On This Page

Atomic DevOps: Container, Cloud, & Orchestration Exploitation

Stage 2 Security | March 20 - 21


Take your game to the next level with this hands-on introduction to exploiting AWS and Azure cloud environments. This course will cover red team tactics and penetration techniques applicable to the following scenarios:

  • Initial Access via AWS & Azure specific Services (e.g. S3, Lambda, etc…)
  • Container (e.g. Docker) Breakout Techniques
  • Lateral Movement through Kubernetes (K8s) environments
  • Attacks within Docker Swarm Clusters
  • Thoroughly Compromising DC/OS (Mesos) environments from top to bottom!

Other topics covered during this course include:

  • Recon of AWS & Azure services (e.g. S3, Lambda, etc…)
  • Post Exploitation within AWS Instances & Environments
  • AWS API Access Orientation & OPSEC
  • AWS Logging Disruption and Manipulation
  • Expanding Access within an AWS Account
  • Recon & Exploitation within DC/OS (Mesos) Clusters
  • Exploiting DC/OS Frameworks
  • Intro to Azure Specific Attacks
  • Expanding Access within an Azure Subscription
  • Unique Persistence Techniques within Azure Environments

All concepts taught during this course will be solidify through a hands-on capstone Capture The Flag (CTF) challenge!

Who Should Take this Course

This course assumes the student already has some basic penetration testing knowledge and that the student would like to learn more about how to apply penetration testing to cloud centric environments. This includes:
  • Red Teamers & Penetration Testers
  • Blue Teamers & Security Professionals, who wish to see the offensive side
  • Site Reliability Engineers (SREs) & System Administrators, who work with cloud technologies

Student Requirements

Students will need to bring to the class:
  • Access to an active Amazon Web Services (AWS) account with admin/root access before the class starts.
  • Access to an active Azure subscription with admin access before the class starts.
  • A laptop with admin access to install software with wired network support via an ethernet adapter.

Students should be comfortable:
  • Using Linux and SSH
  • Interacting AWS and Azure Consoles
  • With basic networking concepts and services (e.g. TCP/IP, DNS, DHCP, etc…)
  • Some python scripting knowledge is recommended, but not required.

What Students Should Bring

Students must:
  • Obtain access to an active Amazon Web Services (AWS) account with root/admin access.
  • Obtain access to an active Azure subscription with admin access.
  • Bring their own laptop, with admin rights to install software.
  • The laptop needs a wired network support with an ethernet adapter.
  • And the laptop needs USB 2 or higher support.

What Students Will Be Provided With

  • A detailed lab guide
  • A copy of all course slides


Bryce Kunz (@TweekFawkes) is an Information Security Researcher located in Salt Lake City, Utah, who specializes in exploiting cloud environments through R&D access vectors for key systems (e.g. containers, orchestration systems, web applications, etc…). As a security professional, Bryce has spent time at various agencies (i.e. NSA, DoD, DHS, CBP) and tech companies (i.e. Adobe) focusing on vulnerability research, penetration testing, and incident response. Previously, Bryce received an MBA from a NSA designated "Center of Excellence" Idaho State University (ISU) program with an emphasis in Information Assurance (IA) on a full academic scholarship from the National Science Foundation (NSF). Bryce holds numerous certifications (e.g. OSCP, CISSP, ...) and has spoken at various security conferences (i.e. BlackHat, DerbyCon, BSidesLV, etc...).