WS-02

Home WorkshopsMulti-Cloud (AWS, Azure & GCP) Security [2025 Edition]

Multi-Cloud (AWS, Azure & GCP) Security [2025 Edition]

07-09 October, 2025

WORKSHOP ABSTRACT

CyberWarFare Labs 2025 updated workshop on "Multi-Cloud Security" aims to provide the trainees with the insights of the offensive / defensive techniques used by the Red & Blue Teams in an Enterprise Cloud Infrastructure. Learn from the creators of the renowned CWL RedCloud OS, a cloud adversary simulation VM, how to perform enterprise offensive / defensive operations.

As a Red Team / Penetration Tester:
Trainees will understand advanced real-world cyber attacks against major cloud vendors like AWS, Microsoft Azure, and GCP. Simulate Tactics, Techniques, and Procedures (TTPs) widely used by APT groups in a practical lab environment.

As a Blue Team / Defender:
Trainees will learn to identify and defend against various emerging threats in a multi-cloud infrastructure. Understand complex attack vectors & sophisticated compromise scenarios from a defensive mindset

PRE-REQUISITE

  •     System with at least 16GB RAM having VMWare Workstation PRO installed
  •     CWL RedCloud VM (NAT mode) With Internet Connectivity

WHY SHOULD PEOPLE ATTEND

  •     Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment
  •     Perform Red Team Attack Cycle in Simulated Enterprise Environment
  •     Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa
  •     Core Services Mapping / Enumeration / Exploitation
  •     Create custom tools to perform manual enumeration

PARTICIPANT'S REQUIREMENTS

  •     Fair Knowledge of Networking and Web Technology
  •     Familiarity with CLI
  •     An Open mind

*No prior Cloud knowledge is required.

WHO SHOULD ATTEND

Targeted Audience may include the following group of people:

  •     Penetration Testers / Red Teams
  •     Cloud Security Professionals
  •     Cloud Architects
  •     SOC analysts
  •     Threat Hunting Team
  •     Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud

How many years of practical experience would the ideal student have to get most out of this training?

Minimum 2-4 years in Penetration Testing Domain.

How many years of practical experience would the ideal student have to get most out of this training?

Minimum 2-4 years in Penetration Testing Domain.

What Students Will Be Provided With

  •     Soft Copy of the Course Content.
  •     Great Knowledge about the Offensive Cloud Techniques used by adversaries.
  •     Defense Tactics & Techniques against the discussed offensive techniques.

DURATION

Duration: 3 days

Trainer


Manish Gupta

Director, CyberWarFare Labs

Parth Agrawal

Security Researcher, CyberWarFare Labs

Day wise Training Plan

  • DAY 1 -
    • Part-1 : Introduction about Multi Cloud Environment
      • Module-1 : Introduction to Multi-Cloud Security
        • Identities
        • Resources
        • Permissions
        • People, Process & Technologies
      • Module-2 : Azure Cloud Environment
        • Azure Identity : Azure AD & RBAC
        • O365 / Microsoft 365
        • Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)
      • Module-3 : AWS Cloud Environment
        • Identity & Access Management
        • AWS Cloud Services (IaaS, PaaS, SaaS)
        • AWS SSO
      • Module-4 : GCP Cloud Environment
        • GCP Identity & Access Management
        • GCP Cloud Services (IaaS, PaaS, SaaS)
        • Google Suite / Workspace + Cloud Identity
    • Part-2 : Enumeration & Initial Access on Cloud Infrastructure
      • Module-1 : Unauthenticated Enumeration
        • Enumerating Information from DNS Records
        • Enumerating Information from Cloud Vendors
        • Leaked secrets from github
        • Enumeration storage & other information from OSINT
  • DAY 2
    • Part-2 : Enumeration & Initial Access on Cloud Infrastructure
      • Module-2 : Initial Access
        • Exploiting Cloud Services
        • Leaked Credentials
        • Compromising CI/CD pipeline
        • Compromising storage accounts
      • Module-3 : Authenticated Enumeration
        • AWS Services
        • Entra ID, O365, Azure Services
        • Cloud Identity, Google Workspace, GCP Services
    • Part-3 : Exploiting Hybrid Multi-Cloud Services
      • Module-1 : Enterprise Cloud Red Team Attack Cycle
        • Assumed Breach Methodology
        • AWS
        • Azure
        • GCP
      • Module-2 : Privilege Escalation
        • Elevating Privileges on AWS
        • Elevating Privileges on Azure
        • Elevating Privileges on GCP
  • DAY 3
    • Part-3 : Exploiting Hybrid Multi-Cloud Services
      • AWS
        • Exploit Lambda Function for Persistence & Privilege Escalation
        • Pivoting & Lateral Movement using AWS VPC
        • Post-Exploitation by abusing mis-configured AWS Services
        • Data Exfiltration from S3, RDS, STS & Secret Manager etc
      • Azure
        • Enumerating & Designing Attack Surface of Azure Cloud Services
        • Pivoting Azure Control Plane to the Date Plane
        • Stealth Persistence Access of Azure account by Service Principal
        • Privilege Escalation by abusing mis-configured Role Based Access Control
        • Mis-use Azure Authentication Methods [PHS, PTA, Federation]
      • GCP
        • Enumerating & Designing Attack Surface of Google Cloud Services
        • Enumerating & Exploiting Google Kubernetes Services
        • Post-Exploitation by abusing mis-configured Google Cloud Services
        • Privilege Escalation by exploiting mis-configured OAuth & IAM
        • Persistence Access of Google Cloud by Temporary / Permanent Access Token
    • Part-4 : CTF
      • Multi-Cloud Security CTF

*NOTE : Students will get FREE Access to 10 Days Lab Access & selected winners will get access to Premium CWL Course Materials*

Workshops

COMMUNITY PARTNERS

INDUSTRY CONFERENCE ALLIES