Book a meeting
Cart
Register
Sign in

Rethinking Cloud Trust in 2026: Key takeaways from our Cloud, k8s & CI/CD Trust Hardening workshop

Cloud security in 2026 demands more than configuration checks. As cloud environments scale across Kubernetes and CI/CD pipelines, trust boundaries become the real attack surface. Discover the key takeaways from our hands-on Cloud Trust Hardening workshop on identity risk, least privilege, and securing modern cloud pipelines in practice.

 

Cloud environments in 2026 are more distributed, automated, and interconnected than ever. Identities span services, CI/CD pipelines deploy continuously, and Kubernetes clusters power critical workloads across managed and self-managed environments on AWS, Azure, and GCP.

 

In this landscape, security challenges don’t come from a single weak point. They emerge from how trust is configured, inherited, and sometimes overextended across systems.

 

During our recent Cloud, K8s & CI/CD Trust Hardening workshop, delivered in collaboration with HackTricks Training, we focused on how these trust relationships are abused in real-world scenarios, and how teams can systematically harden them.

 

Through hands-on labs and practical exercises, participants explored identity misuse, least-privilege design, key management exposure, CI/CD weaknesses, and Kubernetes trust boundaries in action.

 

Below are the key takeaways from the session:

 

 

 

Cloud Security Today: It’s about trust boundaries

Cloud platforms are built on dynamic identity relationships between users, services, roles, pipelines, and workloads. The workshop reinforced a central theme: Trust relationships, not just vulnerabilities, define your real attack surface.

 

Participants explored how:

  • Over-privileged identities quietly expand risk
  • Implicit trust inside CI/CD pipelines creates lateral movement paths
  • Kubernetes role bindings often exceed operational necessity
  • Key-management missteps undermine otherwise secure architectures

 

Understanding where trust is placed is the first step toward hardening it.

 

 

 

Least privilege must be enforced, not assumed

Across AWS, Azure, and GCP, least privilege is widely recommended, but rarely fully implemented.

Through guided labs, attendees applied:

  • IAM scoping and role restriction
  • Service account hardening
  • Controlled delegation patterns
  • Practical privilege boundary enforcement

 

The key realization: Least privilege is not a configuration setting. It’s an ongoing discipline.

 

 

CI/CD pipelines are a core attack surface

CI/CD systems sit at the center of modern cloud environments. Without proper isolation and strict permission boundaries, pipeline misconfigurations can lead to rapid privilege escalation or infrastructure compromise.

 

The workshop examined:

  • Excessive trust in build systems
  • Token misuse scenarios
  • Pipeline privilege escalation paths
  • Policy enforcement inside deployment workflows

 

For many participants, this reframed CI/CD from “DevOps tooling” to “security control plane.”

 

 

Kubernetes hardening requires context, not just controls

Kubernetes environments often appear secure on paper, until real-world privilege chaining is demonstrated.

 

Hands-on exercises focused on:

  • RBAC scope analysis
  • Namespace isolation strategy
  • Pod privilege reduction
  • Preventing lateral movement and cluster pivoting

 

The takeaway: Hardening Kubernetes isn’t about adding more controls, it’s about aligning privileges with operational intent.

 

 

Practical labs build defensive confidence

Theory explains risk. Labs reveal how it actually unfolds. Participants engaged with realistic scenarios designed to mirror how trust is exploited in live cloud environments. Applying configurations directly inside lab environments helped bridge the gap between understanding risk and mitigating it in practice. Confidence comes from doing, not observing.

 

 

 

Cross-cloud patterns matter

Although AWS, Azure, and GCP implement controls differently, trust failure patterns repeat across platforms:

  • Identity misuse
  • Over-scoped permissions
  • Implicit trust in automation
  • Weak secret and key lifecycle management

 

Security teams must think in patterns first, platforms second.

 

 

What security teams can apply immediately

From this workshop, teams can take forward:

  • Stronger identity scoping practices
  • More rigorous CI/CD access reviews
  • Kubernetes privilege auditing
  • Improved key management architecture
  • Better detection of identity abuse and cloud pivoting behaviors

 

These are not theoretical improvements, they are actionable changes applicable to live production environments.

 

 

 

Why this matters now

As cloud environments grow more automated and interconnected, trust expands faster than teams realize. Hardening cloud infrastructure today requires understanding how offensive techniques intersect with defensive architecture. The ability to see both perspectives, attacker workflow and defensive control, is what separates reactive security from resilient security.

 

 

 

What’s next

The Cloud, Kubernetes & CI/CD Trust Hardening workshop demonstrated that modern cloud defense is not about adding more tools, it’s about redesigning trust.

 

If your team is navigating complex cloud environments and wants to move beyond checklist security, future sessions will continue to explore practical, hands-on approaches to hardening modern infrastructure.

 

Stay tuned for upcoming workshops from Cyber Helmets × HackTricks Training.

