CLOUD VILLAGE @ DEF CON Bahrain
5th - 6th Nov 2025

Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.

ABOUT

Cloud village is an open space to meet folks interested in offensive and defensive aspects of cloud security. The village is home to various activities like talks, workshops, CTFs and discussions targeted around cloud services.

If you are a professional who is looking to gain knowledge on securely maintaining the cloud stack and loves to be around like-minded security folks who share the similar zeal towards the community, Cloud Village is the perfect place for you.

Cloud Village will be in-person at DEF CON, Arab International Cybersecurity Conference (AICS) at Exhibition World Bahrain from 5th to 6th November 2025

Hope to see you all there!

Schedule

+

11:30 - 12:00

TALK | STRIDE or Die - An AI's Guide to Threat Modelling in the Cloud

+

Speaker: Tanzeel Rehman

Venue: Room C16, Talks/Labs Area

Abstract:

Traditional threat modelling is broken. In the high-stakes, tightly regulated world of financial services, it’s a bottleneck—slow, inconsistent, and struggling to keep pace with agile development in the cloud. As a Cloud Security Architect at a major UK bank, I saw this problem firsthand. So, I decided to do something about it. On my own. This talk is the story from the trenches of developing a prototype for an AI-assisted cloud threat modelling program. I’ll dive deep into the Retrieval-Augmented Generation (RAG) architecture I built, the dark art of data chunking for complex corporate and regulatory documents, and the prompt engineering required to make an LLM think like a paranoid security architect. I'll share my scars and my wins: from the AI hallucinating compliance controls during a crucial early demo, to uncovering subtle risks a human might miss. You'll walk away with a practical blueprint for how to leverage AI to augment your security practice, a clear-eyed view of the challenges involved, and the story of how a grassroots project can build a defensible, auditable, and scalable threat modelling process that actually works. It's time to get the buy-in.

Speaker Bio:

Cloud Security Architect at Lloyds Banking Group with a pivotal role in securing the UK financial sector. My career is defined by the intersection of advanced cybersecurity and law, holding both an LL.B. and a call to the Bar of England and Wales (2019). This dual expertise allows me to build and assess security frameworks that are resilient by design and compliant by default.

In my current role, I advise on the security posture of the bank's most critical infrastructure, including cloud infrastructure and solution. I collaborate with and guide senior leadership, fellow architects, and engineers to ensure our strategy effectively mitigates risk.

+

12:15 - 14:15

LAB | Breaking Boundaries: Multi-Cloud Red Teaming through Misconfigurations

+

Speaker: Syed Modassir Ali

Venue: Room C16, Talks/Labs Area

Abstract:
Cloud boundaries aren’t walls—they’re doors waiting to be misconfigured. In this workshop, we’ll follow the path of an adversary who starts with a vulnerable applications and pivots into through weak trust policies and misconfiguration. Along the way, we’ll explore persistence tricks, exfiltration, and map each step to MITRE ATT&CK. Attendees will walk away with a red team playbook on how small missteps create massive multi-cloud compromises—and how to spot them before attackers do.

Outline:
1. Introduction: Cloud and Red Teaming 101 and Why multi-cloud misconfigurations are dangerous Quick overview of the attack chain MITRE ATT&CK mapping.
2. Introduction to Identity and Access Management in AWS and Azure.
3. Azure Labs- Starting with a vulnerable applications Enumerating roles and permissions Identifying overly permissive access Extracting secrets.
4. AWS Labs – Starting with a vulnerable lambda function and enumerating IAM Roles, policies and misconfigurations with the final objective of extracting secrets.
5. Map each attack step to MITRE ATT&CK and
6. Wrap-Up & Defense - Discuss on detection opportunities.

Prerequisites:
- Attendees should have a basic understanding of cloud platforms (AWS, Azure), core IAM concepts, and networking fundamentals (IP addressing, routing, firewalls).
- Familiarity with penetration-testing ideas and comfort using command-line tools will help, and participants should bring a laptop with the aws cli, az cli and powershell installed. A modern browser and a stable internet connection.
- Access to Powershell to follow along the Azure labs and aws cli to follow along on the AWS labs.
- The workshop is aimed at beginners with some security exposure to cloud. Level: Intermediate.

Speaker Bio:
Syed Modassir Ali is a Red Team Security Engineer with experience in adversary simulations, penetration testing, and exploit development across cloud and enterprise environments. He has spoken at REDCON, OWASP JGEC, DEFCON DC9111, BSides Pune, and Null meetups, and has been actively associated with Cloud Village for the past two years. A passionate community contributor and multiple-time CTF champion, he holds advanced certifications including OSCP, OSED, OSEP, CRTO, and CARTP, and focuses on offensive security research to help organizations understand and defend against modern attack paths.

+

09:30 - 11:30

LAB | Kubernetes: Attack and Defense

+

Speaker: Neeraj Godkhindi

Venue: Room C16, Talks/Labs Area

Abstract:

The 'Kubernetes: Attack and Defense' lab is an interactive, hands-on learning environment designed to teach Kubernetes security from a practical perspective. Participants will step into the shoes of both an attacker and a defender to understand common vulnerabilities, exploit misconfigurations, and implement robust security controls. The lab covers foundational secure design principles and walks through the OWASP Top 10 for Kubernetes, providing a comprehensive and engaging way to master container orchestration security.

