Conquer the cloud: Master offensive security strategies

OffSec Learning Path: Offensive Cloud Security

Outsmart attackers and proactively defend your cloud assets (data centers, infrastructure, applications, and more). Delve into sophisticated cloud penetration testing, CI/CD pipeline exploitation, and container escape techniques. Learners will:

  • Uncover and exploit complex cloud vulnerabilities

  • Harden cloud configurations for maximum resilience

  • Skillfully analyze and remediate cloud-specific threats

Hero image for Conquer the cloud: Master offensive security strategies

One of three cloud security Learning Paths

Outsmart cloud-based attacks

This Learning Path goes beyond fundamental practices, transforming you into a cloud security specialist. Master advanced cloud reconnaissance, CI/CD attack techniques, and countermeasures for container escapes.

Who is this Learning Path for?

  • Penetration testers eager to specialize in cloud environments
  • Security teams seekings to address cloud-specific weaknesses
  • Ambitious learners ready to master advanced offensive cloud security

Learning objectives

  • Master cloud-native attack vectors and secure cloud configurations.
  • Identify and leverage CI/CD weaknesses for tactical offense.
  • Learn to break out of containers and gain control of underlying systems.
  • Implement robust authentication and authorization in the cloud.
  • Understand and prevent deserialization-based attacks and cloud applications.

Key modules in the Offensive Cloud Learning Path

Public Cloud Reconnaissance - External Probing

  • Identifying public cloud resources online by reconnaissance of DNS attributes, discovering publicly shared resources, and some examples of techniques to abuse the CSP API to obtain more information about the target.

Attacking CI/CD: Leaked Secrets to Poisoned Pipeline

  • Discover a web application using an insecure S3 bucket. From the S3 bucket we'll discover credentials in a leftover git folder which gives us access to giteat. From there we'll find a Jenkinsfile which we can exploit. The final exploit will result in full compromise of the environment.

Attacking CI/CD: Dependency Chain Abuse

  • By discovering custom build dependencies in an application, we'll discover a method to inject malware into the dependency which will be executed in production. From production, we'll find a vulnerability in Jenkins which will get us access to the entire environment.

Cloud Reconnaissance - Post-Compromise - IAM

  • This module will analyze the procedures and techniques involved in reconnaissance and enumeration once an attacker gets an initial access of compromise to a CSP account.

Attacking CI/CD: Insufficient Flow Control

  • We'll start by finding a git server with registration open. From there we'll discover builders for some docker images. We'll insert malware into the docker images which will be pushed to production.

Container Escapes: Information Gathering, Host Interaction, Sensitive Data Exposure

  • Gathering the required information which will be used to escape out of a container.

Offensive Cloud overview




hours of content (approx.)



Offensive Cloud

Earning an OffSec Learning Badge

Showcase your growing secure coding proficiency! Upon completing 80% of the Offensive Cloud Learning Path, you'll receive an exclusive OffSec badge signifying:

  • Specialized expertise: In-depth cloud vulnerability identification and mitigation
  • Industry recognition: Adds a powerful OffSec credential to your skillset
  • Hands-on mastery: Proven ability to execute cloud security techniques in practice

 Why train your team with OffSec?

Cloud-specific focus

Skills honed for real-world cloud security challenges

Attacker's edge

Understand the exploiter's mindset to build proactive cloud defenses

Ahead of the curve

Stay updated on cutting-edge cloud attack trends

Start learning with OffSec


Learn <br/>Unlimited Learn <br/>Unlimited



Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.

Large teams

Learn <br/>Enterprise Learn <br/>Enterprise


Get a quote

Flexible terms and volume discounts available.


Learn Unlimited provides individuals and organizations with unlimited access to the OffSec Learning Library. This includes all courses, content and learning paths. Learners also receive unlimited exam attempts and time in any of our hands-on lab environments.

What’s included

1 year of access to unlimited courses & content

Unlimited exam attempts during your subscription

365 days of lab access

1 year of unlimited access to all fundamental content and OffSec curated Learning Paths

PEN-103 + unlimited KLCP exam attempts

PEN-210 + unlimited OSWP exam attempts

3 downloads of course material



  1. Public Cloud Reconnaissance - External Probing
  2. Public Cloud Reconnaissance - Post-Compromise - IAM
  3. Attacking CICD Leaked Secrets to Poisoned Pipeline
  4. Attacking CICD Insufficient Flow Control
  5. Attacking CICD Dependency Chain Abuse
  6. Container Escapes Information Gathering
  7. Container Escapes Interacting with the Host
  8. Discovering Exposed Docker Sockets
  9. Discovering Exposed Kubernetes Dashboards

What prerequisites are necessary for this Learning Path?

What specific cloud security skills will I develop?

Does this path cover the latest cloud security trends?

How is OffSec's cloud training different?

Start your journey today



Ideal for

Fewer than 10 learners

Buy now

Have questions? Contact sales



Ideal for

10 or more learners

Contact sales
Graduation cap icon colored in with a gradient fading from purple to teal

New to cybersecurity want to get educated on fundamental content before signing up?

Check out Cyberversity - our free resource library covering essential cybersecurity topics.

Learn more