SHARE:

Syllabus:

Intro to GCP

  • GCP Hierarchy
  • Google Workspace
  • gcloud config
  • Basic Hacking Techniques

Exploitation of GCP Services

  • IAM
  • KMS
  • Secrets 
  • Storage
  • Compute Instances & VPC
  • Cloud Functions
  • CloudSQL
  • Pub/Sub
  • App Engine
  • Google APIs
  • Cloud Shell

Methodologies

  • White box

Security Services

  • GCP Logging & Monitoring

Syllabus:

Intro to AWS

  • AWS Organization
  • AWS Principals
  • Basic Hacking Techniques

Exploitation of AWS Services

  • IAM
  • STS
  • KMS
  • Secrets Manager
  • S3
  • EC2 & VPC
  • Lambda
  • RDS
  • SQS
  • SNS

Methologies

  • White box

Common Detection Mechanisms

  • CloudTrail

Syllabus:

Azure Basics

  • Azure Organization
  • Entra ID
  • Azure Tokens & APIs
  • Basic Enumeration Tools

 

Exploitation of Azure Services

  • Entra ID IAM
  • Azure IAM
  • Azure Applications
  • Azure Key Vault
  • Azure Virtual Machine & Networking
  • Storage Accounts
  • Azure File Share
  • Azure Table Storage
  • Azure SQL Database
  • Azure MySQL & PostgreSQL
  • Azure CosmosDB
  • Azure App Service
  • Basic Azure Research Technique
  • Azure Function Apps
  • Static Web Apps
  • Azure Container Registry
  • Azure Container
  • Instances, Apps & Jobs
  • Azure Queue
  • Azure Service Bus
  • Azure Automation Account
  • Azure Logic Apps
  • Azure Cloud Shell
  • Azure Virtual Desktop

 

Methologies

  • White box
  • Black box
  • Pivoting between Entra ID & AD

 

Common Detection Mechanisms

  • Azure & Entra ID Logging & Monitoring
  • Microsoft Sentinel
  • Microsoft Defender for Cloud & Microsoft Defender EASM

Fundamentals and Setup

  1. Overview of Android’s architecture and ecosystem dynamics.
  2. Exploration of security features native to Android using Java, Kotlin, C++, and Rust.
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on Android.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including certificate validation and pinning.
  • Cryptography in Android apps
    a) Utilization of Android’s Crypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of biometrics.
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
  • Android IPC
    a) Detailed exploration of Intents, deep links, Binders/services, and broadcast receivers.
  • Webviews
    a) Identifying and resolving common security issues in Android Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an Android app.
    b) Identifying known vulnerabilities within these components.
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Advanced Techniques and Practical Application

  • Mobile penetration testing methodology
    a) Methodologies used in real-world scenarios with practical tips and tricks.
  • Identifying issues with backend APIs
    a) Examination of client-side trust issues.
    b) Analysis of insecure communications including App Transport Security issues & certificate pinning.
  • Cryptography in IOS apps
    a) Utilization of iOS’s CryptoKit & CommonCrypto APIs.
    b) Implementation of native cryptography using libraries like libnacl and OpenSSL.
    c) Management of cryptographic keys and leveraging the secure enclave.
  • Authentication and Authorization
    a) Testing client-side authentication mechanisms, including secure usage of Local Authentication (biometrics).
    b) Strategies to detect and bypass authentication flaws.
    c) Security measures for API authentication.
    d) Using Device Check and App Attest
  • iOS IPC
    a) Detailed exploration of URL schemes, deep (universal) links, and extensions.
  • Webviews
    a) Identifying and resolving common security issues in iOS Webview configurations.
  • Software Composition Analysis (SBOM)
    a) Techniques to determine the components of an iOS app.
    b) Identifying known vulnerabilities within these components.
  • Implementing App Integrity
    a) What to look for
    b) How to implement
  • Mobile Device Management (MDM)
    a) Introduction to Mobile Device Management: definition, core features, and its role in enhancing organizational security.
    b) Discussion on the benefits and practical applications of MDM in controlling and securing mobile devices across an enterprise.
  • Mobile Application Management (MAM)
    a) Overview of Mobile Application Management: what it entails and its significance in enterprise environments.
    b) Exploration of how MAM contributes to managing and securing applications specifically, detailing its utility for enterprise security strategies.

Fundamentals & Setup

  1. Overview of iOS’s architecture and ecosystem dynamics.
  2. Exploration of security features native to to iOS using Objective-C, Swift, and C(++).
  3. Mobile Application Threat Model
    a) Differences between mobile and web application threat models.
    b) Applying threat modeling techniques specifically to mobile applications.
    c) Case studies highlighting potential threats and vulnerabilities.
    d) How do we secure and test cross platform apps (e.g. ReactNative, Xamarin, etc).
  4. Introduction to industry mobile security standards
    a) OWASP Mobile Application Security (MAS) project
    b) Effective usage of the Mobile Application Security Verification Standard (MASVS).
    c) Effective usage of the Mobile Security Testing Guide (MSTG).
    d) Overview of the OWASP top 10 for mobile.
  5. Setting up and preparing a mobile security testing lab
    a) Configuration of industry-standard tools and guidance on their appropriate use.
    b) Setup of virtual mobile devices using Corellium, including its advantages.
    c) Introductory exercises to familiarize with the tools.
  6. Secure Coding Overview
    a) Exercises to identify vulnerabilities in iOS code examples
    b) Discussion of the appropriate mechanisms for remediation
    c) Practical session on remediation and re-testing the app
  7. Secure storage
    a) Overview of application storage mechanisms.
    b) Introduction to cryptographic storage solutions on iOS.