Hands-On MCP Security Bootcamp
Registrations for this batch are now closed.
Next batch coming soon!
We are
now! Registrations
open until 11 Am.
Model Context Protocol is becoming a powerful way to connect AI systems with real tools, data sources, and security workflows. This hands-on bootcamp helps cybersecurity professionals build custom MCP servers, integrate AI with tools like ELK, MISP, and threat intelligence APIs, test MCP-specific attack paths, and apply controls to secure MCP deployments.
Urvesh
Urvesh is a Senior Information Security Engineer with hands-on experience in SOC operations, SIEM/XDR implementation, detection engineering, threat hunting, SOAR workflows, and DFIR. His background in Wazuh-based security operations, threat-intelligence integration, and response automation aligns closely with the bootcamp focus on building and securing MCP-driven InfoSec workflows.
Urvesh has trained 300+ professionals in security operations, helping them build practical skills in detection, response, and SOC engineering.
Special Offer! Limited Time Only
Module 01: MCP Essentials for Security Professionals
- What is the Model Context Protocol, and why should security teams care?
- The N×M tool-integration problem and how MCP solves it
- MCP component model: Host, Client, Server, Tools, Resources, Prompts
- Transports explained: STDIO local vs SSE / Streamable HTTP remote
- JSON-RPC 2.0 message flow: requests, responses, capability negotiation
- Where MCP introduces new trust boundaries and attack surface
- The MCP ecosystem: Anthropic origin, registries, and adoption in security tooling
Module 02: Building the MCP Security Lab
- Lab architecture overview: isolated, containerized, and safe to break
- Python 3.11+, venv/uv, and dependency hygiene
- Installing FastMCP and the official MCP SDK
- Configuring Claude Desktop and Cursor as MCP hosts
- MCP Inspector for live request/response tracing
- Standing up Docker-based targets: ELK, MISP, and vulnerable MCP servers
- Capturing and logging MCP traffic for analysis
Module 03: Using MCP as a Security
Analyst
- Installing and trusting existing MCP servers safely
- Driving filesystem, HTTP, and shell MCP tools from a host
- Tracing a live request: host → client → server → tool → response
- Reading tool descriptions and schemas the way an attacker does
- Inspecting what data leaves your machine
Module 04: Your First Security MCP
Server
- Anatomy of a FastMCP server: instance, @mcp.tool(), type hints
- Writing tool descriptions that guide the model and the risks
- Input schemas with Pydantic: validation from day one
- Structured responses: text, JSON, and error handling
- Running over STDIO and wiring into Claude Desktop / Cursor
Module 05: Custom MCP for Log & SIEM Data — ELK /
Elasticsearch
- ELK architecture refresher from a tooling perspective
- Authenticating to Elasticsearch from an MCP tool: API keys, TLS
- Building tools: query indices, run KQL/DSL, retrieve and summarize events
- Designing prompt-friendly output: summaries vs raw dumps
- Pagination, result-size limits, and avoiding token blowups
- Read-only / least-privilege query design
Module 06: Custom MCP for Threat
Intelligence
- Wrapping external security APIs as MCP tools
- Tools for VirusTotal, AbuseIPDB, Shodan, GreyNoise, and NVD/CVE lookup
- Secrets and API-key management: never in tool descriptions
- Caching, rate limiting, and quota-aware design
- Normalizing multi-source intel into one structured verdict
Module 07: Custom MCP for MISP
- MISP concepts: events, attributes, objects, galaxies, tags
- Authenticating to the MISP REST API from MCP tools
- Tools: search attributes, pull IOCs, correlate, push sightings
- Mapping MISP data to AI-consumable structures
- Guardrails: read vs write scopes, approval before publishing
Module 08: Custom MCP for IR & SOAR
Integration
- MCP as the tool layer beneath SOAR / case management
- Building tools for TheHive / Cortex: case create, observable enrich, run analyzers
- Ticketing and notification tools: create alert, post to chat
- Multi-tool chaining: ingest → enrich → correlate → document
- Human-in-the-loop checkpoints for state-changing actions
Module 09: Remote MCP, Authentication & Transport
Security
- Local STDIO vs remote SSE / Streamable HTTP trade-offs
- Deploying a remote MCP server with TLS
- Authentication patterns: API keys, bearer tokens, OAuth 2.1 flows
- Origin validation, session management, and CORS pitfalls
- Token handling done right: avoiding passthrough and confused-deputy setups
Module 10: MCP Attack Surface & Threat
Modeling
- Trust boundaries in the host–client–server–tool chain
