Geek Freak

OAWSP Exam Review

Feb 26, 2024
4 minute read

Hi Everyone,

I’m back with a blog post, sharing my experience about CloudBreach.io Breaching AWS Course & Offensive AWS Security Professional (OAWSP) Certification.

  • I took the 30 Days Breaching AWS Course, it comes with Course Content PDF , One OAWSP Exam Attempt.

About the Course Content

  • Contains Course Content PDF of 150 Pages.

  • Detailed Information about each AWS Services that is used in the Labs.

  • Solution to the Lab Exercises.

Course Access

  • Access to CloudbBreach Portal and Breaching AWS Lab Credentials are sent via email after enrollment.

  • Web Browser Based Access from Anywhere (Stable Internet Connection)

Breaching AWS Labs

  • The Course showcases more than 40 AWS different resources/services including 20 cloud specific attack vectors and remediation.

  • The Breaching AWS labs simulate a fictional corporation “TwoCapital” hosting its infrastructure on the AWS environment.

  • Based on past cloud breaches the challenges have a variety degree of difficulty and solving them will lead to the total compromise of the target cloud environment.

  • The aim is to breach “TwoCapital” company and move laterally, exploit weak AWS configurations/policies and find a way to compromise the super secure Amazon Relational Database Service (RDS).

  • The Lab also contains all the Necessary Tools that are required to solve the Labs under /Desktop/Tools/ Folder.

  • There are around 27 Flags in the course, on completion you will receive the Certificate Of Completion Breaching AWS.

CloudBreach Portal

  • From the CloudBreach Portal -> My Account -> Book an Exam , provide the CloudBreach Student ID as well to Book the Exam.

  • Allows you to purchase Lab Addons and Exam Re-Take vouchers.

  • This is also the portal where we have to Submit the flags.

OAWSP Exam

  • It’s a 24 Hours Practical Exam, You will be given a Cloud Environment Access.

  • You will get the details about the Exam Objective and How to Access the Exam Cloud Environment in the email.

  • The exam is based on the material taught during the Breaching AWS course.

  • Also it’s not straight forward like the labs, so you need to Google Little Bit and do your own research sometime of time during the exam.

  • Upon solving the exam objective.you will have another 24 hours to submit a brief report.Send the report to exam@cloudbreach.io.

  • By passing the exam candidates are awarded the OAWSP Digital Badge.

My Experience

  • Enrolled for the Breaching AWS Course on Jan 12th, 2024, received a form where we need to Provide the Start Date of the Lab.

  • On Jan 14th 2024 early morning, i received my lab access, it also contained the CloudBreach Lab Rule Do’s & Don’ts.

  • I Started the Lab around Jan 15th 2024 and was able to complete the labs within Few Days, since i had worked on solving AWS Cloudgoat before.

  • CloudBreach portal contains Set of Quiz, upon solving the lab you will be able to answer the quiz questions (these quiz are considered to be flags).

  • The Course Content PDF contains all the necessary information required to Solve the Labs, Starting from Unauthenticated AWS Enumeration to Compromise the Infrastructure using the misconfigurations.

  • I was very confident by solving the labs and Scheduled the exam on Feb 23rd 2024 around 7.15 am.

  • Received the email instructions with Exam Objective and access to Exam Environment. The Exam Objective was just Few Lines, i was like Let’s Do this!

  • The Inital Foothold just took couple of mins to get some information from Unauth AWS Enumeration, After that i did a small stupid mistake took 3 hours to move laterally in the infrastructure.

  • After gaining root privilege in a system i was happy thought the exam is over. checked with the CloudBreach Team confirmed that i was still at the Starting Stage of the exam.

  • Further enumeration led me into a Rabbithole and stuck there for sometime.

  • Took some break and came back, started to check all my commands and notes from scratch. Found that i missed something which was easier.

  • Able to Enumerate further and solve the Exam Objective and Complete the exam around Feb 24th 2 am,

  • I started to prepare the exam report around 2.30 am and completed around 6.30 am (30 Pages) Exam report includingly all the detailed steps how i was able to compromise and complete the exam objective.

  • Took a Nap for a while and reviewed the report in the evening.

  • Sent the Exam report on Feb 24, 5:30 PM, CloudBreach Team is Very Fast they reviewd my report and sent me the results within 15 mins.

  • I got my Exam Result at Feb 24, 5:45 PM that I have successfully Passed Offensive AWS Security Professional (OAWSP) Successfully.

Final Thougths about OAWSP

  • If you are looking for Intense 24 hours Exam Pattern with Real World Cloud Misconfiguration, you surely go ahead for OAWSP.

  • CloudBreach Discord Server is quite active, there they share about the New Cloud Misconfigurations, Trending Topics and New Tools in Cloud Security.

  • Support System in CloudBreach is pretty fast and quick.

  • The Difficulty level of the Exam is Intermediate, if you don’t prepare well for the exam it will be hard to clear.

  • I personally find it Worth the Money compared to other AWS Cloud Certifications in the Current Market.

Thanks a lot for reading !!!.

Reference

How to get into cloud security - Breaching AWS
Breaching AWS - cloudbreach.io
Intro To AWS Enumeration – Part 1

Related Posts

Subfinder Unleashed

Maximizing Subdomain Discovery with SecurityTrails

Patch Diff

Reviewing Code Changes

No One Talks About !

Gratefulness, Imposter Syndrome & Burnout

AWS Misconfigurations

Deep Dive into AWS Cloud Security

Reconnaissance

Red Teamer Perspective

Vishing

Social Engineering Tactics to Convince Victims

Phishing

Set-up and run a Phishing Campaign using GoPhish

Hopper Disassembler

Bypassing Jail Break Detection

How I was able to revoke your Instagram 2FA

Bypassing Rate Limit using IP Rotation

Dependency Confusion

The Story of Supply Chain Attack