engineers responsible for securing AWS workloads
- Cybersecurity professionals needing hands-on cloud red teaming experience
- Developers and Architects seeking to harden AWS workloads by understanding attacker tradecraft
Purchase Includes
- Course materials
- Certificate of Completion after the bootcamp
- One CAPT Exam Attempt within 30 days
- 30-Day Lab Access - contact training@redfoxsec.com
Training Instructor
Shashi Kant Prasad
Principal Security Consultant
Shashi Kant Prasad is a skilled red teamer at Redfox Security with expertise in Web, Cloud, Hardware, DevOps, and Red Teaming. He also trains peers at top security conferences.
Key Takeaways
- Lifetime access to bootcamp recordings and exclusive content.
- Hands-on premium AWS Pentesting lab.
- 30 days of lab access.
- Private Discord community access for direct support and networking.
- One attempt at the Certified AWS Penetration Tester (CAPT).
Why Attend?
- Expert-Led Sessions: Learn from experienced cloud red teamers with deep AWS expertise.
- Practical Knowledge: Focus on actionable techniques you can apply immediately.
- Community Support: Engage with peers and instructors in a private Discord.
- Recorded Sessions: Never miss a moment! Sessions will be available for you to review anytime after each class.
- Real-World Scenarios: Gain the skills to perform attacks that are common in real-world penetration tests and engagements.
FAQs
Pentesters, red teamers, security professionals, ethical hackers, and anyone interested in offensive AWS tactics.
Hands-on experience with AWS recon, IAM escalation, EC2/IMDS exploitation, S3/RDS data exposure, serverless/API attacks, EKS identity abuse, KMS/Secrets misuse, and detection evasion.
Basic knowledge of security, networking, and cloud concepts is recommended, but the bootcamp is structured to build your skills progressively.
The bootcamp consists of 4 live sessions (~6 hours each), along with 30-day free lab access, hands-on exercises, and guided training.
Yes, upon successful completion, you will earn the Certified AWS Penetration Tester (CAPT) certification, which validates your red teaming skills.
Yes, all live sessions are recorded and will be made available to participants for future reference.
Ready to Master the Art of Pentesting?
Affordable Price
Unlock your potential with affordable upskilling! Our unbeatable course prices are your chance to level up without breaking the bank.
Lifetime Access
Acquire lifetime access to our resources when you buy our courses. Gain knowledge today and unlock a lifetime of learning.
Certificate of Completion
Upon completing our course, you'll receive a certificate of completion to showcase your new skills. Add it to your resume or LinkedIn profile.
Hands-On Experience
Get hands-on experience with real-world scenarios and challenges, giving you practical skills that you can apply immediately in your career.
Expert Instructors
Learn from industry experts with years of experience in pentesting, who are passionate about sharing their knowledge and helping you succeed.
Flexible Learning
Whether you're a beginner or an experienced professional, our courses are designed to meet you where you are and help you reach your goals.
Get in Touch
Have a question, need assistance, or want to collaborate? We’re here to help!
Whether you're looking for cutting-edge cybersecurity solutions or expert training or want to learn more about our services, contact us today.
By clicking on Continue, I accept the Terms & Conditions,
Privacy Policy & Refund Policy