• Courses & Certifications

    Mobile Security

    Mobile Security Expert (IOS)

    This instructor-led training (ILT) course equips students with the knowledge and skills needed to effectively test and secure iOS applications.

    Mobile Security Expert (Android)

    This instructor-led training (ILT) course equips students with the knowledge and skills needed to effectively test and secure Android applications.
  • Teams & Enterprises

    Industry-leading Courses

    By partnering with leading platforms like Hack The Box, or collaborating with world-class instructors we have created cutting-edge, instructor-led cybersecurity courses based on industry-ready standards that are highly interactive, hands-on, and offer actionable knowledge to your team.

    See all Courses & Certifications
  • Company
  • Instructors
  • Blog
  • Contact us
Cart
Register
Sign in
AWS Security Specialist (HACKTRICKS ARTA)

Instructor-led course
(2 sessions)
€ 2.200

Elevate your Cloud Security Red Team skills.

This instructor-led training is your pathway to mastering red teaming operations and offensive security strategies in cloud environments.

I want to become a AWS Security Specialist (HACKTRICKS ARTA)

Fill in the following form and we'll notify you when registration opens.

You want to train your team?

Get a quote

Advance your Offensive Security knowledge.

This instructor-led training from Cyber Helmets provides a strong foundation in offensive security, focusing on core principles of cloud security and red teaming, with structured guidance, expert support, and walkthroughs to help you navigate challenging concepts confidently.

Starting with fundamental concepts, you will enhance your ability to conduct effective red team engagements in cloud environments. You’ll learn to spot and exploit common misconfigurations in AWS environments, while gaining a solid understanding of basic attack techniques, reconnaissance, and exploitation.

Through hands-on labs, you’ll learn to identify vulnerabilities, bypass basic security controls, and apply your skills in real-world scenarios. This course is designed to introduce aspiring security professionals to the world of red teaming and cloud exploitation, equipping you with the essential skills and knowledge necessary to begin performing red team operations. It will help you build a solid foundation in offensive security, setting you on the path to advancing your career in cybersecurity.

What You’ll Learn:
☁️ AWS reconnaissance and enumeration

☁️ Misconfiguration exploitation in AWS

☁️ Basic cloud attack techniques

☁️ AWS attack tools and frameworks

☁️ Bypassing AWS security controls

☁️ Hands-on cloud exploitation

☁️ Cloud red teaming basics

☁️ AWS post-exploitation introduction

Level:
Beginner to
Intermediate

Class schedule:
TBA

Duration:
2 days
(8h/day)

Start date:
TBA

Level:
Entry to intermediate

Class schedule:
TBA

Duration:
8 weeks (8h/week)

Start date:
November 18th

Ideal for:

Penetration Testers and Red Team Professionals

Defensive Security Personnel

System Administrators and Network Engineers

Course syllabus:

Course outline

Course led by:

Carlos Polop

Linkedin-in

Carlos Polop has a degree in Telecommunications Engineering with a Master in Cybersecurity. He has worked mainly as Penetration Tester and Red Teamer for several companies and has several relevant certifications in the field of cybersecurity such as OSCP, OSWE, CRTP, eMAPT, eWPTXv2, OSMR, ARTE, GRTE, AzRTE. He was captain of the Spanish team in the ECSC2021, member of Team Europe for the ICSC2022 and trainer of Team Europe for the ICSC2024. He has also spoken at several international conferences such as DEFCON31 and several ROOTEDCONs. Since he started learning cybersecurity he has tried to share his knowledge with the Infosec community by publishing open source tools such as PEASS and writing a free hacking book that anyone can consult at HackTricks and HackTricks Cloud

Ignacio Dominguez

Linkedin-in

Ignacio Dominguez is a Madrid based Cloud Security Engineer. Currently working at Circle as a Cloud Security Expert and with DevSecOps experience in several startups. Ignacio loves developing CTF challenges for competitions such as NahamCon, HacktivityCon and other mayor events. Passionate about hacking CI/CD systems and Cloud Native environments. He co-founded HackTricks Training offering quality Cloud Security certifications like AWS Red Team Expert, GCP Red Team Expert and Azure Red Team Expert.

Jaime Polop

Linkedin-in

Jaime Polop began his academic journey with a degree in Telecommunications Engineering from the Universidad Politécnica de Madrid, and later deepened his expertise by earning a master’s degree in cybersecurity from KU Leuven. His strong foundation in these disciplines paved the way for his role as a Cloud Specialist at Hacktricks Training. In addition, Jaime has distinguished himself by obtaining the prestigious ARTE, GRTE and AzRTE cloud certifications, underscoring his commitment to excellence and innovation in the evolving landscape of cloud computing and cybersecurity.

