Project Overview

  With over 90% of organizations using the cloud in some form as of 2021 (Source: O-Reilley), cloud security is growing more important. However, very few cloud-focused training modules are available to introduce the skills required to secure this new frontier. The Damn Vulnerable AWS API is a training platform to guide users through testing and securing an AWS environment. The users will perform a penetration test (pentest) within their own AWS environment after deploying our project’s CloudFormation Templates. The goal is to gain complete system control of the AWS environment by following phases commonly found in a pentest, such as Initial Entry, Privilege Escalation, Persistence, and Lateral Movement. The image to the right shows the typical flow of a cyber attack, which is the general form that our attack paths will follow.

 Our project is to design and implement two attack paths using common AWS services to model real-world systems. We will implement common vulnerabilities or misconfigurations that the user will exploit as they follow the attack paths. Each attack path has a narrative that models the services into a mock business system, such as a hospital or bank network. Additionally, we will create documentation showing the users how to fix the vulnerabilities that are in the attack paths to teach the users how to prevent breaches in the AWS environments they are exploring. Read our technical documents to learn more about our designs and the process.

Team Members

Andrew Bowen

Scrum Master/Attack Path 1

Andrew is majoring in Cybersecurity Engineering with an interest in Red Team work.

Karthik Kasarabada

Client Interaction/Attack Path 1

Karthik is a Cybersecurity Engineer with interests in Incident Response, Penetration Testing, and Network Security.

Ashler Benda

Client Interaction/Attack Path 1

Ashler is a Cybersecurity Engineer with interests in Incident Response, Network Security, and Infrastructure Engineering.

Ethan Douglass

Testing Lead/Attack Path 2

When he is not fortifying digital bastions, you might catch Ethan racing virtual cars, DJing beats that sync with binary rhythms, or mentoring aspiring hackers, channeling his knowledge to shape the next generation of cyber-defenders.

Ahmed Nasereddin

IAM Lead/Attack Path 2

Ahmed does not just secure systems; he weaves spells of encryption that defy the grasp of even the most nefarious cyber entities. His knowledge of cryptology is legendary, and his ability to turn the tide against cyber threats is akin to a sorcerer bending reality to his will.

Ayo Ogunsola

IAM Lead/Attack Path 2

Ayo does not just stop at securing systems; he engineers genius solutions that leave even the most cunning cyber threats in awe. He is the wizard who dances with the data, turning vulnerabilities into opportunities for innovation. While others see codes, Ayo sees stories waiting to be deciphered.

Garrett Arp

Website Lead/Attack Path 2

Stealth is Garrett's second skin. He moves through complex networks like a shadow, leaving no digital footprint. His expertise in penetration testing and threat analysis is so refined that even the most sophisticated cyber adversaries bow down to his prowess.





Weekly Reports

491 - Report 1
491 - Report 2
491 - Report 3
491 - Report 4
491 - Report 5

492 - Report 1
492 - Report 2
492 - Report 3
492 - Report 4


Design Documents

491 - Preamble
491 - Requirements
491 - Project Plan
491 - Engineering Design
491 - Testing
491 - Design Document
491 - Design Presentation

492 - Midterm Presentation
492 - Midterm Presentation (Video)
492 - Final Report
492 - Poster
492 - Final Presentation (.pdf) (.pptx)
492 - Demo (Video)