- Why arbitrary tool execution changes the risk model
- Categories of MCP threats: protocol, server, tool, supply chain, host
- The malicious-server trust model and registry / supply-chain risk
- Mapping MCP threats to OWASP Top 10 for LLM Applications
Module 11: OWASP-Style Top 10 for MCP —
Pentesting
- Prompt injection: direct injection into tool inputs and arguments
- Indirect / stored prompt injection via resources, files, and tool output
- Tool poisoning: malicious descriptions that hijack model behavior
- Tool shadowing and name collisions across servers
- Rug-pull attacks: server changes behavior after trust is granted
- Excessive agency / over-privileged tools
- Command injection and path traversal in tools
- SSRF and cross-origin exposure via tool-issued requests
- Secret and data exfiltration through crafted tool responses
- Authentication gaps, token theft, and confused-deputy abuse
Module 12: Breaking MCP — Offensive Lab
- Working with intentionally vulnerable MCP servers, such as Damn Vulnerable MCP
- Intercepting and manipulating JSON-RPC traffic
- Building a malicious MCP server to demonstrate poisoning and exfiltration
- Chaining injection → tool abuse → data exfiltration end-to-end
- Auditing third-party servers with mcp-scan / static review
- Documenting findings the way a pentest report would
Module 13: Secure MCP Design & Hardening
- Secure-by-design principles for MCP tools
- Input validation: whitelist, sanitize, type-check every parameter
- Path-traversal and command-injection prevention
- Least-privilege and deny-by-default tool access
- Output size limits, rate limiting, and content filtering
- Reviewing tool descriptions for injection vectors
- Keeping secrets out of descriptions, logs, and responses
Module 14: Detecting, Monitoring & Auditing
MCP
- Logging and audit trails for every tool invocation
- Detecting prompt injection and anomalous tool usage
- Sandboxing and isolation: containers, seccomp, network egress control
- Guardrails and policy enforcement around tool calls
- Writing detections, Sigma-style, for malicious MCP activity
- Supply-chain controls: pinning, signing, and vetting registry servers
*Note: Participants will have access to session recordings for a period of 60 days.
Special Offer! Limited Time Only
- Module-wise notes covering all MCP topics
- Access to hands-on MCP labs and practicals
- Custom MCP servers for real InfoSec workflows
- SIEM-based MCP integration for log hunting
- Threat-intel enrichment MCP for IPs, hashes, and domain
- MISP MCP workflow for IOC lookup and correlation
- IR/SOAR MCP workflow with case enrichment
- Pentest-style findings from offensive MCP labs
- Hardened, re-testable MCP servers
This is a hands-on MCP security bootcamp. Basic technical readiness is expected, and preparing in advance will ensure a smoother lab experience.
We will guide participants on setting up accounts for the platforms below. However, participants may create these accounts beforehand for convenience.
Participants should have the following tools installed or ready to install:
Participants should have a system that meets the following minimum requirements for the hands-on labs:
- RAM: 8 / 16 GB
- CPU: 4 cores, x86-64 or Apple Silicon
- Free Disk Space: 50 GB free, as Docker images for ELK, MISP, and models can add up quickly
- Operating System: macOS 13+, Windows 10/11 with WSL2 enabled, or a modern Linux distribution such as Ubuntu 22.04+
- Virtualization: Enabled in BIOS/UEFI for Docker. On Windows, WSL2 + Docker Desktop is required
- Network: Reliable internet connection for pulling Docker images and calling threat-intel APIs
For a smoother lab experience, the following configuration is recommended:
- RAM: 32 GB
- CPU: 8 cores
- Free Disk Space: 80 GB+ free, SSD preferred
- GPU: Optional. Required only if you plan to run a local model. 8 GB+ VRAM makes the local path smoother
- Apple Silicon Note: M-series systems with 32 GB unified memory can handle local models well without a discrete GPU
- Operating System: Same as the minimum requirement
Running a local LLM is optional and depends on your system hardware.
- 8 GB RAM with no/weak GPU under 6 GB VRAM: Qwen3 7B or Gemma 4, Q4 quant
- 16 GB RAM with around 8 GB VRAM: Qwen 7B/8B or Gemma 4
- 32 GB RAM with 12–16 GB VRAM: Qwen 14B
Participants who cannot meet the local system specifications, are using a locked-down corporate device, or prefer not to install Docker locally can run the entire lab on a cloud VM instead. The trainer will guide the setup live at the start of the bootcamp.
Interested in Joining the
Our advisor will contact you with event details, and exclusive offers!