Workshops

Windows Attacks & Defenses (FR)

2 days training, by Julien Oberson & Deniz Mutlu

This training will be given in FRENCH

Normal price: CHF 1500.-
Student price: CHF 800.-
Special student price (Diplôme fédéral, MAS MSSI, MAS Infosec): CHF 1200.- 

DESCRIPTION

This training will familiarize system administrators and security professionals of any level with modern Windows attacks and best security practices, such as Windows security components and protocols, network scanning, Metasploit, lateral movements, credentials theft and vulnerability exploitation. After covering a large attack overview, the course introduces the latest Microsoft security features, such as Windows monitoring and log analysis, credentials protection, advanced authentication system, privileged access management, and much more. After that the course, members will understand how to protect their infrastructure against modern attacks. Gets your hands dirty: This class is practice-oriented, lectures present real-world attacks and defenses methods that participants put into practice.

ABOUT THE TRAINERS

The course gives an idea of how pentesters and hackers think, and the best way to defend against them. To do so, this training is given by a duo of Red Team / Blue Team engineers. Both trainers have in combination more than 15 years of experience in offensive and defensive security.

COURSE OUTLINE

Day 1

  • Windows Security Models (Authentication, Kerberos, NTLM, Active Directory)
  • Windows Network Discovery (Network Scan, Active Directory Discovery, PingCastle)
  • Metasploit in a nutshell (Modules, Exploit, Meterpreter)
  • Lateral Movements (Pass-the-hash, Pass-the-ticket, Kerberoast, GPP, Bloodhound)
  • Physical Attacks (Coldboot attack, DMA, Bitlocker, Secureboot)
  • Vulnerability Exploitation & Protections (ASLR, MS17-010)

Day 2

  • Windows Monitoring & Log Management (Windows event forwarding, Sysmon)
  • Understanding Protection Techniques
  • Privileged Access Management (Logon Types, GPP, Restricted Admin, Powershell Remoting, DSC, JEA, GMSA)
  • Advanced Authentication Systems (vSmartCard, Windows Hello, MFA)
  • Credential Protections (LSA Protection, VSM, Credential Guard)
  • Active Directory Auditing tools
  • Monitoring System Activity (Sysinternals tools)
  • Anti-virus evasion (Windows Defender, AppLocker, Device Guard, Software restriction policy, Attack Surface Reduction)

CLASS REQUIREMENTS

Participants should have some familiarity with Windows Domains. A notebook capable of running an SSH/RDP client in order to connect to the infrastructure containing the exercises. The training will be given in French.

Register

Mastering Burp Suite Pro, 100% hands-on (EN)

3 days training, by Nicolas Grégoire

This training will be given in ENGLISH

Price: CHF 2250.- 

DESCRIPTION

As nicely said in PoC||GTFO Volume II, « This is not a book about astronomy; rather, this is a book about telescopes ». In the same spirit, this training isn’t about Web hacking. Instead, this training is for Web hackers who want to master their toolbox. Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding.

ABOUT THE TRAINERS
Nicolas Grégoire (aka @Agarri_FR) has nearly 20 years of experience in penetration testing and auditing of networks and (mostly Web) applications. He is an official Burp Suite Pro trainer since 2015, and trained hundreds of people since then, either privately or during infosec events. Outside of that, he runs Agarri, an one-guy company where he finds security bugs for customers and for fun. His public security research (that mostly deals with XML, XSLT and SSRF) was presented at numerous conferences around the world (HackInTheBox, ZeroNights, HackInParis, Nullcon, ...). He was also thanked by numerous vendors for responsibly disclosing vulnerabilities in their products and services, directly or through bug bounty programs.
COURSE OUTLINE

Every trainee goes through the main track, composed of nearly 100 challenges. Plenty of additional ones are available, depending on your speed, taste, skills and professional needs. No way to get bored! Among the available challenges: complex brute-force, data extraction, support of custom formats, automatic management of anti-CSRF tokens, WebSockets, weak cryptography, webhooks, NoSQL injections, authorizations bugs, aggressive disconnection, JWT-authenticated APIs, arbitrary Java deserialization, blind stored XSS, instrumented Java applications, strict workflows, ...

