HACK THE CLOUD – Exploiting AWS and Google Cloud for Fun and Profit
Register Now
Training Schedule
Jan 22, 2026 – Jan 24, 2026
9:00 AM – 5:30 PM (GMT+05:30)
Objectives of Training:
A hands-on focused, lab work driven training built on the identification, discovery and exploitation of misconfigurations in AWS and Google Cloud. The training will take participants through setting up of their own private customized environments, security misconfigurations within them and their exploitation to achieve attacker objectives.
- In a world where writing code and creating infrastructure is fast becoming a commodity, it is important to understand what weaknesses plague cloud environments that could lead to breaches. Identifying and exploiting misconfigurations in the cloud can lead to data loss, access to restricted execution environments and even in some cases complete control of the cloud account. This attacker focussed hands-on training will take the student through various curated scenarios based on real world penetration tests and breaches that have been made public to fully understand and unlock the hacker mindset required to perform these attacks on their own. As part of the training, students will learn to identify, enumerate, verify and exploit various cloud services in AWS and Google Cloud. This is accompanied by complete documentation and takeaways along with interesting stories from the trainers.
- Identifying, detecting and exploiting misconfigurations in AWS and Google Cloud across various services
- Brainstorming possible defenses that that can be applied to mitigate misconfigurations that could lead full compromises
- Creating and destroying cloud infrastructure using automation
- Security Engineers
- People interested in Penetration Testing and Cloud Security
- DevSecOps Professionals
- Cloud Engineers/Architects
- Basic knowledge of AWS and Google Cloud services
- Basic understanding of Security Testing concepts like SSRF, SQL Injection etc.
- SSH and simple bash commands like grep and cut
- Simple DNS commands like fetching the A record or CNAME record.
- A basic working knowledge of Kubernetes
- A Laptop with a modern OS Windows 11/OSX/Linux
- An up to date browser such as Chrome, Firefox
- Ability to connect to a wireless/wired network
- Activated cloud accounts would be required for AWS and Google Cloud. Please ensure a working card is added to avoid disruption. Both AWS and Google Cloud provide free credits and tier usage that will be enough for the training
- Powerpoint presentation PDFs that will have all the commands, screenshots, expected output etc.
Anant Shrivastava is the founder of Cyfinoid Research. He has experience in Security (both offense and defense), Development, and Operations. He has a rich history of engagement with renowned conferences as both a trainer and a speaker, including Black Hat (USA, Asia, EU), Nullcon, and c0c0n, among others. Anant leads open-source projects, notably the Tamer Platform and CodeVigilant, and curates the Hacking Archives of India. When not engaged in official work, Anant contributes to open communities with a shared goal of spreading information security knowledge, such as the null community, Garage4Hackers, hasgeek, and OWASP.
