avatarDenise Banks

Summary

The article outlines five practical projects for gaining hands-on cybersecurity experience, focusing on AWS and Azure cloud platforms, penetration testing, web application firewalls, identity access management, and compliance auditing.

Abstract

The article "How to Build Real-World Experience in Cyber Security: Mini Home Labs and Practical Projects" provides guidance for technology students and professionals transitioning into cybersecurity. It emphasizes the importance of hands-on experience through five project-based exercises. These projects include setting up and penetration testing with AWS Goat and Azure Goat, configuring an AWS Web Application Firewall (WAF), managing Identity Access Management (IAM) in AWS, and conducting an audit with Prowler. Each project is designed to simulate real-world scenarios, allowing participants to apply theoretical knowledge in a practical setting, thereby enhancing their skills and making their resumes stand out in the competitive cybersecurity job market.

Opinions

  • The author believes that hands-on projects are crucial for applying theoretical cybersecurity knowledge.
  • Practical experience through projects like AWS Goat and Azure Goat is seen as a valuable way to learn penetration testing.
  • Setting up a web application firewall is considered an essential skill for protecting web applications in a cloud environment.
  • Managing Identity Access Management (IAM) is highlighted as a fundamental aspect of cloud security.
  • Conducting audits with tools like Prowler is recommended for understanding and improving compliance with security benchmarks.
  • The author suggests that documenting these projects on a resume can demonstrate practical skills and enhance credibility in the cybersecurity field.
  • Ethical guidelines and responsible use of skills are strongly emphasized throughout the article.

How to Build Real-World Experience in Cyber Security: Mini Home Labs and Practical Projects

Breaking into the field of cybersecurity can be challenging, especially when faced with the need for real-world experience. Certifications and lectures are valuable, but hands-on projects provide a unique opportunity to apply theoretical knowledge. In this article, we’ll explore five practical projects that tech students like myself and transitioning professionals can undertake to gain practical experience and enhance their resumes.

Project 1: AWS Goat — Hands-on Penetration Testing

AWS Goat

Objective: Deploy an infrastructure within AWS and practice penetration testing.

1. Set Up AWS Account:

  • Create an AWS account if you don’t have one.
  • Go to the AWS Marketplace and search for “Go Fish simulator.”
  • Choose the simulator by Hail Bites, subscribe (free for the first week), and configure.

2. Launch AWS Goat:

  • Follow the instructions to launch AWS Goat.
  • Configure VPC settings, ensuring a public subnet for effective testing.
  • Launch the instance and set up security groups.

3. Explore the Simulator:

  • Access the simulator through the provided URL.
  • Log in using the credentials (admin and instance ID).
  • Familiarize yourself with the dashboard and run simulated phishing campaigns.

Project 2: Azure Goat — Compromising Cloud Infrastructure

Azure Goat

Objective: Set up an entire infrastructure in AWS to simulate compromising an organization’s cloud infrastructure.

1. Fork Azure Goat Repo:

  • Fork the Azure Goat repository from GitHub.
  • Create AWS User:
  • Go to AWS IAM and create a user with admin privileges.
  • Obtain access key and secret access key.

2. Configure GitHub Secrets:

  • Set up access key and secret access key as GitHub secrets.

3. Run Terraform:

  • Use Terraform to deploy the Azure Goat infrastructure.
  • Choose module one (Blog application) for this project.

4. Explore and Attack:

  • Access the deployed infrastructure.
  • Utilize the provided attack manuals to simulate attacks and vulnerabilities.

Project 3: AWS WAF — Web Application Firewall Setup

AWS WAF Firewall

Objective: Set up a web application firewall within AWS to monitor web requests.

1. Configure AWS WAF:

  • Go to AWS WAF and create a web ACL.
  • Choose CloudFront distribution (even if not attaching to an application).

2. Define Rules:

  • Define rules for the web ACL, incorporating managed rule groups.
  • Explore available rule sets, such as those for fraud prevention and bot control.

3. Complete Setup:

  • Complete the setup, considering sampling options.
  • Test the configuration and explore additional features.

Project 4: Identity Access Management (IAM) in AWS

AWS IAM

Objective: Learn IAM concepts, create users, groups, and roles within AWS.

1. Navigate to IAM:

  • Access AWS IAM console.

2. Create Users and Groups:

  • Create IAM users (e.g., User1, User2).
  • Place users into groups (e.g., DemoGroup1, DemoGroup2).
  • Assign policies to groups (e.g., AdministratorAccess, ReadOnlyAccess).

3. Password Policy Management:

  • Set and manage password policies within IAM.
  • Configure password complexity requirements.

4. Review Changes:

  • Use AWS CloudTrail to review changes made in IAM.
  • Explore event history and understand recorded activities.

Project 5: Audit with Prowler in AWS

Prowler

Objective: Conduct an audit within AWS using Prowler, an automation tool for security checks.

1. Open AWS CloudShell:

  • Access AWS CloudShell for a command-line interface.

2. Install Prowler Dependencies:

  • Install Prowler dependencies using the provided commands.

3. Configure AWS Access:

  • Configure AWS access using aws configure with access key and secret access key.

4. Run Prowler Checks:

  • Run Prowler checks for a chosen compliance framework (e.g., CIS benchmarks).
  • Understand the automated results and identify areas of improvement.

5. Download Results:

  • Copy results to an S3 bucket for further analysis.
  • Download and review the comprehensive report generated by Prowler.

By completing these hands-on projects, tech students and transitioning professionals can gain valuable experience in cybersecurity, covering various aspects such as penetration testing, cloud security, web application protection, identity access management, and compliance auditing. Documenting these projects on your resume showcases practical skills and enhances your credibility in the cybersecurity field. Remember to always adhere to ethical guidelines and use these skills responsibly.

Successfully winning, one byte at a time 🚀

v/r

Denise B

Cybersecurity
AWS
Projects
Cloud Security
Information Technology
Recommended from ReadMedium
avatarStefan Bargan
Essential Tools for SOC Analysts

As a Security Operations Centre (SOC) analyst, having the right tools at your disposal is crucial for effective investigation, reputation…

3 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarTaimur Ijlal
5 Key Lessons From The Crowdstrike Outage

Will the world’s biggest IT outage change the tech landscape forever ??

5 min read
avatarSecureSlate
ISO 27001 Templates: Your Fast Track to Guaranteed Information Security

Build Your Security Shield with the Power of ISO 27001 Templates

10 min read
avatarAudrey's weBlog & reViews
Learning Networks with Linux: Bluetooth Hacking

Bluetooth is built into numerous gadgets that we use daily, e.g., computers, tablet PCs, smartphones, speakers, just to name a few.

7 min read
avatarMr_Architekt
Some Ugly Truths About Working in Cybersecurity And Nobody Have Told You.

From the ugly to the ugliest.

5 min read