Day 1
After an introduction to the training platform and its challenges, this day is spent on well defined tasks where the goal is to find flags, like in CTF contests. We practice basic automation using tools like Proxy, Repeater and Intruder. The goal is to improve the speed of our interactions with the tool, while monitoring and self-assessing our attacks.

  • Introduction: rules and advice, connecting to the network, description of the training platform and its challenges
  • Getting started: navigating the GUI, loading custom options, using hotkeys, sorting and filtering data
  • Match & Replace: well-known examples, live traffic modifications
    Repeater: keyboard-only usage, replaying WebSockets traffic, dealing with streamed data
  • Intruder: coverage of all attack types and most payload types, automatic processing of results with “Grep – Match” and “Grep - Extract”, data extraction, managing CSRF-tokens without session handling rules, atypical injection points, frobbing and fuzzing.

Day 2

On the second day, challenges get more realistic: solving them requires a good understanding of the underlying application and the usage of multiple Burp Suite tools, possibly including extensions. Additionally, we keep working on the efficiency of the testing workflow (using shortcuts or extensions) and on self-monitoring (now with Logger++). The latter skill will prove itself invaluable when working on session handling rules.

  • Traffic interception: HTTP exchanges and WebSocket messages are intercepted and modified on the fly, in order to bypass client-side protections or to subvert the logic of (emulated) mobile apps. That’s the only section where “Intercept is On” isn’t a problem
  • Macros and session handling rules for Web applications: terminology, basic setups, common use-cases (like managing CSRF tokens or logging-in automatically), applying session handling rules to third-party tools like sqlmap. Note that dealing with Web services (either SOAP or REST) is quite different and is covered in the separate section, on the third day
  • Extensions: review and testing of the most useful and/or popular extensions (Logger++, Hackvertor, JSON Beautifier, Paramalyzer, Turbo Intruder, ...)

Day 3
The third day is used to dig deeper in advanced subjects. That covers authorization testing, custom active scanning, Web Services and much more! Built-in features are pushed to their limits, and extra ones provided by extensions are commonly used.

  • Authorization testing: from quick tests w/o specific configuration to deep tests requiring business-specific knowledge (extensions “Authz”, AutoRepeater”, “SessionAuth” and “AuthMatrix” are covered)
  • REST and SOAP WebServices: why is a specific toolbox needed, generating requests from definition files (WSDL, OpenAPI, ...), using session handling rules to manage authentication in cookie-less environments
  • Two-way communication with the target: deploying and using a private Collaborator instance, patching the target byte-code with Infiltrator in order to receive additional details (filename, line number, ...), running an Infiltrator-only active scan
  • Scans and live tasks: differences between v1 and v2 (terminology, GUI, usage), using the scanner like in v1, description and testing of the much-improved crawler, configuring and running specialized scans, observing the oriented-graphs generated during crawling, using these graphs with “Crawl and Audit” (in order to audit CSRF-protected forms without macros)
  • Headless usage: driving Burp Suite Pro via a REST API (provided by 3rd-party extensions)
  • Vuln-specific tooling: Blind XSS, from builtin features to 3rd-party tools like Sleepy Puppy

CLASS REQUIREMENTS

  • Working knowledge of common Web vulnerabilities (XSS, SQLi, SSRF, ...)
  • Basic knowledge of Burp Suite (UI navigation, traffic interception and replay)
  • Decent laptop (no Netbooks, no Tablets, no iPads)
  • Wireless connectivity (either builtin or via a external card)
  • 64-bit OS supported by Burp Suite Pro (Linux, Windows or Mac)
  • Administrative privileges (in order to configure network settings)
  • Modern browser (no IE6, no Epiphany

Register

Modern Linux Exploitation (EN)

3 days training, by Adrien Stoffel

This training will be given in ENGLISH

Normal price: CHF 2250.-
Student price: CHF 1200.-
Special student price (Diplôme fédéral, MAS MSSI, MAS Infosec): CHF 1800.- 

DESCRIPTION

During this training students will learn how to exploit vulnerabilities and bypass current security mitigations on Linux systems, against both local and remote targets. The training will start with a refresher on modern stack buffer overflows and then present other vulnerabilities classes, with a emphasis on heap exploitation and packed with many practice labs.

