Dev mode — no Cloudflare Access header present. Authenticated as dev@local.
EPL
dev@local

Complete Engagement Stack: Router Customization + Cloudflare Edge Services

Two days. Zero vendor lock-in. Total stack control.

You’ll build everything from custom OpenWrt firmware to edge-native ChatOps. By the end, you control every byte from the router’s boot sequence to the Cloudflare Worker that processes your steganographic commands. No black boxes. No dependencies you can’t replace.

What You Actually Build

Day 1 gets your hands dirty with hardware. You’ll tear apart a GL.iNet router, rebuild its firmware from source, and make it yours. Custom package selection. Persistent overlays. Services that survive firmware updates. Then we connect it to the world through Cloudflare Tunnel. Zero port forwarding, zero exposed attack surface.

Day 2 is pure edge computing. Build the control plane that manages your router fleet. Cloudflare Workers for command processing, D1 for device tracking, R2 for artifact storage. Access control that actually works. Audit logs for everything. Then we wire it all together with the weirdest ChatOps you’ve ever seen: Discord commands encoded as food emoji that trigger real device actions.

The capstone scenario ties it together. A Mango router sits on a simulated target network. You send 🥘🥫🥩🌯🥙🥘 in Discord. A Worker decodes it as “status”, validates your identity, dispatches the command over Tailscale mesh, gets a network capture back, stores it in R2, and drops the download link in your chat. Every step logged. Every component under your control.

Why This Matters

Most network training teaches you to configure vendor gear. Most cloud training teaches you to use AWS. You walk away dependent on someone else’s stack. Here, you learn the primitives. OpenWrt ImageBuilder instead of factory firmware. Tailscale mesh instead of corporate VPN. Workers instead of Lambda. When the engagement requires air-gapped deployment or the client forbids certain vendors, you adapt instead of scrambling.

The techniques scale from conference demos to real deployments. The Mango build process works for drop devices. The Cloudflare stack handles production traffic. The audit framework passes compliance reviews. This isn’t toy code you throw away after class.

Who Should Take This

Security teams building portable infrastructure for engagements. Field engineers who need custom router deployments that actually work. Anyone tired of depending on vendor roadmaps for critical capabilities.

You need Linux command line comfort, basic networking knowledge, and some JavaScript for the Worker development. We handle the rest.

Hardware Kit (Included)

Each student gets a GL.iNet Flint 2 for the main build, a Mango for the drop device scenario, USB storage for ExtRoot, and all the cables. Total kit value around $280. You keep everything.

Optional Comet KVM unit available for students who want the out-of-band access lab. Adds another $89 but unlocks BIOS-level control scenarios.

Lab Structure

Day 1: Field-Ready Router (7 hours)

  • Kit setup and recovery procedures
  • ImageBuilder custom firmware compilation
  • Overlay management and persistence
  • Service deployment on the router
  • Mesh overlay with Tailscale
  • Cloudflare Tunnel for zero-port-forward access
  • First Worker as reverse proxy with authentication

Day 2: Engagement Stack (7 hours)

  • Cloudflare Access for proper SSO and service tokens
  • D1 database for device registry and audit trails
  • KV and R2 for state management and artifact storage
  • Worker fleet gateway with structured API
  • EmojiChef ChatOps bridge to Discord/hack.chat
  • Mango drop device deployment with OPSEC discussion
  • Full integration capstone demonstration

Course Outcomes

You’ll have built a complete engagement infrastructure stack. Custom firmware that boots your services. Mesh networking that bypasses NAT. Edge computing that scales globally. Command and control that looks like casual Discord chat. Audit trails that track every action. Storage that handles your captures and payloads.

More importantly, you’ll understand how each piece works and how to replace it. The course covers self-hosted alternatives to every Cloudflare service. When vendor lock-in becomes a problem, you have options.

Investment

$797 includes both days of instruction, complete hardware kit, all course materials, and lab access for practice after the workshop.

Prerequisites

  • Linux command line proficiency
  • Basic networking concepts (IP, DNS, routing)
  • JavaScript familiarity for Worker development
  • Free Cloudflare account (workshop provides delegated subdomain)
  • Free Tailscale account

No domain purchase required - Each student receives a workshop subdomain with full Cloudflare access.

Next Workshop Dates

Live workshops at security conferences throughout 2026. Online cohorts starting quarterly. All students get lifetime access to course updates and new lab scenarios as the threat landscape evolves.

This isn’t training on someone else’s tools. It’s learning to build your own.