On This Page

Automated Defense using Cloud Services for AWS, Azure and GCP

Appsecco | August 6-7


Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this training we will learn how to defend our cloud infrastructure using Serverless technologies and Elastic Stack. Elasticstack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.

The world is advancing towards accelerated deployments using DevOps and Cloud technologies. Automated defence will solve the modern world security challenges using near real-time alerting system, serverless technologies and centralised monitoring system.

Participants will get

  • Step by Step Gitbook covering the entire training (html, pdf, epub, mobi)
  • Custom Ansible Playbooks
  • Automated Defence Solution for AWS, Azure, GCP

Some of the topics and techniques covered will include (at a minimum):

Day one starts by setting the stage for automated defence by tackling Centralised Monitoring & Alerting System.

  • Understanding limitations of existing solutions
  • Setting & Hardening Elasticstack using Ansible Playbooks
  • Configuring Infrastructure to send logs
  • Attack patterns analysis and detection
  • Building attack monitoring dashboards
  • Setting up near real-time alerts (slack, email, etc.)

Day two focus on advancing the setup by adding serverless stack to defend against the Infrastructure based on the near real-time alerts to match DevOps speed.

  • Getting started with serverless
  • Deploying serverless stack for defence
  • Automated attack generation
  • Automated defence using serverless stack
  • Near real-time alerts & defence with different attack simulations
  • Defenders CTF with scenarios
  • Best practices and deployment strategies

We will be deploying mostly in Amazon Web Services, with some demonstrations on Microsoft Azure and Google Cloud Platform. But serverless defence code will be given for three clouds.

Who Should Take this Course

  • Security Engineers & Analysts
  • SOC Teams
  • DevOps Teams
  • Who is interested in automating security monitoring

Student Requirements

  • Able to use Linux CLI
  • Basic understanding of TCP/IP
  • Security Experience would be plus
  • Understanding about different cloud providers will be advantage

What Students Should Bring

  • Laptop with admin/root privileges for VM setup and wireless connectivity.
  • Students MUST sign up for AWS, Azure, GCP accounts before training begins.

What Students Will Be Provided With

  • Customised VM with all the required tools installed
  • Step by Step Gitbook covering the entire training (html, pdf, epub, mobi)
  • Custom Ansible Playbooks
  • Automated Defence Solution for AWS, Azure, GCP


Madhu is a security ninja, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike. Madhu's research papers are frequently selected for major security industry conferences including Defcon 24, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016 When he's not working with Appsecco's clients or speaking at events he's actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc. Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state.

Subash is a Security Engineer at Appsecco. As an avid security enthusiast and a passionate developer, he enjoys developing meaningful solutions to real world security problems. He is currently working on solving security problems at cloud scale and exploring solutions to improve intelligent automation using AI. During his free time, he loves to explore and research on new and upcoming technologies. Introduced to the world of security by null Open Security Community, he is on track to actively contributing back by presenting at various meetups and conferences and has given talks at null Bangalore and the Serverless Summit. He has also contributed to open source security tools such as OWASP Threat Dragon and DVNA.

Video Preview (Training Description Above - Top of Page)