This training is for security professionals and/or CTF enthusiasts who want to improve their pwning skills.

ABOUT THE TRAINER

Adrien Stoffel (@__awe) is a full stack pwner at Bugscale SA, where he focuses on security research. He's been involved in the CTF community for more than 6 years and he currently leads the 0daysober team. While he focuses on Linux exploits he also loves to tackle some Windows challenges. He has also created the W3Challs hacking platform, hosting challenges in categories including web, crypto, and userland/kernel pwnables.

COURSE OUTLINE

Topics for the first part of the course include:

  • Review of the current state of Linux userland security
  • ROP and JOP techniques on Intel x86 and x86_64 architectures
  • SSP bypasses
  • Other vulnerability classes
  • Miscellaneous tips and tricks relevant to both real life exploits and CTFs
  • Improving exploit reliability
  • C++ exploitation (vftables, corruption of std objects...)

Then we will dive into heap-based exploitation and detail the inner workings of the glibc heap allocator so that you can finally understand the magic behind ptmalloc and how it can be abused to achieve remote code execution. Once you have made sense out of the allocator, we'll move onto exploitation, with step-by-step practice labs:

  • manipulate allocations to put the heap in a deterministic state
  • concepts behind heap overflow and Use After Free vulnerabilities
  • discover the memory layout using some heap-fu to defeat Full-ASLR
  • abuse heap data to get code execution or arbitrary read/write primitives
  • achieve the same results with metadata-only techniques
  • find the best suitable target to get code execution

CLASS REQUIREMENTS

This training requires some basic to intermediate knowledge in binary exploitation. You are expected to:

  • be at ease with UNIX environments and know any scripting language (such as python or ruby)
  • have a good understanding of the C language and be able to understand basic Intel assembly
  • be familiar with basic exploitation techniques like stack buffer overflows
  • know gdb basics
  • Students must bring a 64-bit laptop with VMware or VirtualBox installed.

Register

Crypto Attacks & Defenses (EN)

2 days training, by JP Aumasson & Philipp Jovanovic

This training will be given in ENGLISH

Normal price: CHF 1500.-
Student price: CHF 800.-
Special student price (Diplôme fédéral, MAS MSSI, MAS Infosec): CHF 1200.- 

DESCRIPTION

This training familiarizes developers and security professionals of any level with modern cryptography concepts and best practices. It covers basic notions, including randomness generation, authenticated encryption, and elliptic curves, as well as applications like TLS 1.3, password security protocols, libraries and APIs, and software side-channel attacks. Finally, our training offers an overview of advanced topics including post-quantum cryptography.

We have given cryptography trainings since 2013, and over the years have kept improving our content and format for an optimal learning experience. We strive to make cryptography more approachable and less abstract than in typical teaching material.

The class is

  • Practice-oriented: Lectures present real-world failures and by analyze how they could have been avoided, and exercise sessions consist of a mix of made-up problems and examples of real vulnerabilities found in widely deployed systems.
  • New and unique: We are closely involved in the latest developments in cryptography, and regularly integrate new content into our trainings to follow the latest innovations and applications. Each training session therefore includes fresh and updated content.
  • Interactive: We encourage participants to ask questions about the topics presented or even other topics, which usually leads to interesting discussions.
  • Previous versions of this training were given at events including Black Hat Europe, Troopers, and in private sessions for organizations including Google and Facebook.
ABOUT THE TRAINERS
Both trainers hold PhDs in cryptography and have in combination more than 20 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications. The trainers are also experienced speakers, regularly presenting at leading industry and research conferences all around the world.

JP Aumasson

Jean-Philippe (JP) Aumasson is the founder and managing director of Teserakt, a Swiss-based company specialised in IoT security and offering an end-to-end encryption solution. He is an expert in cryptography and the author of the reference book Serious Cryptography (No Starch Press, 2017). He designed the widely used cryptographic algorithms BLAKE2 and SipHash, which he developed after a PhD from EPFL (Switzerland, 2009). He regularly speaks at leading security conferences about topics such as applied cryptography, quantum computing, or blockchain security. JP also holds advisory roles in Kudelski Security and Taurus Group.

