Hands-On MCP Security Bootcamp

Build and Break Model Context Protocol
22 - 23 & 29 - 30 August (Weekend Batch)
10 AM - 02 PM (IST)

Registrations for this batch are now closed.

Next batch coming soon!

We are now! Registrations open until 11 Am.

*Early Bird Discount
$199 $79
InfosecTrain (A Brand of AZPIRANTZ TECHNOLOGIES LLP)
Why Attend?

Model Context Protocol is becoming a powerful way to connect AI systems with real tools, data sources, and security workflows. This hands-on bootcamp helps cybersecurity professionals build custom MCP servers, integrate AI with tools like ELK, MISP, and threat intelligence APIs, test MCP-specific attack paths, and apply controls to secure MCP deployments.

What sets this training apart:
Build Security MCP Servers
Create custom MCP tools for logs, SIEM, threat intel, MISP, and IR workflows
Break MCP Deployments
Test prompt injection, tool poisoning, tool abuse, and data exfiltration risks
Defend Real MCP Workflows
Apply validation, least privilege, monitoring, logging, and hardening controls
75% Hands-On Labs
Work through practical build, attack, and defense scenarios throughout the bootcamp
Security Tool Integrations
Connect MCP with ELK, MISP, TheHive/Cortex, and threat-intel APIs
AI Security Career Edge
Develop hands-on MCP expertise for securing AI-powered workflows and earn 16 CPE Credits
Meet the Expert
sujay-trainer

Urvesh

DFIR, Threat Hunting & Intel | CHFI | eTHP | DCPLA | CTIA | ECIH | CND | CCSE

Urvesh is a Senior Information Security Engineer with hands-on experience in SOC operations, SIEM/XDR implementation, detection engineering, threat hunting, SOAR workflows, and DFIR. His background in Wazuh-based security operations, threat-intelligence integration, and response automation aligns closely with the bootcamp focus on building and securing MCP-driven InfoSec workflows.

Urvesh has trained 300+ professionals in security operations, helping them build practical skills in detection, response, and SOC engineering.

Special Offer! Limited Time Only

22 - 23 & 29 - 30 August (Weekend Batch)
10 AM - 02 PM (IST)
*Early Bird Discount
$199 $79
Bootcamp Agenda
Day 1: MCP Foundations: Security Lens

Module 01: MCP Essentials for Security Professionals

  • What is the Model Context Protocol, and why should security teams care?
  • The N×M tool-integration problem and how MCP solves it
  • MCP component model: Host, Client, Server, Tools, Resources, Prompts
  • Transports explained: STDIO local vs SSE / Streamable HTTP remote
  • JSON-RPC 2.0 message flow: requests, responses, capability negotiation
  • Where MCP introduces new trust boundaries and attack surface
  • The MCP ecosystem: Anthropic origin, registries, and adoption in security tooling

Module 02: Building the MCP Security Lab

  • Lab architecture overview: isolated, containerized, and safe to break
  • Python 3.11+, venv/uv, and dependency hygiene
  • Installing FastMCP and the official MCP SDK
  • Configuring Claude Desktop and Cursor as MCP hosts
  • MCP Inspector for live request/response tracing
  • Standing up Docker-based targets: ELK, MISP, and vulnerable MCP servers
  • Capturing and logging MCP traffic for analysis
Lab: Full toolchain stood up and verified end-to-end

Module 03: Using MCP as a Security Analyst

  • Installing and trusting existing MCP servers safely
  • Driving filesystem, HTTP, and shell MCP tools from a host
  • Tracing a live request: host → client → server → tool → response
  • Reading tool descriptions and schemas the way an attacker does
  • Inspecting what data leaves your machine
Lab: Connect 3 community MCP servers and map exactly what each can access
Day 2: Building Security MCP Servers

Module 04: Your First Security MCP Server

  • Anatomy of a FastMCP server: instance, @mcp.tool(), type hints
  • Writing tool descriptions that guide the model and the risks
  • Input schemas with Pydantic: validation from day one
  • Structured responses: text, JSON, and error handling
  • Running over STDIO and wiring into Claude Desktop / Cursor
Lab: Build a 3-tool analyst server: log parser, IP utils, hash utils

