WORKSHOP

Cloud Breach Tactics: Enumeration to Initial Access

→By Chandrapal Badshah, Mohit Singh

Cloud Breach Tactics: Enumeration to Initial AccessBy Chandrapal Badshah, Mohit Singh

Description

The most valuable findings in modern penetration tests start with effective cloud enumeration. This workshop teaches techniques to discover cloud resources and gain initial access into AWS, GCP, and Azure environments. You'll learn methods used in professional cloud penetration testing and red team assessments. Whether you're a pentester, offensive security consultant, or bug bounty hunter, you'll gain the edge to discover high-impact vulnerabilities that others miss.

Most companies now use cloud services, creating a unique attack surface with its own security challenges. This workshop shows you how to find and exploit weaknesses in cloud environments.

In this 4-hour hands-on session, you will learn:

Enumerating Cloud Footprint
Public Resource Discovery
Exposed Secrets (and where to find them)
From Discovery to Access

The workshop includes real-world demonstrations and hands-on exercises. You'll get practical experience with the discussed tools and methods.

We'll end with an exciting Capture The Flag (CTF) challenge to apply everything you've learned during the workshop.

Ideal Audience:

This workshop is best for individuals aiming to break into cloud environments, including:

Pentesters Specializing in Cloud Security
Offensive Security Engineers
Cloud Security Consultants
Security Engineers
Bug Hunters

What to Expect:

Hands-on labs
Slides
CTF & Fun

What Not to Expect:

Mitigation against these attacks
Mastering cloud platforms - truly mastering multi-cloud takes time

Requirements:

Attendees need internet connectivity and personal laptops during the workshop. Prerequisites to setup before workshop will be shared a week before workshop.

SpeakerChandrapal BadshahIndependent Cloud Security Consultant

Chandrapal Badshah is a Cloud Security Researcher & Trainer. While his engineer mind secures cloud environments during the day, his research mind strives to find cloud issues (at scale) during the night. He has experienced security wearing different hats during his career - first as a Product Security engineer, next as a Security Research lead, and now as a person fully focused on Cloud and DevSecOps. He is an AWS Certified Security professional as well. He has been a trainer at x33fcon, BSides Delhi, co-trainer at BlackHat Asia and has given talks at community Meetups like null, OWASP and SecurityBoat. He blogs about his experiments and experiences at https://badshah.io

SpeakerMohit SinghCloud Security Engineer @ Meesho

A Cloud Security and DevSecOps practitioner with a strong track record of building and scaling cloud security programs from the ground up. With deep expertise in securing cloud-native architectures, automating security controls, and integrating security into the development lifecycle, I advocate for a security-first approach that balances protection with innovation. Throughout my career, I have helped organizations strengthen their security posture, mitigate risks, and achieve compliance while enabling scalable and resilient cloud environments. My work focuses on embedding security into every layer of the cloud, ensuring that security is not just a requirement but a fundamental enabler of business success.