Cybersecurity, learned like a practitioner.

24 learning paths · 398 modules live · every lesson written by someone who has shipped the control or run the engagement. Free to start.

24
Learning paths
398+
Live modules
0
You've completed
Free
Your tier
Browse the academy

Attacker Mindset — Cloud · modules

Shared responsibility reality, IAM sprawl, metadata endpoints, K8s + serverless + supply chain, data exposure, cloud-specific detection.

20 results · Page 2/2
Filtering: Track: Attacker Mindset — Cloud × Clear all →
Attacker Mindset — Cloud Beginner Members

Module 1 · The Shared Responsibility Illusion

Cloud providers secure infrastructure; customers secure configuration. Every breach happens on customer side.

Apr 22, 2026 60 min Open
Attacker Mindset — Cloud Intermediate Members

Module 2 · Cloud IAM — Where Most Breaches Live

Wildcard permissions, iam:PassRole privesc, cross-account trust, Pacu, PMapper. IAM is the hardest part of cloud security.

Apr 22, 2026 75 min Open
Attacker Mindset — Cloud Intermediate Members

Module 3 · Metadata Endpoints — Still the Killer Chain

169.254.169.254, Capital One, IMDSv1 vs v2, container metadata, K8s service accounts. SSRF → cloud takeover.

Apr 22, 2026 75 min Open
Attacker Mindset — Cloud Advanced Members

Module 4 · Cross-Account Trust Attacks

Overly broad Principal, confused deputy, External ID, Azure Lighthouse. MSSP compromise cascades.

Apr 22, 2026 90 min Open
Attacker Mindset — Cloud Advanced Members

Module 5 · Kubernetes — The Platform That Multiplies Attack Surface

Pod → node → cluster, service account tokens, RBAC paths, exposed kubelet/etcd. kube-hunter, peirates.

Apr 22, 2026 90 min Open
Attacker Mindset — Cloud Advanced Members

Module 6 · Serverless — New Surface, Not Smaller Surface

Lambda role credential theft, event source injection, dep vulns, supply chain. Serverless shifts attack surface.

Apr 22, 2026 90 min Open
Attacker Mindset — Cloud Advanced Members

Module 7 · Cloud Supply Chain — CI to Production

Codecov, CircleCI, SolarWinds patterns in cloud. OIDC federation, least-priv deploy roles, pinned artifacts.

Apr 22, 2026 90 min Open
Attacker Mindset — Cloud Intermediate Members

Module 8 · Public Data Stores — The Classic

Public S3, open GCS, anonymous Azure Blob. Continues in 2026 despite a decade of awareness.

Apr 22, 2026 75 min Open
Attacker Mindset — Cloud Advanced Members

Module 9 · Cloud Detection — Different Telemetry, Different Rules

CloudTrail, Activity Log, Audit Log. Identity-first detection. GuardDuty/Defender/SCC. Maturity model.

Apr 22, 2026 90 min Open
Attacker Mindset — Cloud Expert Members

Module 10 · Multi-Cloud — The Complexity Tax

Per-cloud skill, divergent defaults, N × CSPM. Multi-cloud without investment = weaker overall security.

Apr 22, 2026 90 min Open
02 / Why learn here

Practitioners who've
shipped the controls.

Every module is written by someone who has built the defence or run the engagement. No repackaged tutorials, no generic theory.

Why learn here

01

Practitioner-written.

Each lesson is authored by someone who has shipped the control or run the engagement in production.

02

Quiz after every module.

20+ questions with explanations. 70%+ to mark complete. Unlimited retries.

03

Progress tracked.

Completions, scores and streaks saved automatically. Resume exactly where you left off.

04

India-priced.

Start free. ₹499/mo for intermediate. ₹4,999/yr for advanced. No hidden fees, ever.

Pick a path, get to work.

Browse all 398 modules View skill map