Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Breaking the Cloud Layer - Modern and Practical Attacks on AWS, Azure, GCP, Aliyun, Railway and Vercel - Anant Shrivastava & Riyaz Walikar - DCTLV2026
    Breaking the Cloud Layer - Modern and Practical Attacks on AWS, Azure, GCP, Aliyun, Railway and Vercel - Anant Shrivastava & Riyaz Walikar - DCTLV2026

    Breaking the Cloud Layer - Modern and Practical Attacks on AWS, Azure, GCP, Aliyun, Railway and Vercel - Anant Shrivastava & Riyaz Walikar - DCTLV2026

    Las Vegas 2026

    Name of Training: Breaking the Cloud Layer - Modern and Practical Attacks on AWS, Azure, GCP, Aliyun, Railway and Vercel
    Trainer(s): Anant Shrivastava and Riyaz Walikar
     Dates: August 10-11, 2026
    Time: 8:00 am to 5:00 pm 
    Venue: Las Vegas Convention Center
    Cost: $2,500

    Short Summary:

    A completely hands on, scenario driven, multi cloud offensive training where students learn how attackers discover, pivot, and gain control across legacy cloud environments like AWS, Azure, GCP, and Aliyun and over modern developer favorite clouds like Railway and Vercel using real world exploit chains instead of provider specific theory. Participants work in their own cloud accounts, break purpose built targets, and leave with both attack playbooks and practical hardening steps.

    Course Description:

    Cloud breaches rarely happen through a single mistake. Real attackers chain weaknesses across identity systems, storage services, metadata endpoints, serverless platforms, container infrastructure, and developer tooling until they control both data and cloud control planes. These attack paths increasingly span multiple providers and modern developer platforms.

    Breaking the Cloud Layer is a hands-on, offensive training that teaches how these real-world attack chains unfold across AWS, Azure, GCP, Aliyun, Railway, and Vercel. Instead of focusing on provider documentation or theoretical misconfigurations, the course walks students through practical attacker workflows used to discover exposed assets, abuse cloud integrations, pivot through infrastructure, and escalate privileges across environments.

    Participants deploy vulnerable but realistic targets into their own cloud accounts using provided Terraform projects. From there they execute guided attack scenarios including OSINT-driven cloud reconnaissance, storage and artifact exposure, SSRF exploitation against metadata services, credential harvesting, IAM privilege escalation, serverless abuse, managed database access, container and Kubernetes pivots, and cross-platform compromise through developer platforms and CI/CD integrations.

    Each attack scenario mirrors techniques used by real adversaries and is paired with concise defensive guidance so participants leave with practical attack playbooks and actionable hardening strategies. By the end of the training, attendees will understand how modern attackers move through cloud environments and developer platforms - and how to detect and stop those paths before they lead to full compromise.

    Course Outline:

    ## Day 1
    - Module 0: Orientation and Setup
    - Module 1: Multi Cloud Adversary Mindset
    - Module 2: Recon to First Foothold
    - Module 3: SSRF and Metadata Abuse
    - Module 4: Serverless and Data Tier Attacks
    - Module 5: Containers and Kubernetes

    ## Day 2
    - Module 6: Deep Cloud Native Abuse
    - Module 7: Azure Kill Chains
    - Module 8: AI and Over Privileged Integrations
    - Module 9: Developer Platforms with Multi Cloud Support
    - Module 10: Defenses That Actually Work
    - Capstone and Exam Preparation

    Difficulty Level:

    Intermediate to Advanced

    Suitable for people who have basic familiarity with security testing or cloud platforms and want to work through full, realistic chains. Not a cloud 101.

    Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

    Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.

    Suggested Prerequisites:

    Participants will benefit from:
    -    At least 1 year experience in penetration testing, cloud engineering, DevOps, SRE, or security engineering
    -    Basic Linux command line comfort
    -    Understanding of HTTP, DNS, and common web vulnerabilities
    -    High level familiarity with at least one major cloud provider (key services and console navigation)

    No prior multi cloud or Kubernetes expertise is required. Concepts are introduced in context.

    What Students Should Bring:

    -    Laptop capable of running a modern browser, SSH, and VPN if needed
    -    Stable Wi Fi support
    -    Ability to use external cloud services over HTTPS
    -    Personal or company provided accounts (with billing enabled and permissions for small lab resources) for:
      - AWS  
      - Azure  
      - GCP  
      - Aliyun  
      - Railway.com
      - Vercel

    Exact minimum permissions and quotas will be documented in advance.

    What the Trainer Will Provide:

    -    Terraform and configuration files to deploy all targets
    -    Detailed lab guides and walkthroughs for each scenario
    -    Cheat sheets for key commands and APIs
    -    Reference hardening checklists mapped to each attack path
    -    Post class access to lab definitions, so teams can recreate scenarios later

    Trainer(s) Bio:

    Anant Shrivastava is the founder of Cyfinoid Research and a long time offensive security practitioner with a focus on application, cloud, and supply chain security. He has delivered trainings and talks at Black Hat (USA, Europe, Asia), Nullcon, c0c0n, BSides, Rootconf and multiple other events, and runs projects such as Hacking Archives of India to highlight real work from the security community. His courses are built from real consulting and red team experience, with an emphasis on attack chains that actually show up in the field and defenses that teams can implement the next day.

    Riyaz Walikar is a seasoned security researcher, evangelist and offensive security expert with a wealth of experience across industry verticals and technologies. Riyaz has over 15 years of hands on offensive security experience focussing on Web, API, Mobile, Thick Clients, Systems, Internet facing and unreachable infra, Wireless, Cloud, Container, Kubernetes and more recently AI Agentic and MCP security. Professionally, Riyaz has run pentesting and research teams at Microland, PwC, Citrix, Appsecco and Kloudle in the past. He now does full time research and consulting on his own while continuing to mentor and teach at various events and conferences. When he isn't breaking things and looking under the hood of systems, Riyaz loves to stargaze, do photograhy, travel, google for easy weight loss solutions and crack really bad jokes to gain more followers.

    Proficiency Exam Option:

    This course has the option for a proficiency certificate add-on. 

    Proficiency is evaluated through a CFT Style exam with a dedicated lab with misconfigurations to be exploited. Students must extract flags and submit them to gain points, earning 60% for a passing score and 80% or greater for a merit score.

    Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

    Registration Terms and Conditions: 

    Trainings are refundable before July 11, 2026, minus a non-refundable processing fee of $250.

    Between July 11, 2026 and August 5, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

    All trainings are non-refundable after August 5, 2026.

    Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

    DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.

    $2,500.00