From Telemetry to Tradecraft: Hunting Adversaries in Multi-Cloud
As enterprises rapidly increase their adoption of multi-cloud ecosystems, this transformation has opened the door to a surge in adversarial activities targeting cloud infrastructures.
This workshop introduces a clear and practical threat-hunting approach designed for multi-cloud environments. It explains the challenges of securing different cloud platforms and highlights the common techniques and behaviors used by attackers targeting cloud ecosystems.
Attendees will learn how to spot cloud-focused attackers, create strong hunting hypotheses, and apply proactive detection methods across AWS, Azure, and GCP.
The workshop emphasizes the practical configuration of cloud-native services to enable centralized logging and monitoring across multiple cloud platforms, followed by hands-on threat-hunting exercises in a multi-cloud setting. It concludes with a live demonstration of an AI-driven, client-enabled threat-hunting scenario, showcasing how AI can enhance modern security operations and transform cloud defence capabilities.
Table of Content
01Introduction to Multi-Cloud Infrastructure
- Architectural Design and Components of Multi-Cloud Environments
02The Cloud Threat Landscape
- APT Groups Targeting Cloud Ecosystems
- Tactics, Techniques, and Procedures (TTPs) Used Against Multi-Cloud Environments
- Cloud Threat Matrix and Attack Mapping
03Logging and monitoring overview of multi cloud infrastructure
- Designing an Effective Cross-Cloud Monitoring Framework
04Hunting cloud targeted threats
- Building and Executing Cloud Threat Hunting Hypotheses
- Conducting Hunts for Adversaries Targeting Multi Cloud Infrastructures
AWS
- Credential Exposure & Access Key Leakage
- Abuse of IAM Roles for Lateral Movement
- Privilege Escalation via Misconfigured IAM Policies
- Unauthorized Permission & Policy Assignments
- Defense Evasion through Monitoring & Logging Manipulation
- Abuse of Compute Instance Credentials & Metadata Services
- Cloud Storage Discovery & Data Exfiltration
Azure
- Credential-Based Initial Access Techniques
- Identity & Session Hijacking Attacks
- Discovery of Externally Exposed Cloud Resources
- Abuse of Misconfigured Administrative Privileges
- Cross-Environment Lateral Movement
- Hybrid Identity & Federation Abuse
GCP
- Authenticated Cloud Resource Enumeration
- Privilege Abuse from Over-Permissive Roles
- Container & Kubernetes Workload Compromise
- Serverless Function Abuse
- Cloud Data Access & Exfiltration Techniques
05AI Driven cloud investigation and detection
- Vision for Futuristic Hunting Strategies
- Human intelligence with AI
- Configuration and integration of AI into threat hunting operations.
- Demonstration
Attendees Takeaway
Practical investigation workflows and operational knowledge
What to Expect
Hands-on exposure to cloud hunting and AI-assisted investigation
Prerequisite Note
Required environment setup before attending the workshop
- A system with a minimum of 16GB RAM and either VMware or VirtualBox installed
- Basic understanding of cloud concepts
- Free-tier accounts for AWS, Azure and GCP
- Note: A dedicated VM image will be shared with participants prior to the event.
Workshop Speakers
Experts & Mentors
Harisuthan S
Senior Security Engineer @ Renault Group
Harisuthan is a Security Engineer who thrives at the intersection of offense and defense, leveraging hands-on expertise in cloud security, threat hunting, digital forensics, and detection engineering to stay ahead of evolving threats.
From orchestrating purple team engagements and attack simulations to architecting scalable investigation methodologies, he brings a strategic and technical edge to securing enterprise and multi-cloud environments.