Misconfigurations are the real zero-days in the cloud. This session focuses on patterns that cut across AWS, GCP, Azure, and others : misconfigured IAM roles, leaky metadata services, and over-permissive APIs. Instead of theory, we’ll focus on attack flows that actively get exploited in real-world scenarios, across providers. ## Learning Outcomes: - Identify shared attack surfaces across multiple cloud providers - Understand attacker playbooks that leverage misconfigs - Recognize configuration anti-patterns (what not to do) - Build a checklist of detection and prevention steps ## Audience Level Intermediate : The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic. ## Prerequisites: 1. Personal Laptop with unrestricted internet access 2. ⁠Google Account with Access to Google Cloud Console & Cloud Shell (ref: docs.cloud.google.com/shell/docs/launching-cloud-shell) 3. Discord Account for support Due to the short duration of workshop, we would not be able to provide trouble shooting support to students. if the systems dont work recommended approach would be to see how others are doing and later on after workshop they can try it.