Certified Cloud Pentesting eXpert-AWS

Certified Cloud Pentesting eXpert-AWS

Certified Cloud Pentesting eXpert-AWS
(CCPenX-AWS)

The Certified Cloud Pentesting eXpert (CCPenX-AWS) exam is an expert-level exam that evaluates a candidate’s practical expertise in the field of AWS cloud security through real world scenario-based challenges in AWS cloud environments.

  • Practical
  • 7 Hours
  • Online
  • On-demand
  • Real world pentesting scenarios
£400

Our Candidates Say it Best

Daniel Șerbu

Daniel Șerbu

Penetration Tester | Ethical Hacker | Application Security | Cloud Security | CCPenX-AWS

The CCPenX-AWS is an expert-level certification that evaluates practical expertise in AWS cloud security through real-world scenario-based challenges. Achieving this certification involved a rigorous 7-hour CTF-style exam, testing my ability to identify and exploit various vulnerabilities in AWS cloud environments. The exam was not only challenging but also a great learning experience, further enriching my knowledge and expertise. The support from The SecOps Group was exceptional, and I highly recommend this certification to anyone looking to advance their skills in cloud security.

Jorge Barreto Olivos

Jorge Barreto Olivos

AWS x13 | Cloud Security Architect | CCPenX-AWS

I had the opportunity to take the Certified Cloud Pentesting eXpert - AWS (CCPenX-AWS) certification from The SecOps Group. A certification that assesses practical AWS cloud security skills through real-world scenario-based challenges over 7 hours. I really liked the approach they gave to the scenarios: a) exploiting vulnerabilities through applications built on AWS resources and b) exploiting misconfigurations. There is still a long way to go in the world of cybersecurity and the cloud, but little by little we are making progress.

Abhishek Narasimhan

Abhishek Narasimhan

Manager - Detection & Response Engineering at Securonix | CCPenX-AWS

One More!! Took down "Certified cloud pentesting expert - AWS" this was fun exam where you have to collect flags, and no report. If you really have experience in cloud penetration testing I would suggest taking this up. This is just exam and not training involved. Thanks The SecOps Group for the good environment and a nice exam.

Who should take this exam?

The Certified Cloud Pentesting eXpert (CCPenX-AWS) exam caters to security professionals, including cloud security engineers, security analysts, penetration testers, red team members, and individuals with a strong interest in cloud security. This exam evaluates candidates' in-depth knowledge of cloud security exploitation and their ability to demonstrate expertise in this field.

What is the format of the exam?

This will be a practical CTF-style exam. The time duration of the exam is 7 hours. The exam can be taken online, anytime (on-demand) and from anywhere. The exam will cover a variety of questions to test candidate's ability to identify and exploit various vulnerabilities on the AWS cloud environment.

What is the pass criteria for the exam?

The pass criteria are as follows:

  • Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
  • Candidates scoring over 75% marks will be deemed to have passed with merit.

What is the experience needed to take the exam?

This exam is an expert-level exam which will evaluate and validate candidate's expertise in conducting penetration testing on AWS cloud environments. It covers a wide array of subjects related to exploiting cloud security, with a particular emphasis on AWS services. Candidates should have in-depth knowledge of identifying and exploiting cloud security misconfigurations, web application exploitation on cloud and leveraging exposed credentials in the application infrastructure.

It is recommended that candidates should have at least 5 years of professional pentesting experience and at least 12 months of cloud security experience to take this exam.

What will the candidates get?

On completing the exam, each candidate will receive:

  • A certificate with their pass/fail and merit status.
  • The certificate will contain a code/QR link, which can be used by anyone to validate the certificate.

What is the exam retake policy?

Candidates, who fail the exam, are allowed 1 free exam retake within the exam fees.

What are the benefits of this exam?

The exam will allow candidates to demonstrate their understanding of AWS Cloud Security. This will help them to advance in their career.

How long is the certificate valid for?

The certificate does not have an expiration date. However, the passing certificate will mention the details of the exam such as the exam version and the date. As the exam is updated over time, candidates should retake the newer version as per their convenience.

Will you provide any training that can be taken before the exam?

Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics. Further, the following independent resources can be utilised to prepare for the exams.

Learning Resources

AWS Security Masterclass

Free/Paid:free

Type:Video/Slides

CWLABS-CARTS

Free/Paid:paid

Type:Training

SANS

Free/Paid:paid

Type:Training

HTB

Free/Paid:paid

Type:Labs

Kontra

Free/Paid:both

Type:Labs

MITRE ATT&CK

Free/Paid:free

Type:Framework

IAM-Privilege-Escalation

Free/Paid:free

Type:Labs

Cloudfoxable

Free/Paid:free

Type:Labs

Cloudsec Tidbits

Free/Paid:free

Type:Labs

Flaws Cloud

Free/Paid:free

Type:Labs

Flaws2 Cloud

Free/Paid:free

Type:Labs

Cloudgoat

Free/Paid:free

Type:Labs

Bigiamchallenge

Free/Paid:free

Type:Labs

Attack Defend Serverless Applications

Free/Paid:free

Type:Labs

AWSGoat

Free/Paid:free

Type:Labs

Kubernetes Goat

Free/Paid:free

Type:Labs

AWS Security Workshops

Free/Paid:free

Type:Labs

Sadcloud

Free/Paid:free

Type:Labs

Exam Syllabus

 

Enumeration:

  • Web Services and DNS Enumerations
    • DNS Lookups
    • Reverse DNS Lookups
    • Content Discovery
    • Crawling and Spidering
    • Subdomain Enumeration
  • Enumerating AWS Infrastructure
    • S3 Bucket enumeration
    • EC2 Instances Enumeration
    • VPC Enumeration
    • IAM Enumeration
    • Cloudfront Enumeration
    • EBS Enumeration
    • EKS Enumeration
    • Route 53 Enumeration
    • Enumerating other AWS Services
 

Identity and Access Management:

  • Discovering IAM Policies and Roles
  • Discovering AWS Security Token Service (AWS STS) used to provide temporary access
  • Misconfigured StorageServices such as S3, RDS, EBS
  • Security Misconfigurations in database services such as DynamoDB
    • Identifying AWS Cognito Service
 

Vulnerability Identification:

  • Identify Vulnerable AWS Services
    • EC2 Instances
    • Lambda Serverless Computing
    • Elastic Beanstalk
    • Elastic Kubernetes
  • Identify Entry Points within AWS Hosted Applications
    • SQL Injection
    • Remote Code Execution
    • Server Side Request Forgery
    • XML External Entity attack
 

Exploiting AWS:

  • Performing OSINT Techniques
  • Stealing the IAM credentials from AWS Service
    • Metadata Service such as Instance Metadata Service (IMDS)
    • Insecure Cloud Storage, such as EBS and S3 Bucket
    • Secrets Manager
    • Environment Variables
    • System Manager Parameter Store
    • Database and other services such as DynamoDB and Document DB
  • Lateral Movement via exposed Credentials
  • Exploring the Logging and Monitoring Services such as CloudWatch, EventBridge
  • Alert and Notifications Services such as Lambda, Amazon Simple Notification Service(SNS), Security Hub etc.
 

Best Security Practices and hardening techniques:

  • TLS Related Issues
  • VPN Services
  • Weakness in SSH, RDP, Systems Manager, Session Manager
  • Load Balancer Related Issues
  • IDS / IPS Misconfigurations