Cyfinoid trainings are built from ongoing research, real-world offensive experience, and the technical problems modern teams actually struggle with in software delivery and cloud environments. We focus on practical material that helps participants understand how systems are attacked in practice, how trust breaks across connected platforms, and how better defensive decisions can be made as a result.
Our current training lineup is strongest in Cloud Security and Software Supply Chain Security, including the CI/CD environments that connect source code, automation, artifacts, and deployment. These are the areas where our research, tooling, and hands-on labs most directly feed into the classroom.
We deliver trainings at major security conferences and through private / corporate sessions. Exact syllabi vary by event, audience, duration, and lab design, so each course page gives the high-level approach while the specific conference page remains authoritative for the exact modules, student requirements, and logistics for that run.
Current Training Programs
Hacking Multi-Cloud Infrastructure
This training helps participants think about cloud environments the way attackers do. Instead of memorizing one provider at a time, the focus is on trust boundaries, identity, storage, metadata, orchestration, automation, and the patterns that repeat across cloud ecosystems.
It is designed for teams that want an attacker-informed view of cloud risk across AWS, Azure, GCP, DigitalOcean, Alibaba Cloud, Kubernetes platforms, and adjacent cloud-native environments, depending on the run.
Attack & Defend Software Supply Chain
This training looks at software trust across the full delivery lifecycle, not just dependencies and SBOMs. It covers the producer writing first-party code, the consumer building on top of third-party software and services, and the end user depending on the final product.
The material spans the developer desktop, repositories, CI/CD, package ecosystems, artifacts, deployment tooling, and cloud environments. Public conference runs are typically attack-led, while private deliveries can go deeper into defense, governance, and operational hardening.
Attacking CI/CD Environments
This training focuses on CI/CD as a high-trust control plane rather than simple build automation. Participants learn how attackers abuse repositories, workflows, runners, tokens, artifacts, and integrations, and how those weaknesses can turn into software tampering, secret theft, cloud abuse, or wider supply chain compromise.
It is especially useful for platform teams, DevOps engineers, product security teams, and testers who want a more realistic understanding of how modern delivery pipelines fail under attacker pressure.
Archived Training
Attack & Defend Android Applications
This course remains part of Cyfinoid’s training history and is kept online as an archive for previous attendees, conference visitors, and people researching our earlier mobile security work. It is no longer offered as a current public or private training.
Why These Trainings Stand Out
- Research-driven rather than slide-driven
- Built around hands-on labs and realistic attack paths
- Offensive understanding with practical defensive relevance
- Focused on trust boundaries, automation, and how real systems connect
- Flexible enough for conference formats and private team needs
How To Choose
- Choose
Hacking Multi-Cloud Infrastructureif your focus is attacker-informed cloud security across providers and platforms - Choose
Attack & Defend Software Supply Chainif your focus is software trust across the full path from development to deployment - Choose
Attacking CI/CD Environmentsif your focus is pipeline abuse, automation risk, and software delivery control planes
How To Attend
Cyfinoid offers these trainings through international conferences and private engagements. For public runs, see the listing below and conference page for the exact syllabus and logistics. For private / corporate sessions, contact us.
