Summary

I recently finished the Breaching AWS course from CloudBreach and obtained the Offensive AWS Security Professional (OAWSP) certification. This will be a brief review of the course content and exam.

I went into this course with pretty minimal AWS experience, offensive or otherwise. I interact with AWS to deploy EC2 instances, CloudFront domains, etc. on consulting assessments, and I knew how to run aws sts get-caller-identity if I found a pair of access keys laying around.

I purchased the $799 package for the 60 days of lab access (you can’t stop/start lab time - once you click start you get X days from that point), but in hindsight I’d choose the $599 option with the minimum 30 days of lab access.

I’d estimate the course material (including labs) took me 16 hours to work through and I’ve seen others in the Discord server estimate 1-2 hours a night over 2 weeks to complete the material.

Recommendation

I would recommend the course if you are looking for a beginner AWS course or introduction to AWS exploitation. Coming out of the course, I can say I have a much better game plan for AWS recon and exploitation the next time I find a pair of access keys. However, the course does not go super in-depth anywhere, to the point I could say I’ve learned any advanced techniques or tradecraft. Nothing wrong with that, but if you already know basics of AWS resource exploitation and/or are familiar with using the AWS CLI to enumerate and abuse permissions, I’m not sure you would learn a ton of new tricks from the course.

Breaching AWS Course

The course is broken out into 13 modules in the form of a CTF, with each module generally focusing on one AWS resource type (S3, EC2, ECR, IAM, etc.) or attack (SSO phishing, SSM abuse, etc.). Each module has some content to read and then a lab to work through, loosely guided by flag prompts. Each lab also has a descriptive walkthrough if you get stuck or need a hint.

Course Pros

• The labs are the biggest pro in my opinion

  • Most of your learning is hands-on labs in a live AWS environment (limited to the CLI for the most part)

  • As you progress through the labs, you compromise different AWS accounts/roles, each with permissions scoped to the current module’s focus

  • Overall, I found the labs to be straightforward and pretty fun to solve

• Almost everything in the labs can be completed using the AWS CLI, but you’re also introduced to Pacu (and a few more situational tools), which you can optionally use throughout the course

  • While you’re not instructed much on how to use Pacu, the labs make a great environment to test it out and gain a feel for it on your own

Course Cons

• The course content to read, outside the labs, felt scarce

  • Time to read the content for each module, prior to starting the labs, probably averaged 5 minutes

• Content doesn’t include any [explicit] details that come from real-world experience of the course developers

  • How resources are commonly configured or used by enterprises

  • Resource exploitation in the labs leads to “data” compromise, always in the form of new access keys (to progress the labs, understandably), but I was often left wondering what type of data the course developers have generally found or would expect to find within different resources

  • Example: you gain unauthorized access to a simple notification service (SNS) or message broker (MQ) and pull access keys from data within. Nowhere does the course state how enterprises integrate (theoretically, or seen in the field) these AWS resources with workflows/software/applications or what you, as an offensive practitioner, might look to gain from unauthorized access to them

Breaching AWS Exam

The exam consists of a dedicated AWS environment that you need to progress through to accomplish a stated objective, within 24 hours. You have an additional 24 hours to submit a brief report with the details of your attack path.

While the course definitely prepares you for the exam, not everything in the exam is directly covered in the materials. The methodology developed through the course modules sufficiently got me through any “new” content, and I thought it was a positive to have to learn and apply something slightly new, that’s not directly covered in your prep notes. I think the exam took me roughly 3.5 hours in one sitting to complete, then I took a break before writing a small report (5 pages) to submit.

Conclusion

I didn’t find a ton of info out there on this course when I was researching it. Hopefully this review helps someone else out there!