Skip to content

Pwned Labs Blog


The latest techniques in hacking and defending

Recent Articles

AWS, Bootcamps, Pwned Labs Experts

Meet your ACRTP Bootcamp instructor: Tyler Petty

From building military-grade networks to cloud security guardrails, Tyler's journey into cybersecurity has been...
Read more
Azure, Bootcamps, Pwned Labs Experts

Meet your MCRTP Bootcamp instructor: Filip Jodoin

We sat down with Filip Jodoin, Penetration Tester and Pwned Labs instructor, to find out more about his cybersecurity...
Read more
AWS, Blue Team

RansomWhen: The Hidden Risks of AWS KMS in Ransomware Attacks

Disclaimer: The information in this blog post is provided for educational and informational purposes only. We do not...
Read more
AWS, Blue Team

Defending Against the whoAMI Attack with AWS Declarative Policies

Cloud Security Researcher and Advocate, Seth Art, recently published the blog post whoAMI: A cloud image name confusion...
Read more
Azure, Red Team, Privilege Escalation, Lateral Movement

Climbing the Azure RBAC Ladder

Join us in this new blog post as we explore the various methods that threat actors commonly use to move laterally and...
Read more
AWS, Blue Team

Building Security Guardrails with AWS Resource Control Policies

AWS recently introduced Resource Control Policies (RCPs), powerful guardrails designed to enhance your organization’s...
Read more
Azure, Red Team, initial access

Mapping attack surface for Azure initial access

Join us in this blog post as we explore various methods that threat actors commonly use to gain initial access to Azure.
Read more
Red Team, GCP, cloud build

Exploiting GCP Cloud Build for Privilege Escalation

In this blog post, we will explore how to exploit Cloud Build to escalate privileges and achieve lateral movement in a...
Read more
Red Team, AWS, snapshot

Thunderdome - Pulled From the Sky walkthrough

This is the second in a series of walkthroughs for the Thunderdome multi-cloud Cyber Range from Pwned Labs. This post...
Read more
Red Team, AWS, bitbucket

Thunderdome - Emerge Through the Breach walkthrough

This is the first in a series of walkthroughs for the Thunderdome multi-cloud Cyber Range from Pwned Labs. This post...
Read more
AWS, Pen-testing, IAM policy, Privilege Escalation, Pacu

Beginner's Guide to hunting for AWS IAM Privilege Escalations with Pacu

Join us as we get started with using Pacu - an AWS exploitation framework created by Rhino Security Labs that is...
Read more
Azure, Red Team, SQL

EvilSQL: coercing requests from Azure SQL Managed Instance

Azure SQL Managed Instance (and also Azure SQL Server) suffer from insufficient validation of the LOCATION parameter of...
Read more
Red Team, AWS, OIDC

Abusing Identity Providers in AWS

Join us on a ride-along pentest of AWS and GitLab! Huge Logistics has hired us to perform a security assessment of...
Read more
Azure, Red Team, VM

Diving Deep into Azure VM Attack Vectors

Join us as we dive into Azure Virtual Machine (VM) security from a red team perspective, focusing on identifying and...
Read more

Your security training ground


Experience, real-world, byte-sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.