Philipp Jovanovic

Philipp Jovanovic is a post-doctoral researcher at EPFL’s Decentralized and Distributed Systems (DEDIS) Lab, Switzerland. In 2015, he obtained his PhD in cryptography from the University of Passau, Germany and in 2020 he will join the Information Security Research Group (ISRG) at the University College London (UCL) as an Associate Professor. Philipp has worked on a broad set of topics in cryptography, security, privacy, and systems design, including encryption algorithms like NORX and OPP/MRO, and distributed security protocols like ByzCoin, RandHound, OmniLedger or drand. Philipp's research is regularly published at top-tier academic crypto/security venues and you can find him frequently speaking at conferences around the globe.

COURSE OUTLINE
DAY 1, morning
  • Randomness (40min)
  • Randomness notion and applications in cryptography
  • How to safely generate randomness on Linux, Windows, and macOS
  • Examples of real bugs caused by randomness failures
  • Break (15min)
  • Symmetric cryptography (50min)
  • Hash functions: how (not) to use them, which one to choose?
  • Ciphers: AES or not AES? What are the good modes of operations?
  • Authenticated encryption, or how to encrypt and authenticate at once
  • Break (15min)
  • Public-key cryptography (50min)
  • Fundamental differences with symmetric crypto
  • Elliptic curves and ECDH key agreement, ECDSA signatures
  • Which curves to use? Curve25519 or NIST curves?
  • Security concerns: unsafe curves, timing attacks, randomness
  • Performance concern, why using ECC vs RSA

DAY 1 afternoon

  • Hands-on exercise session (~3h)
  • Post-quantum cryptography (40min)
  • Quantum computing basics, myths, and reality
  • Real risk for public-key and symmetric cryptography
  • Classes of post-quantum cryptography, focus on hash-based signatures

DAY 2 morning

  • Cryptography libraries and APIs (40min)
  • Overview of existing libraries (OpenSSL, Sodium, BouncyCastle, NSS, etc.)
  • Difference between low-level libraries and "crypto boxes"
  • How to choose a library? In terms of security, performance, license, etc.
  • Recommendations of safe design approaches
  • Attacking and defending crypto software (40min)
  • Notion of side-channel and info leak in cryptography
  • Example of timing and cache-timing attacks
  • Examples of oracle attacks on symmetric and asymmetric crypto
  • Example of bugs caused by programmer error or compiler behavior
  • Transport Layer Security (TLS) (30min)
  • History and design goals of CSS
  • TLS' security features and limitations
  • TLS 1.3 and its benefits compared to earlier version
  • Securing your client and server TLS configuration

DAY 2 afternoon

  • Hands-on exercise session (~3h)
  • Passwords (40min)
  • How to protect hashed password databases
  • Password-based key derivation and hash algorithms
  • Password-based authentication (SRP, OPAQUE)

The exercise sessions will include the following challenges, and potentially others created specifically for the event based on recent vulnerabilities:

  • Find bugs in weak pseudo-random generators, and fix them
  • Decrypt messages encrypted using RSA without the private key
  • Break a bad implementation of AES-based encryption
  • Implementing the logic of elliptic curve-crypto schemes (DH, DSA, ElGamal)
  • Exploit CBC padding oracles to decrypt messages without the AES key
  • Break the authenticated encryption in the open smart grid protocol
  • Cryptanalyze hash functions to find colliding messages
  • Recover ECDSA private keys by exploiting a flawed randomness generator

CLASS REQUIREMENTS
This training is suitable to any security professional or security-minded developer who has at least some basic understanding of cryptography. You should know the difference between public-key cryptography and secret-key cryptography, but you don't need to know the maths behind. We expect participants to be familiar with basic programming concepts, and it's recommended to be familiar with C and Python syntax, since many exercises are in one of these languages.
Register

Hands-on IoT Vulnerability Research (EN)

3 days training, by Roland Sako

This training will be given in ENGLISH

Normal price: CHF 2250.-
Student price: CHF 1200.-
Special student price (Diplôme fédéral, MAS MSSI, MAS Infosec): CHF 1800.- 

DESCRIPTION

Approaching IoT devices from a security assessment standpoint can be intimidating, especially when you need to work hands-on with hardware but fear not! This is the training for you, if you want to take your first steps into how to discover vulnerabilities in smart devices: homes, cars, routers, PLC’s, medical equipment and other IoT devices.

