Programs
Online Masters
  • Programmes endorsed by Nebrija since March 2025
  • Live online classes
  • October 2025
  • 11 months | 2 weekly live class sessions
  • Sin necesidad de conocimientos previos
Official master's degrees

Programas con titulaciones oficiales en Panamá, Colombia, Ecuador y México y convenios con UMECIT, SEP y Fundación Universitaria Los Libertadores.

  • Live online classes
  • October 2025
  • 11 months | 2 weekly live class sessions
  • Sin necesidad de conocimientos previos
Specialisations
  • Live online classes
  • October 2025
  • 3 months
  • Prior knowledge is required
Advanced Masters
  • On-campus / Online classes live
  • October 2025
  • Sin necesidad de conocimientos previos
Bootcamps

Programas intensivos

  • On-campus / Online classes live
  • October 2025
  • Entre 300 y 400h.
  • Sin necesidad de conocimientos previos
Advanced Programs
  • On-campus / Online classes live
  • Octubre / Noviembre 2025
  • Prior knowledge is required
Activities for Young Immuners

Programas extraescolares enfocados a acercar a los más jóvenes el mundo de la tecnología: programación, inteligencia artificial, electrónica, videojuegos, ciberseguridad, etc...

Courses
IMMUNE
About us
Events
What’s new?
Develop your tech career
Companies
Students
¿Cómo matricularte en IMMUNE?
Campus life
Students
Employability
Employability Referral scheme
We help you to get started
Menu

AWS Goat: The crossover between cybersecurity and the cloud

Cloud adoption means that the right cyber security configurations need to be in place in order to avoid vulnerabilities. To do this, you need to be able to identify them correctly.

The AWS Goat service enables simulations of attacks within the AWS environment to assess the security of the cloud infrastructure. This service makes it easier to understand common vulnerabilities in the cloud, so that the cybersecurity team can protect the organisation's critical data and services.

Carried out by Sofia Martinez | Marco Funes | Alam Pérez Aguiar | Emilio Ocejo

Qualification Cybersecurity Master

Technologies AWS Goat | GitHub | GitHub | Terraform Apply | NMAP | BurpSuite | AWS CLI | OWASP ZAP | SSH

What is the motivation?

Migrating from on-premise servers to the cloud means that security no longer only applies to the hardware and devices you have in your organisation, but extends to your chosen cloud environment. The provider is responsible for part of that security, but customers also have their share of the responsibility. In order to understand the weaknesses of this type of environment, services such as AWS Goat are used to simulate attacks and carry out a pentesting process to identify vulnerabilities and study possible solutions.

Program aims

  • Identify misconfigurations and OWASP vulnerabilities in the AWS Goat infrastructure.
  • Analyse the impact that the vulnerabilities found may have on the infrastructure.
  • Propose and validate solutions to mitigate vulnerabilities within the AWS environment.

Development

The cloud brings a new element that must be correctly configured in terms of cybersecurity. In order to understand this new environment in the most appropriate way possible, the following has been done:

  • Information gatheringIn order to find a vulnerability, it is crucial to collect as much information as possible about the entire environment. Scans of ports and services, enumerations of buckets, users and policies, as well as analysis of HTTP requests were performed.
  • Identification of vulnerabilitiesOnce the necessary elements were collected, detailed information on the files identified as sensitive was obtained. In parallel, we also worked on applications, intercepting and modifying them.
  • Exploitation of vulnerabilitiesThe weaknesses found were transformed into attack vectors, gaining remote access to servers, exploiting credentials to create users and modify policies, and exploiting vulnerabilities.

Results

Studying the vulnerabilities allowed various types of tests to be carried out to test the criticality of these weaknesses:

  • Injection of JavaScript code into search forms to manipulate sessions and steal credentials.
  • SQL injection into user input fields to gain unauthorised access to critical user data.
  • Manipulation of requests to access local files on the server, which collected AWS credentials, and enumerate users in EC2, which facilitated privilege escalation.
  • Accessing configuration files, exposing public keys, AWS credentials and critical configurations.
  • Manipulation of file paths to access internal files containing keys and settings.
  • Use of obtained credentials to create IAM users and modify policies in order to gain administrative permissions.

Conclusions

The audit revealed multiple critical vulnerabilities, especially in elements related to access controls, exposure of sensitive data and code injections. These required urgent mitigation by strengthening access policies and credential management. Strict recommendations and controls were also implemented, culminating in constant review and monitoring to ensure the continued protection of cloud resources.

Educational partners
AWS Partner NetworkDBS Dublin Business ShoolUmecitUmecitLiberatorsAlfaisalAsottechPueLatin America Leadership Program
Prizes and awards
AWS Skills to Jobs Tech AllianceLa Razón Award for Education in Technology and InnovationMember Digital Skills and Jobs CoalitionWhere to Study Excellence Education 2023Educational Excellence AwardsEuropean Excellence EducationGIMInstitute Innovation CatalystSustainable Supplier Training Programme
International allies
SICAMRECEmbassy of Colombia in SpainCITECAEIUEESSenescytMexicana de BecasIPFE
© IMMUNE Technology Institute. All rights reserved.
arrow-right