Project Overview
With over 90% of organizations using the cloud in some form as of 2021 (Source: O-Reilley), cloud security is growing more important. However, very few cloud-focused training modules are available to introduce the skills required to secure this new frontier. The Damn Vulnerable AWS API is a training platform to guide users through testing and securing an AWS environment. The users will perform a penetration test (pentest) within their own AWS environment after deploying our project’s CloudFormation Templates. The goal is to gain complete system control of the AWS environment by following phases commonly found in a pentest, such as Initial Entry, Privilege Escalation, Persistence, and Lateral Movement. The image to the right shows the typical flow of a cyber attack, which is the general form that our attack paths will follow.
Our project is to design and implement two attack paths using common AWS services to model real-world systems. We will implement common vulnerabilities or misconfigurations that the user will exploit as they follow the attack paths. Each attack path has a narrative that models the services into a mock business system, such as a hospital or bank network. Additionally, we will create documentation showing the users how to fix the vulnerabilities that are in the attack paths to teach the users how to prevent breaches in the AWS environments they are exploring. Read our technical documents to learn more about our designs and the process.
Team Members
Andrew Bowen
Scrum Master/Attack Path 1Andrew is majoring in Cybersecurity Engineering with an interest in Red Team work.
Karthik Kasarabada
Client Interaction/Attack Path 1Karthik is a Cybersecurity Engineer with interests in Incident Response, Penetration Testing, and Network Security.
Ashler Benda
Client Interaction/Attack Path 1Ashler is a Cybersecurity Engineer with interests in Incident Response, Network Security, and Infrastructure Engineering.
Ethan Douglass
Testing Lead/Attack Path 2When he is not fortifying digital bastions, you might catch Ethan racing virtual cars, DJing beats that sync with binary rhythms, or mentoring aspiring hackers, channeling his knowledge to shape the next generation of cyber-defenders.
Ahmed Nasereddin
IAM Lead/Attack Path 2Ahmed does not just secure systems; he weaves spells of encryption that defy the grasp of even the most nefarious cyber entities. His knowledge of cryptology is legendary, and his ability to turn the tide against cyber threats is akin to a sorcerer bending reality to his will.
Ayo Ogunsola
IAM Lead/Attack Path 2Ayo does not just stop at securing systems; he engineers genius solutions that leave even the most cunning cyber threats in awe. He is the wizard who dances with the data, turning vulnerabilities into opportunities for innovation. While others see codes, Ayo sees stories waiting to be deciphered.
Garrett Arp
Website Lead/Attack Path 2Stealth is Garrett's second skin. He moves through complex networks like a shadow, leaving no digital footprint. His expertise in penetration testing and threat analysis is so refined that even the most sophisticated cyber adversaries bow down to his prowess.
Weekly Reports
491 - Report 1491 - Report 2
491 - Report 3
491 - Report 4
491 - Report 5
492 - Report 1
492 - Report 2
492 - Report 3
492 - Report 4
Design Documents
491 - Preamble491 - Requirements
491 - Project Plan
491 - Engineering Design
491 - Testing
491 - Design Document
491 - Design Presentation
492 - Midterm Presentation
492 - Midterm Presentation (Video)
492 - Final Report
492 - Poster
492 - Final Presentation (.pdf) (.pptx)
492 - Demo (Video)