We will guide you through systematic analysis of IoT devices to identify vulnerabilities. You will interact directly with hardware interfaces, and become comfortable with using the hardware and software tools of the trade to evaluate IoT devices and their firmware. After having played with different devices, you will have a chance to apply your newly learned skills conducting a penetration test against a smart home.

After the training, you will be able to understand the hardware and software attack surface of IoT devices to help them get more secure. Going forward you will tackle the most common situations confidently, including when the firmware is not publicly available. This training is for security professionals and/or CTF enthusiasts who want to improve their pwning skills.

ABOUT THE TRAINER

Roland Sako is a security researcher based in Geneva, Switzerland, working as part of the Kaspersky ICS CERT team. He is particularly interested in embedded devices security and gamification for security related subjects. He previously worked as a security consultant as well as part of the education team of Kaspersky Lab. Roland graduated from the University of Lausanne in Legal Issues, Crimes and IT Security.

COURSE OUTLINE

Topics covered in the class include:

  • IoT vulnerability research
  • Methodology
  • A few cases
  • Overview of our final target (smart home)
  • Information gathering Lab :
  • Hardware reconnaissanc
  • Firmware analysis
  • Intro to different types of firmware
  • Obtaining the firmware
  • Basic firmware analysis – Labs :
  • Firmware static analysis
  • Firmware emulation
  • Hardware Interfaces and protocols
  • Reading datasheets
  • Getting familiar with the hardware tools
  • Passive and active interaction with interfaces – Labs :
  • Identifying pins manually
  • Reading from and writing to an EEPROM with SPI
  • Sniffing I2C buses
  • Gaining root shell, debugging and dumping memory through UART
  • Debugging the target and dumping memory over JTAG
  • Enumerating and interacting with BLE device
  • Analyzing resources
  • Hunting for interesting resources – Labs
  • Finding backdoors and hardcoded secret
  • Binary analysis
  • Intro to reversing ARM binaries using r2 – Labs
  • Automating the process
  • Responsible disclosure
  • Conclusion
  • Final Lab
  • Attacking a smart home

CLASS REQUIREMENTS

  • A laptop with at least 20GB of free space, 4GB of ram and two USB Type-A ports available
  • Virtual Box and admin access to install additional software.
  • Experience with any programming language
  • Familiarity with basic Linux commands
  • Basic knowledge of C and/or C++
  • Basic reverse engineering skills
  • Knowledge of / Grasp of the most common network protocols
  • Experience using a disassembly tool would be helpful, but not necessary

Register

Cloud security Masterclass: Defender's guide to securing public cloud infrastructure (EN)

2 days training, by Abhinav Singh

This training will be given in ENGLISH

Normal price: CHF 1500.-
Student price: CHF 800.-
Special student price (Diplôme fédéral, MAS MSSI, MAS Infosec): CHF 1200.- 

DESCRIPTION

This training focuses on elevating your malware analysis, forensic investigations, and incident response knowledge into the cloud. The hands-on training focuses on building a fully automated malware analysis, threat intelligence, and forensics investigation pipeline by utilizing AWS based cloud infrastructure. We will cover scenarios, exercises and demos about building fully automated and scalable services that can perform both static as well as dynamic malware analysis, forensic artifact collection at scale, performing automated investigations against IAM attacks, gathering threat intelligence as well as creating alerts and reports.

By the end of this training, we will be able to use cloud technologies like Cloudtrail and Cloudwatch to detect IAM attacks, serverless functions to perform on-demand scans, docker containers to deploy our threat scanning services at scale, notification services to create detection alerts, malware-infected virtual machines to perform automated forensic investigations and artifacts collection, DynamoDB and AWS Athena for building real-time threat intelligence and monitoring dashboards.

We will learn to use in-built AWS services along with open source and custom-built tools to connect our file scanning services. In all, we will be building a fully automated incident response as well as threat intelligence pipeline that can be used by large scale security teams and researchers.

