Skip to main content

Phase 5: Cloud Security Fundamentals

Author: Dayspring Johnson

How does this phase apply to Cloud?

Security is the biggest challenge to cloud computing. As cloud adoption continues to grow, cloud security incidents and vulnerabilities are equally on the rise.

The individual cloud components you were introduced to in the previous phases all require security in some shape or form. Better yet, security has to be considered from every perspective in order to prevent malicious actors from finding and exploiting vulnerabilities in our cloud environments which could potentially lead to data or infrastructure compromise.

Here's one of my favorite articles by Christophe Tafani-Dereeper that covers Cloud Security Breaches and Vulnerabilities:

I also recommend checking out Securing DevOps: Security in the Cloud by Julien Vehent which covers several of the core components for protecting cloud infrastructure, logging, detecting threats and so on. It even has practical and visual aids that help in learning these concepts.

Another book recommendation is Practical Cloud Security: A Guide for Secure Design and Deployment by Chris Dotson. This book is a good complimentary resource to the previous book as it goes in-depth into various concepts, standards, frameworks and principles required for cloud security, and as the name implies, it is practical.

Always remember this, you can not secure what you do not understand, so make sure to understand the architectural and core components of the cloud so that you can properly secure them.


Cloud PlatformTitleDescription
AWS, Azure & GCPHacking The CloudHacking the cloud is an encyclopedia of the attacks/tactics/techniques that are common in cloud exploitation.
AWSFlaws.CloudfThrough a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
AWSFlaws2.CloudSimilar to the original Flaws.Cloud Challenge this tutorial teaches you AWS security concepts but this time from both an offensive and defensive perspective
AWSCloud GoatCloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool that allows you to hone your cloud cybersecurity skills by creating and completing several "capture-the-flag" style scenarios.
AWSSadcloudSadcloud is a tool for spinning up insecure AWS infrastructure with Terraform. You can test your AWS security knowledge against these infrastructure.
AWSAWS Well-Architected Labs: SecurityThe security labs are documentation and code in the format of hands-on labs to help you learn, measure, and build using architectural best practices.
AWSAttack Detection FundamentalsThis three-part series explores an end-to-end kill chain in AWS and log entries for detection & analysis.
AzureAttack Detection FundamentalsThis three-part series explores an end-to-end kill chain in Azure and log entries for detection & analysis.
AzureCONVEXCloud Open-source Network Vulnerability Exploitation eXperience (CONVEX) spins up Capture The Flag environments in your Azure tenant for you to play through.
AzureSecuring Azure Infrastructure - Hands on Lab GuideA hands on guide to securing azure infrastructure using various azure security controls.
AzureAzure Security TechnologiesVarious labs scenarios covering azure security.
AzureCreate an Azure Vulnerable LabA four-part series explaining azure vulnerabilities.
AzureAzure GoatAzureGoat : A Damn Vulnerable Azure Infrastructure
AzurePurple CloudA little tool to play with Azure Identity - Azure Active Directory lab creation tool
GCPGCP GOATGCP-Goat is intentionally vulnerable GCP environment to learn and practice GCP Security
GCPThunderCTFThunder CTF allows players to practice attacking vulnerable cloud projects on Google Cloud Platform (GCP). In each level, players are tasked with exploiting a cloud deployment to find a "secret" integer stored within it.
KubernetesKubernetes GoatKubernetes Goat is an interactive Kuberenetes Security Learning Playground


Cloud PlatformTitleDescription
AWSThreat Detection With AWS GuardDutyA tutorial showing how to use AWS GuardDuty to detect threats.
AWSAWS Threat Simulation & DetectionThis doc shows the use of Stratus Red Team & SumoLogic for attack & detection/analysis. This can replicated using any other SIEM.
AzureAzure Cloud Detection Lab(Blog), Azure Cloud Detection Lab(Videos)A hands-on project showing how to detect threats in an azure environment using Azure Sentinal.
AzureSIEM Tutorial for Beginners Azure Sentinel Tutorial MAP with LIVE CYBER ATTACKS!A hands-on project showing how to set up a honey pot and analyzing malicious traffic using Azure Sentinel.

Things you should be familiar with at the end of this phase

  • An understanding of core IAM concepts (Users, Roles, Policies, Groups, Service Accounts/Principals, etc.)
  • An understanding of how authentication works in the cloud.
  • An understanding of secure cloud storage, compute, networking, applications and so on .
  • Common security vulnerabilities and misconfigurations in the cloud.
  • How to investigate cloud logs and determine if a cloud environment has been compromised.
  • How to simulate attacks against cloud environments.
  • How to deploy vulnerable infrastructure in the cloud for security testing.
  • Knowledge and usage various cloud security tools.

Certifications you might want to look into

Practical Certifications (training included)

These are lesser know certifications but they are focused on giving you the training needed as well as hands-on certifications where you put the skills you've learned to use, rather than clicking through multiple choice questions.