Module 05: Custom MCP for Log & SIEM Data — ELK / Elasticsearch

  • ELK architecture refresher from a tooling perspective
  • Authenticating to Elasticsearch from an MCP tool: API keys, TLS
  • Building tools: query indices, run KQL/DSL, retrieve and summarize events
  • Designing prompt-friendly output: summaries vs raw dumps
  • Pagination, result-size limits, and avoiding token blowups
  • Read-only / least-privilege query design
Lab: Build an ELK MCP server that lets the AI hunt across auth and firewall logs

Module 06: Custom MCP for Threat Intelligence

  • Wrapping external security APIs as MCP tools
  • Tools for VirusTotal, AbuseIPDB, Shodan, GreyNoise, and NVD/CVE lookup
  • Secrets and API-key management: never in tool descriptions
  • Caching, rate limiting, and quota-aware design
  • Normalizing multi-source intel into one structured verdict
Lab: Build a multi-source IP/hash/domain enrichment MCP server

Module 07: Custom MCP for MISP

  • MISP concepts: events, attributes, objects, galaxies, tags
  • Authenticating to the MISP REST API from MCP tools
  • Tools: search attributes, pull IOCs, correlate, push sightings
  • Mapping MISP data to AI-consumable structures
  • Guardrails: read vs write scopes, approval before publishing
Lab: Build a MISP MCP server for IOC lookup and enrichment workflows

Module 08: Custom MCP for IR & SOAR Integration

  • MCP as the tool layer beneath SOAR / case management
  • Building tools for TheHive / Cortex: case create, observable enrich, run analyzers
  • Ticketing and notification tools: create alert, post to chat
  • Multi-tool chaining: ingest → enrich → correlate → document
  • Human-in-the-loop checkpoints for state-changing actions
Lab: Build an IR MCP server that opens a case and enriches it automatically

Module 09: Remote MCP, Authentication & Transport Security

  • Local STDIO vs remote SSE / Streamable HTTP trade-offs
  • Deploying a remote MCP server with TLS
  • Authentication patterns: API keys, bearer tokens, OAuth 2.1 flows
  • Origin validation, session management, and CORS pitfalls
  • Token handling done right: avoiding passthrough and confused-deputy setups
Lab: Deploy an authenticated remote MCP server and connect a host over TLS
Day 3: Breaking MCP: Offensive

Module 10: MCP Attack Surface & Threat Modeling

  • Trust boundaries in the host–client–server–tool chain
  • Why arbitrary tool execution changes the risk model
  • Categories of MCP threats: protocol, server, tool, supply chain, host
  • The malicious-server trust model and registry / supply-chain risk
  • Mapping MCP threats to OWASP Top 10 for LLM Applications
Lab: Build a threat model and data-flow diagram for a deployed MCP server

Module 11: OWASP-Style Top 10 for MCP — Pentesting

  • Prompt injection: direct injection into tool inputs and arguments
  • Indirect / stored prompt injection via resources, files, and tool output
  • Tool poisoning: malicious descriptions that hijack model behavior
  • Tool shadowing and name collisions across servers
  • Rug-pull attacks: server changes behavior after trust is granted
  • Excessive agency / over-privileged tools
  • Command injection and path traversal in tools
  • SSRF and cross-origin exposure via tool-issued requests
  • Secret and data exfiltration through crafted tool responses
  • Authentication gaps, token theft, and confused-deputy abuse
Lab: Exploit each class against a controlled vulnerable target

Module 12: Breaking MCP — Offensive Lab

  • Working with intentionally vulnerable MCP servers, such as Damn Vulnerable MCP
  • Intercepting and manipulating JSON-RPC traffic
  • Building a malicious MCP server to demonstrate poisoning and exfiltration
  • Chaining injection → tool abuse → data exfiltration end-to-end
  • Auditing third-party servers with mcp-scan / static review
  • Documenting findings the way a pentest report would
Lab: Full kill-chain against a vulnerable MCP deployment, written up as findings
Day 4: Defending MCP — Defensive

Module 13: Secure MCP Design & Hardening

  • Secure-by-design principles for MCP tools
  • Input validation: whitelist, sanitize, type-check every parameter
  • Path-traversal and command-injection prevention
  • Least-privilege and deny-by-default tool access
  • Output size limits, rate limiting, and content filtering
  • Reviewing tool descriptions for injection vectors
  • Keeping secrets out of descriptions, logs, and responses
Lab: Take the Module 12 vulnerable server and apply 8+ controls, then re-test

Module 14: Detecting, Monitoring & Auditing MCP

  • Logging and audit trails for every tool invocation
  • Detecting prompt injection and anomalous tool usage
  • Sandboxing and isolation: containers, seccomp, network egress control
  • Guardrails and policy enforcement around tool calls
  • Writing detections, Sigma-style, for malicious MCP activity
  • Supply-chain controls: pinning, signing, and vetting registry servers
Lab: Instrument an MCP server with audit logging and a detection that fires on attack

*Note: Participants will have access to session recordings for a period of 60 days.