The workshop will begin by covering details about public cloud infrastructure like AWS, Azure, and GCP. We will build a technical and architectural understanding of the cloud and its services in the introductory phase. We will then dive into the Identity and access management based attack and defense scenarios along with running security assessments and automated tests against the entire infrastructure.

The second phase of the workshop will cover hands-on tool building for static file scanning of AWS object stores using clamAV and Yara engines. We will cover exercises on building and integrating serverless functions to build services like hash lookup, file-type determination and automated signature update through S3 buckets.

The third phase of the workshop will deal with deploying AWS container services to run malware feature extraction and heuristic detection services at scale. By using real-life scenarios, we will build an alerting and notification service using SNS and slack. This service will integrate with lambda functions and web sockets to notify users when an infection is found. The next exercise of this phase will focus on building automated response and investigation using tags and cloudwatch events.

In the fourth phase of the workshop, we will learn to build real-time threat intelligence dashboards using Amazon Athena and ELK stack. We will learn to write queries to derive rich intelligence out of the collected data.

The final phase of the workshop will focus on forensic investigations in AWS. It begins by creating automated forensic artifact collection, integrating it with automated analysis like building timeline and dumping process memory. We will run through hands-on exercises on building investigation playbooks using step functions to automate most of the investigation and reporting process.

ABOUT THE TRAINER

Abhinav Singh is an information security researcher for Netskope, Inc. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.

COURSE OUTLINE

Day 1

1. Introduction

  • Introduction to cloud services
  • Basic terminologies: IAM, VPC, AMI, serverless, containers etc.
  • Introduction to Logging services in cloud.
  • Introduction to shared responsibility model.
  • Setting up your free tier account.
  • Setting up AWS command-line interface.

2. Detecting and monitoring against IAM attacks

  • Detecting and responding to user account brute force attempts.
  • Detecting compromised credentials of IAM user.
  • Detecting privilege escalation and access permission flaw using aws_escalate.
  • Attacking and defending against user role enumeration.
  • Brute force attack detection using cloudTrail.
  • PagerDuty notification for alarms and notifications.

3. Malware detection and investigation on/for cloud infrastructure

  • Quick introduction to static and dynamic malware analysis
  • Building clamAV based static scanner for S3 buckets using AWS lambda.
  • Integrating serverless scanning of S3 buckets with yara engine.
  • Building signature update pipelines using static storage buckets to detect recent threats.
  • Malware alert notification through SNS and slack channel.
  • Adding advanced context to slack notification for quick remediation.
  • Detecting malware command and control through VPC traffic mirroring and GuardDuty.

Day 2

4. Threat Response & Intelligence analysis techniques on/for Cloud infrastructure

  • Auto remediation of malware files through event notifiers and object tags.
  • Building highly scalable heuristic feature extractor using docker containers.
  • Optimizing the workload with malware file-type identification and hash calculations.
  • Integrating playbooks for threat feed ingestion and Virustotal lookups.
  • Advance alerting and threat intelligence gathering using AWS Elasticsearch and Athena.
  • Building dashboards and queries for real-time monitoring and analytics.
  • Advance Dynamic analysis using cuckoo sandbox on AWS EC2 instance and using DynamoDB.

5. Forensic Acquisition, analysis and intelligence gathering of cloud AMI's.

  • Analysis of an infected EC2 instance.
  • Building an IR 'flight simulator' in the cloud.
  • Creating a step function rulebook for instance isolation and volume snapshots.
  • lambda functions to perform instance isolation and status alerts.
  • Building forensic analysis playbook to extract key artifacts, run volatility and build case tracking.
  • Automated timeline generation and memory dump.
  • Storing the artifacts to S3 bucket.
  • On-demand execution of Sleuthkit instance for detailed forensic analysis.
  • Enforcing security measures and policies to avoid instance compromise.

6. Security Assessment Automation for cloud infrastructure

  • Introduction to cloud infrastructure security assessment.
  • Using scout for automated security assessment.
  • Analyzing report and plugging the holes.

CLASS REQUIREMENTS

  • Laptop with internet access
  • Free tier account for AWS
  • Basic understanding of cloud services
  • System administration and linux CLI
  • Able to write basic programs in Python

Register