Hacking And Securing Cloud Infrastructure (Online)
Training Overview
Hacking and Securing Cloud Infrastructure is a deep, hands-on training at CSA XCON 2026, Dehradun, designed to modernize cloud security skills for today’s rapidly evolving threat landscape.
As organizations increasingly rely on cloud platforms for critical workloads, misconfigurations and identity abuse remain the leading causes of cloud breaches. This training uses a defense-by-offense approach, teaching participants how real attackers exploit cloud environments and, just as importantly, how to fix those weaknesses.
Over an intensive, lab-driven program, participants will work across AWS, Microsoft Azure, and Google Cloud Platform, gaining practical experience in attacking, defending, auditing, and hardening cloud infrastructures using real-world techniques.
About the Training at CSA XCON 2026
This training is built for practitioners who want real skills, not theory. The syllabus is continuously updated based on in-the-wild attacks, modern cloud services, and offensive research.
Key highlights include:
- Strong focus on IAM misconfigurations and identity abuse
- Hands-on exploitation and remediation across all major cloud providers
- Realistic cloud labs that mirror production environments
- Equal emphasis on attacking and securing cloud infrastructure
- Capture-the-Flag challenge to validate skills
This training aligns with CSA XCON’s focus on practical, job-ready cloud security expertise.
Who Should Attend
This training is ideal for:
- Cloud administrators and architects
- Penetration testers and red teamers
- SOC, CSIRT, and blue team professionals
- Developers working on cloud-native applications
- Security and IT managers responsible for cloud risk
It is suitable for both hands-on practitioners and technical decision-makers.
What You Will Learn
Cloud Security Foundations
- Cloud computing concepts and why cloud security is different
- Shared responsibility model and legal considerations for cloud testing
- Attacker view of cloud metadata APIs
Cloud Enumeration & Reconnaissance
- DNS-based cloud asset enumeration
- OSINT techniques for discovering cloud attack surfaces
- Username and identity enumeration using cloud provider APIs
Cloud Attack Surfaces
- IaaS, PaaS, FaaS, and CaaS attack surfaces
- Risks introduced by virtual machines, serverless functions, containers, and managed services
Attacking Cloud Storage
- AWS S3, Azure Storage, and GCP Storage misconfigurations
- Abuse of Shared Access Signatures (SAS)
- Data exposure and access control failures
Attacking Microsoft Azure & Entra ID
- Azure application attacks (App Service, Functions, Storage)
- Azure Key Vault and Automation Account abuse
- Microsoft Entra ID authentication risks
- Managed identities, MFA bypass techniques, and Conditional Access abuse
- Dynamic group membership and identity protection monitoring
Attacking AWS Environments
- IAM policy evaluation and shadow admin permissions
- IAM identity and resource-based policy abuse
- Role enumeration and privilege escalation
- EC2 metadata and instance attribute abuse
- Cognito, Lambda, API Gateway, ECR, ECS, and VPC misconfigurations
- AWS Organizations and delegated administration risks
Attacking GCP Environments
- IAM roles, service accounts, and authentication models
- Compute Engine, Cloud Storage, App Engine, and IAP
- Cloud Functions, Pub/Sub, Cloud Run, and databases
- IAM impersonation and secrets management
- Container Registry security
Hardening & Revisiting Misconfigurations
- Fixing real-world Azure, AWS, and GCP misconfigurations
- Validating security improvements in hardened environments
Cloud Defense & Detection
- Asset discovery and hybrid cloud inventory
- Least privilege enforcement and budget-based protections
- Metadata API protection techniques
- Monitoring and detection using cloud-native tools
- Automated response and remediation workflows
Cloud Auditing & Benchmarking
- CIS benchmarks and cloud security baselines
- Automated audits for cloud and container images
- Windows and Linux IaaS auditing
Capture the Flag (CTF)
Timed cloud security challenge to reinforce learning
Training Experience & Expectations
- Highly hands-on, with ~65% of time spent in labs
- Individual lab environments for each participant
- Real-world attack and remediation workflows
- Case studies and guided discussions with expert trainers
Participants will leave with the ability to identify, exploit, and fix cloud security weaknesses confidently.
Skill Level
Intermediate
Participant Requirements
Participants should have:
- 1.5+ years of cybersecurity experience
- Familiarity with command-line tools
- Minimum 8 GB RAM and 30 GB free disk space
- Support for running virtualization tools
Apple systems are not recommended due to virtualization limitations.
What Participants Will Receive
Each participant will receive:
- Certificate of completion
- Extended access to cloud lab environments post-training
- Continuing Professional Education (CPE) credits
- Comprehensive learning pack with guides and cheat sheets
Trainers
This training will be delivered by an experienced cloud penetration tester and security trainer, with a strong background in offensive cloud security and a history of delivering advanced trainings at leading global cybersecurity conferences.