Official Website link
WS1-03 | March 24 (Tue) 10:00-11:30 | 5F | Workshop | Consecutive Translation
Workshop Overview
Misconfigurations are the real zero-days in the cloud. This session focuses on patterns that cut across AWS, GCP, Azure, and others: misconfigured IAM roles, leaky metadata services, and over-permissive APIs. Instead of theory, we’ll focus on attack flows that actively get exploited in real-world scenarios, across providers.
Learning Outcomes
- Identify shared attack surfaces across multiple cloud providers
- Understand attacker playbooks that leverage misconfigs
- Recognize configuration anti-patterns (what not to do)
- Build a checklist of detection and prevention steps
Audience Level
Intermediate — The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.
Prerequisites
- Personal Laptop with unrestricted internet access
- Google Account with Access to Google Cloud Console & Cloud Shell (reference)
- Discord Account for support
Due to the short duration of the workshop, dedicated troubleshooting support is not provided. If your system does not work, the recommended approach is to observe how others are progressing and try again after the workshop.
Event Information
- Event: Security Days Fall 2026 (Tokyo)
- Session Code: WS1-03
- Date & Time: March 24, 2026 (Tue) 10:00-11:30
- Venue: Tokyo Venue (5F)
- Format: Workshop
- Translation: Consecutive translation available
- Instructor: Anant Shrivastava | Founder, Cyfinoid Research
- Official Site: Security Days Fall 2026