What is the Certified Cloud Pentesting eXpert – Amazon Web Services (CCPenX-AWS) Exam?
The Certified Cloud Pentesting eXpert (CCPenX-AWS) exam is an expert-level exam that evaluates a candidate’s practical expertise in the field of AWS cloud security through real world scenario-based challenges in AWS cloud environments.
Who Should Take This Pentest Exam?
The Certified Cloud Pentesting eXpert (CCPenX-AWS) exam caters to security professionals, including cloud security engineers, security analysts, penetration testers, red team members, and individuals with a strong interest in cloud security. This exam evaluates candidates’ in-depth knowledge of cloud security exploitation and their ability to demonstrate expertise in this field.
What Is The Format Of This Pentest Exam?
This will be a practical CTF-style exam. The time duration of the exam is 7 hours. The exam can be taken online, anytime (on-demand) and from anywhere. The exam will cover a variety of questions to test candidate’s ability to identify and exploit various vulnerabilities on the AWS cloud environment.
What Is The Pass Criteria For The Pentest Exam?
The pass criteria are as follows:
- Candidates scoring over 60% marks will be deemed to have successfully passed the exam.
- Candidates scoring over 75% marks will be deemed to have passed with a merit.
What Is The Experience Needed To Take The Pentest Exam?
This exam is an expert-level exam which will evaluate and validate candidate’s expertise in conducting penetration testing on AWS cloud environments. It covers a wide array of subjects related to exploiting cloud security, with a particular emphasis on AWS services. Candidates should have in-depth knowledge of identifying and exploiting cloud security misconfigurations, web application exploitation on cloud and leveraging exposed credentials in the application infrastructure.
It is recommended that candidates should have at least 5 years of professional pentesting experience and at least 12 months of cloud security experience to take this exam.
What Will The Candidates Get After The Pentest Exam?
On completing the exam, each candidate will receive:
- A certificate with their pass/fail and merit status.
- The certificate will contain a code/QR link, which can be used by anyone to validate the certificate.
What is the exam retake policy?
Candidates, who fail the exam, are allowed 1 free exam retake within the exam fees.
What Are The Benefits Of This Pentest Exam?
The exam will allow candidates to demonstrate their understanding of AWS Cloud Security. This will help them to advance in their career.
Will You Provide Any Training That Can Be Taken Prior To The Exams?
Being an independent certifying authority, we (The SecOps Group) do not provide any training for the exam. Candidates should carefully go over each topic listed in the syllabus and make sure they have adequate understanding, required experience and practical knowledge of these topics. Further, the following independent resources can be utilised to prepare for the exams.
| Learning Source | Free/Paid | Type |
|---|---|---|
| AWS Security Masterclass | Free | Video/Slides |
| CWLABS-CARTS | Paid | Training |
| SANS | Paid | Training |
| HTB | Paid | Labs |
| Kontra | Free/Paid | Labs |
| MITRE ATT&CK | Free | Framework |
| IAM-Privilege-Escalation | Free | Labs |
| Cloudfoxable | Free | Labs |
| Cloudsec Tidbits | Free | Labs |
| Flaws Cloud | Free | Labs |
| Flaws2 Cloud | Free | Labs |
| Cloudgoat | Free | Labs |
| Bigiamchallenge | Free | Labs |
| Attack Defend Serverless Applications | Free | Labs |
| AWSGoat | Free | Labs |
| Kubernetes Goat | Free | Labs |
| AWS Security Workshops | Free | Labs |
| Sadcloud | Free | Labs |
Exam syllabus
Enumeration:
- Web Services and DNS Enumerations
- DNS Lookups
- Reverse DNS Lookups
- Content Discovery
- Crawling and Spidering
- Subdomain Enumeration
- Enumerating AWS Infrastructure
- S3 Bucket enumeration
- EC2 Instances Enumeration
- VPC Enumeration
- IAM Enumeration
- Cloudfront Enumeration
- EBS Enumeration
- EKS Enumeration
- Route 53 Enumeration
- Enumerating other AWS Services
Identity and Access Management:
- Discovering IAM Policies and Roles
- Discovering AWS Security Token Service (AWS STS) used to provide temporary access
- Misconfigured StorageServices such as S3, RDS, EBS
- Security Misconfigurations in database services such as DynamoDB
- Identifying AWS Cognito Service
Vulnerability Identification:
- Identify Vulnerable AWS Services
- EC2 Instances
- Lambda Serverless Computing
- Elastic Beanstalk
- Elastic Kubernetes
- Identify Entry Points within AWS Hosted Applications
- SQL Injection
- Remote Code Execution
- Server Side Request Forgery
- XML External Entity attack
Exploiting AWS:
- Performing OSINT Techniques
- Stealing the IAM credentials from AWS Service
- Metadata Service such as Instance Metadata Service (IMDS)
- Insecure Cloud Storage, such as EBS and S3 Bucket
- Secrets Manager
- Environment Variables
- System Manager Parameter Store
- Database and other services such as DynamoDB and Document DB
- Lateral Movement via exposed Credentials
- Exploring the Logging and Monitoring Services such as CloudWatch, EventBridge
- Alert and Notifications Services such as Lambda, Amazon Simple Notification Service(SNS), Security Hub etc.
Best Security Practices and hardening techniques:
- TLS Related Issues
- VPN Services
- Weakness in SSH, RDP, Systems Manager, Session Manager
- Load Balancer Related Issues
- IDS / IPS Misconfigurations