Opt-in now

Student Pack Includes:

> 30 day access to HackTricks’ labs and content.

> Access to 20+ hands-on labs to practice real-world attack techniques, reinforce your learning, and apply skills in a controlled environment.

> Αccess to course materials such as videos, slides, links to further reading, code snippets, lab exercises, etc.

> Certificate of completion from HackTricks

Overview:

Cyber Helmets instructor-led AWS Security Specialist course offers a structured and immersive learning experience in offensive security, combining expert guidance, walkthroughs, and support to help you master complex concepts with confidence.

The course includes 30-day access to HackTricks’ premium content—featuring 20+ hands-on labs that mirror real-world attack scenarios, along with videos and curated resources to deepen your understanding.

Upon completion, you’ll earn a certificate from HackTricks, validating your skills and practical experience in advanced red teaming techniques.

Join us now

I want to become an AWS Security Specialist (HACKTRICKS ARTA)

Fill in the following form and we'll notify you when registration opens.

FAQs:

Accordion Content

No, prior experience with cloud technology or AWS is not required to start the ARTA course. The curriculum is designed to familiarize you with the workings of AWS before delving into more complex topics.

The ARTA course is a comprehensive learning experience, which begins with instructor-led guidance covering the basics of AWS. This includes an understanding of the hierarchy of AWS organizations, privilege management, and the concepts of users, groups, and roles. This will ensure that you grasp the primary structure of AWS accounts.

As you progress, you’ll learn about both fundamental (IAM, KMS, STS, S3, EC2 etc.). You’ll understand their functions, how to enumerate them, and how to exploit them as an attacker. This learning will be facilitated through structured guidance, expert support, and walkthroughs to help you navigate challenging concepts.

For a comprehensive list of AWS services covered in the course, please refer to the course syllabus. With a solid understanding of AWS basics and techniques to compromise various AWS services, you’ll then explore methodologies for different scenarios:

Whitebox Methodology: Learn the HackTricks methodology for conducting a whitebox AWS assessment. This involves performing a thorough evaluation when given read-only access to a company’s accounts—a frequently requested service among companies.

BlackBox (Red Team) Methodology: Harness your understanding of AWS services to conduct an external assessment of a company’s AWS setup, escalating privileges wherever possible.

Towards the end of the course, you’ll be introduced to common AWS detection services like CloudTrail. Understand how these services work and learn strategies to bypass them, ensuring stealth during your Red Team assessments. You will practice these techniques in some hands-on labs.

To obtain the certification, it’s imperative to successfully clear all the hands on labs that assesses a comprehensive understanding of the AWS hacking techniques covered in this course.

While the original labs are designed to encourage self-guided exploration, Cyber Helmets instructor-led course provides structured guidance, expert support, and walkthroughs to help you navigate challenging concepts more confidently. All key methodologies are still covered through supplemental resources available at https://cloud.hacktricks.xyz. However, with the added benefit of instructor-led sessions, learners receive step-by-step insights and can ask questions in real time—ensuring a more supportive and interactive learning experience. This approach helps you not only complete the labs successfully but also truly grasp the techniques required for certification.

No, you don’t need to pass any exam to be ARTA certified, you just need to complete the course and the hands on labs and you will get your certificate.

The main difference between both certifications is that ARTE delves into more AWS services and has more hands-on labs, while ARTA is more focused on the basics of AWS and only the most common services.

No, it’s not. Access to both the course materials and the labs is activated at the same time. All access will be provided through Cyber Helmets once your enrollment is confirmed.

You will have 30 days of access to the labs as part of the course Student Pack provided through Cyber Helmets.

Yes, after successfully completing the hands on labs a PDF diploma with your name is provided. The diploma contains a QR code that can be used to verify its authenticity in training.hacktricks.xyz so fake diplomas can’t be created.

All the content of the HackTricks Training certifications were completely created by cloud security experts that have been doing cloud pentesting for more than 5 years and that have created these amazing courses and methodologies to make easier to other pentesters, security professionals or IT professionals to understand better how attacks work in the cloud.

Unfortunately we don’t record our sessions therefore you’ll need to catch up with the rest of the group. The support team can help you to catch up with the previous sessions and guide you on the materials that you need to read.

Subscribe to our insights and offers today!

Individuals

Teams

Cyber Helmets

Legal

2025 © Cyber Helmets, All rights reserved

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.