● HANDS-ON WORKSHOP

Cloud, k8s & CI/CD Trust Hardening

Discover defensive and offensive strategies for Cloud Least Privilege, Key Management, and Secure CI/CD in an intensive 2-day hands-on cloud security workshop.

Register now

DATE

Feb 19-20, 2026

DURATION

3pm-9pm, CET

FORMAT

Live online

Cyber Helmets and HackTricks Training are collaborating to develop and deliver an exclusive online hands-on cloud security workshop, focused on applying least-privilege at scale, securing key-management operations, and preventing common cloud-pivoting techniques across Cloud (AWS, Azure, and GCP.), Kubernetes and CI/CD pipelines. 

● WHAT YOU’LL DO

What you’ll work on

Harden cloud identities

Review how IAM works across AWS, Azure, and GCP, and understand why the lack of least-privilege configurations remains the most common cloud security issue.

Implement least-privilege at scale 

Learn how to use modern and novel tools to design, validate, and enforce least-privilege configurations in AWS IAM, Azure RBAC, and GCP IAM. 

Reduce misconfiguration risk with KMS 

Explore how Key Management Services operate across cloud providers and learn how to secure encryption keys against misuse, abuse, and privilege escalation. 

Real-world cloud attack case studies 

Analyze real-world cloud attacks involving credential abuse and secret exposure, and replicate defensive techniques in a controlled environment. 

Defend CI/CD pipelines 

Harden CI/CD pipelines to prevent unauthorized deployments, supply-chain attacks, and credential leakage across build and deployment workflows. 

Detect cloud pivoting and protect Kubernetes

Understand pivoting techniques used in compromised cloud environments and apply security controls to Amazon EKS and Kubernetes clusters to prevent lateral movement and privilege escalation. 

● AGENDA

Your 2-day training journey

Day 1

Multi-Cloud IAM Hardening
→ Least-privilege principles
→ Permission boundaries, service accounts, and role-based access
→ Common IAM anti-patterns and how to fix them

Secure Key Management
→ How AWS KMS, Azure Key Vault, and GCP Cloud KMS work
→ Preventing key misuse and enforcing separation of duties
→ Monitoring and auditing key-management activities

Day 2

Secure CI/CD and Supply-Chain Defense
→ Locking down secrets, roles, and pipeline permissions
→ Preventing unauthorized pipeline execution and image tampering

Kubernetes & EKS Security
→ Understanding cloud pivoting risks in compromised clusters
→ Hardening nodes, IAM roles, and network boundaries
→ Implementing detection for lateral movement patterns

Final Assessment – Recap & Hands-On Lab

● INSTRUCTORS

Meet the instructors

Carlos Polop

Security researcher, telecommunications engineer and creator of HackTricks with extensive experience in penetration testing, red teaming and cloud security tools.

Ignacio Dominguez

Cloud security engineer and co-founder of HackTricks Training, currently working as a cloud security expert with DevSecOps experience.

● WHAT YOU’LL GAIN

What you’ll gain
  • → A deep understanding of misconfiguration risks across major cloud platforms
  • → Practical skills for detecting and preventing cloud abuse scenarios
  • → Knowledge of secure key-management architecture and how to protect encryption keys
  • → Tools and frameworks for monitoring CI/CD workflows for integrity and policy enforcement
  • → Hands-on experience applying defensive configurations to AWS EKS clusters
  • → Confidence in identifying and mitigating cloud-pivoting behaviors

● REQUIREMENTS & PREREQUISITES

Requirements
  • → Create an account at HackTricks Training (access provided as part of the workshop)
  • → Basic familiarity with at least one cloud provider (AWS, Azure, or GCP)
  • → Understanding of IAM principles
  • → Use of CLI
  • → Optional: Kubernetes basics

● BOOK YOUR SEAT

Step into the arena

Join Cyber Helmets & HackTricks Training for an intensive two-day, hands-on workshop on cloud security.

Book your seat
€800 (plus VAT)
What's included:
  • 2 days of live interactive training (6h/day)
  • Hands-on HackTricks Training Labs (AWS, Azure, GCP)
  • Certificate of Completion to showcase your expertise
  • Post-training reference materials
Register now
Workshop full syllabus and preparation details will be sent to all registered participants prior to the event.

Privacy Policy   |   Payments & Refunds

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.