Course Overview
Cloud infrastructure has become the backbone of modern organizations — and with that shift comes an entirely new attack surface. This course teaches you how to think like an adversary operating inside AWS, Azure, and Google Cloud Platform environments, exploiting misconfigurations, weak IAM policies, and insecure service integrations that defenders routinely overlook.
You will work through real-world attack scenarios: enumerating cloud resources without triggering alerts, escalating privileges through IAM role chaining, escaping containers to compromise the underlying host, exfiltrating data via storage misconfigurations, and pivoting across cloud-native services. Every module is paired with hands-on labs in live cloud environments — not simulations.
By the end of this course you will be able to conduct end-to-end cloud penetration tests, produce findings that resonate with both engineers and executives, and articulate remediation paths that actually reduce risk.
Prerequisites
Familiarity with Linux command line, basic networking (TCP/IP, HTTP), and general penetration testing methodology is required. Prior exposure to any cloud platform (AWS, Azure, or GCP) is helpful but not mandatory — the course begins with cloud fundamentals before progressing to offensive techniques.
Training Modules
- Shared Responsibility Model
- Cloud Threat Landscape
- Attack Surface Overview
- Pentest Scoping For Cloud
- IAM Enumeration
- S3 Bucket Discovery
- Unauthenticated Metadata Exposure
- Pacu Framework Setup
- Privilege Escalation Via Policy Misconfigurations
- Role Assumption Chains
- PassRole Abuse
- Credential Harvesting
- Lambda Abuse
- EC2 SSRF To Metadata Service
- RDS Exposure
- Secrets Manager Access
- SSM Command Execution
- Cross-account Pivoting
- Backdoor IAM Users/roles
- Lambda Persistence
- CloudTrail Evasion
- Azure AD Enumeration
- Resource Graph Queries
- ROADtools
- BloodHound For Azure
- Exposed Storage Accounts
- Service Principal Abuse
- Managed Identity Exploitation
- Conditional Access Bypass
- Token Theft And Replay
- Key Vault Access
- Logic Apps Abuse
- App Service Misconfigurations
- Automation Account Runbooks
- Subscription Pivoting
- Backdoor App Registrations
- Azure DevOps Pipeline Hijacking
- Gcloud Enumeration
- Service Account Key Discovery
- GCS Bucket Exposure
- Metadata Server Abuse
- Service Account Impersonation
- Token Scopes Abuse
- Workload Identity Federation Exploitation
- Cloud Functions Injection
- Cloud Run Abuse
- GKE Cluster Access
- BigQuery Data Exfiltration
- Docker Socket Abuse
- Privileged Container Breakout
- Namespace Escapes
- Image Poisoning
- Unauthenticated API Server
- RBAC Misconfiguration
- Pod Privilege Escalation
- Etcd Data Extraction
- Node Compromise
- Event Injection
- Function Chaining Attacks
- Environment Variable Extraction
- Cold-start Timing Attacks
- S3/Blob/GCS Bucket Misconfiguration
- Object ACL Bypass
- Pre-signed URL Abuse
- Data Exfiltration Channels
- Security Group Misconfigurations
- VPC Peering Abuse
- Cloud-native SSRF
- Internal Service Enumeration
- CloudTrail/Stackdriver Bypass
- Living-off-the-land In Cloud
- Alert Suppression
- Low-and-slow Techniques
- Cloud Pentest Report Writing
- Risk Scoring For Cloud Findings
- Remediation Guidance
- Executive Summary