These are my personal opinions based on my background and training experience.
The course reviewed is Simply Cyber Academy's Introduction to AWS Pentesting by Tyler Ramsbey.
This course material is online content which is made up of videos and text.
The online content is just for the student.
The lab environment is hosted on Cybr / Pwnd Labs, or created by the student in a Free Tier AWS account they create, and then the labs are deployed with CloudGoat.
At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)
$20 one-time purchase
I was the team lead of a red team OP testing cloud. I spent time testing websites as an outsider and time testing AWS as an insider. That OP was fun, but I never felt like I had enough knowledge to really test things to the fullest extent. When I saw this course posted to LinkedIn, I didn't hesitate to click and purchase it. It did take me a few days to find the time and actually start the course, but when I started, I raced through it. This was by far the most fun I have had during any type of training course in the past few years.
There are 10 sections with 65 lessons, and in those sections, there are 39 videos with content that spans over 5 hours of playing time.
Welcome To The Course!
The Course Introduction just gives an overview of the course, and a bit of background about Tyler. It also mentions some requirements for the course, and they are all fairly basic. There was mention of a free Intro to Hacking Methodology course (available on Simply Cyber Academy) that I wasn't aware of but this was the optional requirement. https://academy.simplycyber.io/l/pdp/introduction-to-hacking-methodology
Configuring the Lab Environment
As you can tell from the very well worded lesson titles, this section walks you through creating a free tier AWS account, setting up a budget alert, configuring the AWS CLI, installing CloudGoat, installing Pacu, and finally creating free accounts on Cybr and Pwned Labs.
I know back when I first setup my free AWS account, I was terrified about getting charged massive amounts of money, so I highly recommend following the budget alert lesson and making sure you don't get a surprise bill. That saves you from logging in several times a day just to check your current bill.
Sections 3 - 4
These two sections cover spinning up labs in Cyber and Pwned Labs and doing enumeration both manually and through Pacu.
The sections both cover information about the topic listed in the section title, provide a cheat sheet of commands for manual enumeration, and present challenge labs and then provide walkthroughs of the challenge labs.
It was really cool getting to use both Cyber and Pwned Labs to do the first two labs and I loved the manual and Pacu options.
Sections 5 - 7
These sections cover spinning up your own labs using CloudGoat. They cover information about the topic listed in the section title, provide a cheat sheet of commands for manual enumeration, and present challenge labs and then provide walkthroughs of the challenge labs. Finally, they show you how to destroy the CloudGoat environments in AWS.
Sections 8 - 9
These sections cover Capstone Challenges. You spin up these Capstone Challenges using CloudGoat. You are expected to do your own research into the AWS technology present in the challenge, and then complete the challenge on your own if at all possible. Don't worry, the walkthrough for each section will explain a process for researching the technology as well as exploiting and completing the capstone challenge.
You are also encouraged to do a walkthrough and submit it. I haven't done this part yet, but maybe I will create a subpage here and provide a walkthrough and then submit it via the course form. I have a project planned for the future which will probably require me to start making videos so maybe I will do a video walkthrough...maybe!
Course Conclusion
Just like what the section/lesson titles say, this is information for your next steps in your career and a place to provide course feedback and thus the conclusion of the course.
I ended up leaving the first CloudGoat scenario deployed while I completed section 5 and 6. Once I was done, I went to the "Destroy the Cloudgoat Scenario" lesson and followed along with the instructions. I do not know what happened, but something caused all my AWS configs to be wiped clean so when I tried to destroy the CloudGoat scenario I got access denied errors. I started having nightmares of having to go in a manually cleanup my account, and I just about worked myself into a panic. Then I thought, ok... let me setup the CloudGoat profile and check things from the AWS CLI and see what access I have or don't have just like I had been taught in the course to that point. I setup a CloudGoat profile in AWS CLI like I originally did, did some test and all seemed fine, and then I reran the destroy command and it worked. Yes, I do think I had that 'whoami' command memorized at that point!
And as of right now, with all the testing I did over two days, I owe Amazon less than a dollar. So all totaled, less than $23.00 for an amazing experience.
There is currently no exam for this course.
I had a lot of fun with this course. It was short and sweet, packed full of great information, and provides the foundation needed to continue your AWS learning. I highly recommend this course if you are interested in getting started with Amazon Web Services (AWS) penetration testing.