Skip to content

Pwned Labs Blog


The latest techniques in hacking and defending

Recent Articles

Azure, Red Team, Privilege Escalation, Lateral Movement

Climbing the Azure RBAC Ladder

Join us in this new blog post as we explore the various methods that threat actors commonly use to move laterally and...
Read more
Azure, Red Team, initial access

Mapping attack surface for Azure initial access

Join us in this blog post as we explore various methods that threat actors commonly use to gain initial access to Azure.
Read more
Red Team, GCP, cloud build

Exploiting GCP Cloud Build for Privilege Escalation

In this blog post, we will explore how to exploit Cloud Build to escalate privileges and achieve lateral movement in a...
Read more
Red Team, AWS, snapshot

Thunderdome - Pulled From the Sky walkthrough

This is the second in a series of walkthroughs for the Thunderdome multi-cloud Cyber Range from Pwned Labs. This post...
Read more
Red Team, AWS, bitbucket

Thunderdome - Emerge Through the Breach walkthrough

This is the first in a series of walkthroughs for the Thunderdome multi-cloud Cyber Range from Pwned Labs. This post...
Read more
Azure, Red Team, SQL

EvilSQL: coercing requests from Azure SQL Managed Instance

Azure SQL Managed Instance (and also Azure SQL Server) suffer from insufficient validation of the LOCATION parameter of...
Read more
Red Team, AWS, OIDC

Abusing Identity Providers in AWS

Join us on a ride-along pentest of AWS and GitLab! Huge Logistics has hired us to perform a security assessment of...
Read more
Azure, Red Team, VM

Diving Deep into Azure VM Attack Vectors

Join us as we dive into Azure Virtual Machine (VM) security from a red team perspective, focusing on identifying and...
Read more

Your security training ground


Experience, real-world, byte-sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.