Skip to main content
back to List back
on this page

Pwn, Patch, Prove — A Red+Blue Masterclass on the Cloud-Native AI Kill Chain

live online
price $1,400
Neeraj
Intermediate / Advanced
2 Days
Cloud Security & Offensive Testing
Sat 28 Nov - Sun 29 Nov
price $1,400
Register


Online, Available in English

Topics:

  • Target tour + environment setup
  • Lab 01 — OS Command Injection (4 attacks)
  • Lab 02 — SQL Injection (4 attacks)
  • Lab 03 — Path Traversal / LFI (5 attacks)
  • Lab 04 — SSRF (3 attacks)
  • Lab 05 — Hardcoded Secrets (2 attacks)
  • Lab 06 — Public GCS Bucket (3 attacks
  • Lab 07 — Container Misconfiguration (3 attacks)
  • Lab 08 — Cluster RBAC (3 attacks
  • Lab 09 — GCP IMDS + IAM (3 attacks)
  • Lab 10 — AI Layer (5 attacks) Lab 11 — Full Attack Chain (7 steps) + harness acceptance
  • Blue-lab provisioning. Kubeadm bootstrap
  • Cilium CNI + Hubble (Phase 3)
  • Core security operators (Phase 4)
  • M1: Cilium IMDS deny + default-deny egress
  • M2: KubeArmor kernel-level enforcement
  • M3: Istio mTLS + AuthorizationPolicy + ratelimit
  • M4: Falco custom detection rules
  • M5: Vault + SealedSecrets
  • M6: GCS bucket hardening
  • M7: Kyverno admission 
  • M8: Pipeline rebuild (live demo)
  • M9: Envoy Lua AI output PII redaction + Cosign-attested RAG corpus


Overview

Modern cloud-native platforms ship AI features in months, not years — and they ship the entire five-layer attack surface with them. 

A single Python bug cascades into container root; container root hands over a Kubernetes
ServiceAccount token; the token reads cloud metadata; a cloud OAuth token reads every bucket in the project; and an LLM with tool-calling loops the entire chain back to remote code execution. A single adversarial prompt can now become cluster-admin. 

This two-day masterclass puts every attack in that chain in the student's hands on Day 1, and every defence in the student's hands on Day 2 — on a Kubernetes cluster they bootstrap, harden, and deploy to from scratch.

The class is engineered to a single binary acceptance gate: 42/42 PASS → 42/42 FAIL. 

On Day 1 every student personally executes 42 machine-verified attacks — OS command injection, SQL injection, SSRF-to-IMDS, public GCS bucket exfiltration, wildcard Kubernetes RBAC, stolen GCP OAuth tokens, prompt injection against Vertex AI Gemini 2.5, RAG poisoning, LLM tool-call RCE, and a 7-step full chain that closes the loop from Python back to the model. A PowerShell harness records evidence, tags each attack with the GCC control it breaches (SAMA-CSF, NCA-ECC, NCA-CCC, PDPL), and produces a reproducible audit log. 

On Day 2 the same student bootstraps a 2-node Kubernetes cluster on Ubuntu 22.04, installs the full defensive stack (Cilium eBPF, Kyverno + OPA, Istio with STRICT mTLS, SPIFFE/SPIRE, SealedSecrets + Vault, KubeArmor kernel enforcement, Falco detection, Harbor + Tekton + ArgoCD, full observability), and runs the same harness against the cluster they built — it now returns PASS: 0 FAIL: 42.

Every command is copy-paste runnable. Every defence is mapped to the exact red-team row it neutralises. 

Every finding carries an audit artefact — Kyverno admission log, Cilium drop flow, KubeArmor block event, Falco alert, Cosign attestation — that a GCC financial regulator (SAMA, NCA, SAMA-CSF) will accept as evidence.

Students leave with two log files, a signed audit zip, and the muscle memory to rebuild the
same pipeline against any GitHub URL in their own organisation on Monday morning.

 

By the end of this course, the participant will be able to: 

  • Map any cloud-native stack to the 5C model (Code · Container · Cluster · Cloud · AI) and enumerate the typical attack surface at each layer.
  • Chain a single application-layer bug through all five layers to cluster-admin and cloud-project-editor, reproducibly, in under 10 minutes, with documented evidence.
  • Exploit the three dominant LLM vulnerability patterns — prompt injection, tool-call RCE, RAG poisoning — live against a Vertex AI Gemini 2.5 backend.
  • Bootstrap a 2-node Kubernetes cluster from bare Ubuntu with encrypted etcd, CIS Kubernetes Level 2 baseline, Cilium eBPF CNI, Istio mesh, and full observability in under 60 minutes.
  • Apply nine progressive layers of defensive controls — admission (Kyverno/OPA), network (Cilium), mesh (Istio+SPIFFE), kernel (KubeArmor+AppArmor), detection (Falco), secrets (Vault+SealedSecrets), cloud (GCS+CMEK+VPC-SC), pipeline (Tekton+Cosign+ArgoCD), AI output (Envoy Lua + Cosign attestation) — and measure each layer's exact impact on the 42-row harness.
  • Design a one-URL-in secure CI/CD pipeline that takes any GitHub repository as input and enforces nine blocking gates: SAST (Semgrep + Snyk), secrets (Gitleaks), SCA (Trivy + Grype), image SBOM (Syft), image signing (Cosign), admission policy (Kyverno), cluster posture (kube-bench + kube-hunter), runtime (KubeArmor + Falco).
  • Produce audit-ready evidence artefacts — Kyverno admission logs, Cilium Hubble drop flows, KubeArmor block events, Falco rule-match alerts, Cosign attestations, signed SBOMs, Tekton pipeline runs — mapped
    attack-by-attack to SAMA-CSF, NCA-ECC, NCA-CCC, PDPL, CIS Kubernetes Benchmark, OWASP Top 10,
    OWASP LLM Top 10, NIST SP 800-190, and SLSA L3 controls.
  • Articulate, with a named log line, why every single red-team attack fails on the hardened cluster — the "Red ↔ Blue Control Matrix" is the class's signature one-page deliverable.
  • Leave with two machine-verifiable log files (baseline_pass.log showing 42/42 PASS on Day 1; blue_team_42_fail.log showing 42/42 FAIL on Day 2) and a packaged audit_evidence.zip that together constitute a regulator-grade audit artefact.
  • Continue practising post-class via 90-day access to the lab environment, monthly new-attack challenges for 6 months, and permission to reuse the harness + manuals + bootstrap scripts inside the student's own organisation for 12 months.