CCES | Certified Cloud Exploitation Specialist
Prove you can break into and move through modern cloud environments by abusing real misconfigurations, IAM flaws, metadata exposure, and multi-cloud attack paths — then explain exactly how you did it.
What CCES Proves
CCES is a cloud-focused offensive security certification that tests your ability to find and exploit weaknesses in AWS, Azure, and GCP style environments.
You will be expected to:
- Enumerate cloud identities, roles, policies, and resources.
- Identify and exploit IAM misconfigurations and trust relationships.
- Abuse metadata services, credentials, and cloud-native features.
- Chain findings into meaningful impact: data access, privilege escalation, and lateral movement.
- Deliver a clear, cloud-focused assessment report that non-cloud stakeholders can understand.
If you want to be the person who can walk into a cloud-heavy environment and actually break it, CCES is for you.
Fast Facts
Core Topics & Curriculum
CCES training takes you from cloud fundamentals into realistic exploitation chains against misconfigured accounts, services, and workloads.
- Cloud architecture basics for AWS, Azure, and GCP from an attacker’s perspective.
- Identity & Access Management (IAM): users, roles, policies, trust relationships.
- Discovery of misconfigured permissions, storage, and services.
- Abusing instance metadata services and credential exposure.
- Privilege escalation paths inside cloud accounts and across trust boundaries.
- Attacking and escaping containerized workloads and basic Kubernetes misconfigs.
- Data exfiltration scenarios and cloud-specific lateral movement.
- Cloud-focused reporting: translating technical issues into business risk.
The focus is not on memorizing every single cloud service, but on recognizing patterns and chains that lead to real compromise.
Lab Environment
The CCES labs and exam emulate multi-account, multi-service cloud setups that highlight real misconfigurations security teams struggle with.
- Per-student cloud-style lab environments during the exam.
- Multiple identities and roles with subtle permission gaps.
- Misconfigured storage, compute, and serverless components.
- Trust relationships that enable cross-account escalation.
- Scenarios designed to reward methodical enumeration and policy reasoning.
You’ll be using cloud CLIs, consoles, and tooling to uncover and exploit the same mistakes companies make in production.
Exam Snapshot
The CCES exam is a 7-day remote practical set in a cloud-style environment. You’ll have to think like an attacker and like a cloud engineer.
- Enumerate accounts, roles, and services using CLI and other tooling.
- Identify high-value misconfigurations and viable attack paths.
- Exploit credentials, metadata, and permissions to escalate.
- Reach meaningful impact (e.g., sensitive data, powerful roles, or control over key resources).
- Document your findings, evidence, and risk in a structured exam report.
Full details are outlined on the Exam Structure & Requirements page.
How to Prepare & Prerequisites
CCES assumes you have some cloud exposure, but you do not need to be a senior cloud architect.
- Basic familiarity with at least one major cloud provider (AWS, Azure, or GCP).
- Understanding of IAM, roles, policies, and resource-based permissions.
- Comfort working with JSON / YAML snippets and CLI output.
- Willingness to read policy docs and reason through “why this breaks”.
- Some scripting experience (Python, PowerShell, or Bash) is helpful but not mandatory.
For a structured prep roadmap and exam-week strategy, use the How To Prepare page.
What You’ll Walk Away With
Passing CCES demonstrates that you can handle real-world cloud exploitation work, not just talk about it.
- A digital CCES certificate and verification details for employers and clients.
- Experience breaking down complex cloud environments into exploitable paths.
- A reusable methodology for cloud assessments and offensive cloud work.
- Confidence that you can speak credibly with both cloud teams and security leadership.