Outline:

Module 1: Tools Installation

Get hands-on with essential open-source security tools. Learn to install and configure Falco (threat detection), KubeArmor (runtime enforcement), Cilium (eBPF networking), Kyverno (policy management), and Istio (service mesh).

Module 2: Secure Design Principles

Explore core security concepts through practical labs. Implement the Principle of Least Privilege with RBAC, Minimize Attack Surface with Network Policies, layer controls for Defense in Depth, and establish a Zero Trust network with mTLS.

Module 3: Top 10 K8s Vulnerabilities

Dive into the most common real-world misconfigurations and attack vectors. Each lab presents a vulnerability—from misconfigured RBAC to container escapes—and guides you through both exploiting it and fixing it.

Prerequisites:

· Conceptual Knowledge: A basic understanding of Kubernetes concepts, including Pods, Services, Deployments, and Namespaces.

· Technical Skills: Familiarity with using the command line (shell) and the kubectl utility.

· Containerization: A basic grasp of what containers (e.g., Docker) are and how they work.

· Security Background: No prior security expertise is required. This lab is designed to build your security knowledge from the ground up.

Speaker Bio:

Neeraj is a seasoned security researcher with 15 years of experience in cyber security from Bengaluru, India. He is specialized in conducting cyber security research and training in DevSecOps, Kubernetes security, and exploit development. He worked in prestigious organizations such as Daimler, Bosch, IBM, and EY.

+

12:00 - 14:00

LAB | Owning AWS with PACU: Adversary Simulation in the Cloud

+

Speaker: Mohamed AbuMuslim & Ziad Hammad

Venue: Room C16, Talks/Labs Area

Abstract:

This hands-on lab will walk participants through the full lifecycle of attacking AWS environments using PACU a powerful open-source AWS exploitation framework. From compromised credentials to full account takeover and data exfiltration, attendees will learn how attackers abuse misconfigurations and permissions in real-world scenarios.

The session includes live demonstrations and step-by-step guidance as we simulate an attack against a pre-built AWS lab environment.

Outline:

- Introduction to PACU and setup

- Enumeration techniques across IAM, EC2, S3, STS, and more

- Privilege escalation scenarios including role chaining and STS misuse

- CloudTrail blind spots

- Data exfiltration in unmonitored regions

- Persistence tactics in AWS

- Detection and defense strategies

- Guided hands-on attack simulation

- Wrap-up and key takeaways

Prerequisites:

- Basic knowledge of AWS services like IAM, EC2, and S3

- Familiarity with Linux terminal and command-line tools

- Docker installed (or a Kali VM)

- Personal laptop required

- Attendees will use shared credentials or demo AWS environments

Speaker Bio:

Mohamed AbuMuslim is a security researcher and offensive security engineer who delivers a range of offensive services, including red team operations, adversarial ai research, web and infrastructure penetration testing, and offensive cloud/security assessments. He led the build-out of Microsoft Egypt & Middle East’s first offensive security team and previously helped establish PwC’s offensive security capability in Egypt. He has worked on engagements spanning startups, mid-sized businesses, and large multinational enterprises.

Ziad Hammad is a seasoned offensive security specialist with over 400 security engagements, whose experience in red team operations and advanced malware development was honed securing systems for multinational clients, and who has presented his research on malware evasion and offensive Ai at multiple international conferences.

+

12:00 - 14:00

WORKSHOP | CTF 101

+

Speaker: Hans Raj Shrivastava and Jayesh Singh Chauhan

Venue: Room C16, CTF Area

Join in and know how to get started solving cloud-based CTF challenges. We will help players understand the process and toolset required to obtain the flag.

Speaker Bio:

Hans Raj Shrivastava is a cybersecurity engineer and CTF creator specializing in cloud security and architecture. He builds secure, scalable cloud environments and designs challenges rooted in real-world misconfigurations. He is a core member of Cloud Village crew and has been part of the team for 2 years, crafting chaos in the cloud ever since.

Jayesh Singh Chauhan has been in cybersecurity for the last 14 years, wearing different caps ranging from security engineer to Group CISO. He has been a trainer at conferences like BlackHat, AppSec NZ, nullcon, and a speaker at BlackHat, DEF CON, OWASP Global, Offzone Moscow, c0c0n. He is also the founder of Cloudurance Security, a company that provides vCISO and security advisory services to tech companies and provides bespoke training courses to train in-house employees into security engineers. He is also the founder of Cloud Village, a cloud security community that collaborates with DEF CON, RSA, and BSides to bring free Cloud Security learning to attendees.

Cloud Village CTF

Cloud Village CTF @ DEFCON Bahrain: 05th November, 2025 (On-Site)
CTF starts: 05th November, 2025 - 9AM GMT +3(AST)
CTF closes: 06th November 2025 - 11AM GMT +3(AST)
CTF registration opens on 05th November, 2025 - 9AM GMT +3(AST)
CTF Site: https://ctf.cloud-village.org
Room No.: Cloud Village - CTF Area, C16, Exhibition World Bahrain

If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!

You can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing.

See you on the other side!

CLOUD VILLAGE @ DEF CON Bahrain 5th - 6th Nov 2025

ABOUT

Schedule

+

+

+

+

+

+

+

Cloud Village CTF

CLOUD VILLAGE @ DEF CON Bahrain
5th - 6th Nov 2025