Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT

Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This courses uses and teaches 4 primary tools:

  • CloudGoat
  • Pacu
  • ChatGPT

CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are.

In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu.

We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective.

This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths.

Christophe · August 14, 2023


  • Added [LAB] [CTF] PrivEsc via IAM Version Rollback

Course Content


Setting up our lab environment
Getting started with Pacu
IAM Privilege Escalation by Misconfiguration (Small / Easy)
Vulnerable Lambda (Small / Easy)
IAM Privilege Escalation by Rollback (Small / Easy)
Cloud Breach via S3 (Small / Moderate)
ECS Takeover (Medium / Moderate)
Wrap-up and Key Takeaways

About Instructor


11 Courses

Not Enrolled

Course Includes

  • 39 Lessons