Security BSides Las Vegas 2025

To make the workshop hands-on in the real sense all the trainees will be provided with Lab Access to the Multi-Cloud Environment. Lab Architecture is designed to cover all the attacks from both aspects that are demonstrated during the sessions.

DAY 1 (8 Hrs)

• Part-1 : Introduction about Multi Cloud Environment

• Module-1 : Azure Cloud Environment

  • Azure Identity : Entra ID & RBAC
  • O365 / Microsoft 365
  • Azure Cloud Services (VM, Storage, IaaS, PaaS, SaaS)

• Module-2 : AWS Cloud Environment

  • Identity & Access Management
  • AWS Cloud Services (IaaS, PaaS, SaaS)
  • AWS identity Center

• Module-3 : GCP Cloud Environment

  • GCP Identity & Access Management
  • GCP Cloud Services (IaaS, PaaS, SaaS)
  • Google Suite / Workspace + Cloud Identity

• Part-2 : Enumeration & Initial Access on Cloud Infrastructure

• Module-1 : Unauthenticated Enumeration

  • Enumerating Information from DNS Records
  • Enumerating Information from Cloud Vendors
  • Leaked secrets from github
  • Enumeration storage & other information from OSINT

• Module-2 : Initial Access

  • Exploiting Cloud Services
  • Leaked Credentials
  • Compromising CI/CD pipeline
  • Compromising storage accounts

• Module-3 : Authenticated Enumeration : IAM, Compute & Storage

  • AWS Services
  • Entra ID & Azure Services
  • Cloud Identity, Google Workspace, GCP Services

DAY 2 (8 Hrs)

• Part-3 : Exploiting Multi-Cloud Services

• Module-1 : Exploiting Multi-Cloud Services

  • AWS : cross account, within account
  • Azure : service principal, cross tenant, Entra ID
  • GCP : Access organization, Cloud Identity

• Module-2 : Privilege Escalation

  • Elevating Privileges on AWS
  • Elevating Privileges on Azure
  • Elevating Privileges on GCP

• Part-4 : Lateral Movement

• Module-1 : Within Multi-Cloud

  • AWS, GCP, Azure to each other

• Part-5 : Case Study (Multi-Cloud Red Team Simulation)

• Red Teaming in Simulated Multi-Cloud Lab (Initial Access to Data Exfiltration)

NOTE : Attendees do not require cloud accounts, they will get access to the seamless environment & have access to the environment for 15 days with a dedicated discord channel.

• Why should people attend your course?
• Practically Understand Enterprise Grade Red Team Operation Methodology in Multi-Cloud Environment
• Perform Red Team Attack Cycle in Simulated Enterprise Environment
• Stealth Lateral Movement Techniques in Multi-Cloud, Cloud to on-premise & vice-versa
• Core Services Mapping / Enumeration / Exploitation

• Create custom tools to perform manual enumeration

• Student Requirements :

• Fair Knowledge of Networking and Web Technology

• Familiarity with CLI

• An Open mind (*No prior Cloud knowledge is required).

• Who Should Take This Course ?

• Targeted Audience may include the following group of people:
• Penetration Testers / Red Teams
• Cloud Security Professionals
• Cloud Architects
• SOC analysts
• Threat Hunting Team

• Last but not the least, anyone who is interested in strengthening their offensive and detection capabilities in Cloud

• How many years of practical experience would the ideal student have to get most out of this workshop?

• Minimum 1-3 years in Penetration Testing Domain.

• What Students Should Bring?

• System with at least 16GB RAM having VMWare Workstation PRO installed

• CWL RedCloud VM With Internet Connectivity

• What Students Will Be Provided With?

• Soft Copy of the Course Content.

• Great Knowledge about the Offensive Cloud Techniques used by adversaries.
• Defense Tactics & Techniques against the discussed offensive techniques.