Special Offer! Limited Time Only

22 - 23 & 29 - 30 August (Weekend Batch)
10 AM - 02 PM (IST)
*Early Bird Discount
$199 $79
Assets and Deliverables
  • Module-wise notes covering all MCP topics
  • Access to hands-on MCP labs and practicals
  • Custom MCP servers for real InfoSec workflows
  • SIEM-based MCP integration for log hunting
  • Threat-intel enrichment MCP for IPs, hashes, and domain
  • MISP MCP workflow for IOC lookup and correlation
  • IR/SOAR MCP workflow with case enrichment
  • Pentest-style findings from offensive MCP labs
  • Hardened, re-testable MCP servers
Key Takeaways
Build production-grade MCP security integrations
Exploit MCP-specific attack surfaces safely
Harden MCP servers with reusable detections
Audit third-party MCP servers confidently
Monitor and detect MCP abuse
Earn 16 CPE Credits
Lab Readiness & Setup Requirements

This is a hands-on MCP security bootcamp. Basic technical readiness is expected, and preparing in advance will ensure a smoother lab experience.

Knowledge Prerequisites
Basic/Intermediate Python Familiarity
Ability to read functions, run scripts, install packages, and edit provided code. Python will not be taught from scratch.
Command Line Comfort
Ability to run commands, edit files, and set environment variables using Terminal, PowerShell, WSL, or Linux shell.
Foundational Security Concepts
Basic understanding of SOC, IOCs, SIEM, and threat-intelligence feeds. Detection or IR experience is helpful but not mandatory.
Docker Basics Are a Plus
Familiarity with docker run and docker compose commands will be helpful.
Accounts / Platforms Used

We will guide participants on setting up accounts for the platforms below. However, participants may create these accounts beforehand for convenience.

Software Used

Participants should have the following tools installed or ready to install:

Python 3.11 or higher
Docker Desktop + Docker Compose
Git
VS Code or any IDE of choice
Claude Desktop for Windows or Mac
Node.js 20+
MCP Inspector
Minimum System Requirements

Participants should have a system that meets the following minimum requirements for the hands-on labs:

  • RAM: 8 / 16 GB
  • CPU: 4 cores, x86-64 or Apple Silicon
  • Free Disk Space: 50 GB free, as Docker images for ELK, MISP, and models can add up quickly
  • Operating System: macOS 13+, Windows 10/11 with WSL2 enabled, or a modern Linux distribution such as Ubuntu 22.04+
  • Virtualization: Enabled in BIOS/UEFI for Docker. On Windows, WSL2 + Docker Desktop is required
  • Network: Reliable internet connection for pulling Docker images and calling threat-intel APIs
Recommended System Configuration

For a smoother lab experience, the following configuration is recommended:

  • RAM: 32 GB
  • CPU: 8 cores
  • Free Disk Space: 80 GB+ free, SSD preferred
  • GPU: Optional. Required only if you plan to run a local model. 8 GB+ VRAM makes the local path smoother
  • Apple Silicon Note: M-series systems with 32 GB unified memory can handle local models well without a discrete GPU
  • Operating System: Same as the minimum requirement
Local LLM Model Guidance

Running a local LLM is optional and depends on your system hardware.

  • 8 GB RAM with no/weak GPU under 6 GB VRAM: Qwen3 7B or Gemma 4, Q4 quant
  • 16 GB RAM with around 8 GB VRAM: Qwen 7B/8B or Gemma 4
  • 32 GB RAM with 12–16 GB VRAM: Qwen 14B
Trainer-Guided Cloud Machine Option

Participants who cannot meet the local system specifications, are using a locked-down corporate device, or prefer not to install Docker locally can run the entire lab on a cloud VM instead. The trainer will guide the setup live at the start of the bootcamp.

Interested in Joining the

Bootcamp?

Please Fill the Form

Our advisor will contact you with event details, and exclusive offers!