Cloud Security
AWS, Azure, GCP, Kubernetes — IAM, posture, hardening, audits.
Scenario Brief: How Post-Quantum TLS Could Roll Out Across UPI Infrastructure
Tabletop-ready forecast: an illustrative roadmap for ML-KEM-based hybrid TLS across UPI switch-to-issuer links and the CIO action plan around cryptography inventory.
Cloud SecurityScenario Brief: Pod Escape via Cgroup Namespace TOCTOU — A Containerd Threat Model
Tabletop-ready scenario: a hypothetical containerd pod-escape via TOCTOU race. Why baseline Pod Security Admission is no longer enough and what to harden.
AcademyModule 23 · Serverless Security — Functions, Event Sources, API Gateway
The serverless threat model What you no longer manage: OS patches, container runtime, network firewall (mostly). What becomes more critical: function code,…
AcademyModule 21 · Cloud Workload Protection (CWPP) — VMs, Containers, Serverless
CWPP vs CSPM CSPM CWPP Configuration of cloud resources What is running on those resources Public buckets, broad SGs, unencrypted volumes Malware,…
AcademyModule 22 · Kubernetes Security at Production Scale
The four production K8s domains Cluster security: API server, etcd, kubelet, control plane hardening. Workload security: Pod Security Standards, admission control, runtime…
AcademyModule 19 · Cloud Security Posture Management (CSPM) at Production Scale
What CSPM tools do Connect to cloud accounts via API; continuously enumerate resources and configurations; check against benchmark rules; report findings. Tool…
AcademyModule 20 · Securing Multi-Cloud Architectures
Why organisations go multi-cloud Resilience against single-provider outage. Regulator preference (RBI may prefer certain providers for specific workloads). Best-of-breed (Azure for M365…
AcademyCASB and SaaS Data Governance
CASB modes (forward proxy, reverse proxy, API), SaaS-to-SaaS OAuth governance, shadow-IT discovery, sensitive-data inventory across 200+ SaaS apps, and the rollout pattern…
Cloud SecuritySSRF Beyond AWS: GCP, Azure, On-Prem and DNS Rebinding
SSRF attack surface beyond AWS metadata — GCP and Azure metadata endpoints, on-prem internal services (Redis, Elasticsearch, Kubernetes API), DNS rebinding bypass,…
Cloud SecurityKubernetes Pentest: Top 10 Misconfigurations We Find in Indian Production
The 10 Kubernetes misconfigurations we routinely find — default ServiceAccount tokens, privileged containers, hostPath, broad RBAC, insecure API server, unencrypted etcd, no…