Reminder! Join us at 5pm UTC today for our Intro to Purple Teaming in Azure live community session. In this live session we'll be covering: - Introduction to Azure, M365, ARM and Microsoft Graph - Harden Azure against ransomware attacks - Exploit RBAC for Azure privilege escalation - Detect malicious activity using Sentinel - Evade detection and persistence - Fun CTF, with a prize for first blood! 🏆 Hope to see you on Discord at 5pm UTC!

(Officially) introducing PWNCLOUDOS - a community driven, multi-cloud security platform for red and blue - VM Images for AMD64 and ARM64 - Pre-loaded with tooling used in real AWS & Azure engagements and Pwned Labs training - Optimized for cloud security, smooth performance and intuitive Find out more! 👉

RT @egre55: We're running a FREE hands-on cloud security workshop "Intro to Purple Teaming Azure", covering: - Introduction to Azure, M365…

RT @joehelle: Really great course and neat exam from @PwnedLabs .

Only a few more days until the 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗹𝗼𝘂𝗱 𝗔𝘁𝘁𝗮𝗰𝗸 𝗮𝗻𝗱 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 𝗕𝗼𝗼𝘁𝗰𝗮𝗺𝗽 kicks off! Learn more about the bootcamp and the 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗹𝗼𝘂𝗱 𝗥𝗲𝗱 𝗧𝗲𝗮𝗺 𝗣𝗿𝗼𝗳𝗲𝘀𝘀𝗶𝗼𝗻𝗮𝗹 certification here ->

RT @egre55: Hey folks! We will do a 𝗰𝗼𝗺𝗽𝗹𝗲𝘁𝗲𝗹𝘆 𝗙𝗥𝗘𝗘 𝟮-𝗵𝗼𝘂𝗿 𝗰𝗹𝗼𝘂𝗱 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗹𝗶𝘃𝗲 𝘀𝗲𝘀𝘀𝗶𝗼𝗻 on February 12th @ 5pm UTC, and YOU get to choose t…

RT @PwnedLabs: Did you know that Pwned Labs also offers penetration testing services? Our team of expert trainers are also practitioners…

Did you know that Pwned Labs also offers penetration testing services? Our team of expert trainers are also practitioners with deep experience in Active Directory and the cloud!A Pwned Labs pentest means the familiar attention to detail and purple team focus. Learn more here:

RT @joehelle: Vv.1 of AWeSomeUserFinder is now available. I've made several changes, including a new enumeration method utilizing S3 bucket…

RT @theluemmel: Made a quick demo walkthrough of AzurePwn because it was too much to explain it in a few sentences.

RT @theluemmel: New "tool" to make life easier when doing post ex in Azure environments:

RT @daltsec: Thanks @PwnedLabs and @Hac10101 for the 1 year subscription. I'm excited to dive into cloud. I will be sharing my progress her…

RT @Hac10101: Hey everyone! Super excited to share that our new cyber range, Electra, is live! It's an intermediate-level lab to sharpen yo…

RT @PwnedLabs: Ready to take on a new cloud security challenge? Introducing Electra, our new AWS cyber range for pro and business subscrib…

Ready to take on a new cloud security challenge? Introducing Electra, our new AWS cyber range for pro and business subscribers. Test your skills in this realistic environment, and claim the flag! Learn more and start pwning at:

RT @Vyomjain6904: I just published Walkthrough — Intro to AWS IAM Enumeration — PWNED Labs @AWSSecurityInfo @PwnedLabs

This time tomorrow we'll be kicking off our first Amazon Cloud Attack and Defense Bootcamp! We're super excited to be launching this, to help develop critical cloud security skills in AWS. The four week instructor-led course will take participants through: - Performing AWS security audits and remediating security flaws - Leveraging AWS resources to gain initial access and move laterally - Using modern phishing techniques to gain initial access to AWS - Abusing compromised credentials for lateral and vertical movement - Hands-on purple teaming simulating real-world attacks and defenses - Exploiting misconfigured IAM roles and trust policies to increase access - Detecting cloud threats using Splunk, GuardDuty, Athena and CloudTrail ...and much more! You can still join us tomorrow, or comment below and we'll let you know when the Q1 2025 edition is open for bookings! Learn more at

Counting down a few more days until the start of the next Microsoft Cloud Attack and Defense Bootcamp! There’s still time to book your place and gain the skills you need to become Microsoft Cloud Red Team Professional certified.Check out some of the learning outcomes: - Understand Azure, Entra ID and Microsoft Graph concepts - Leverage Azure resources to gain initial access and move laterally - Use modern phishing frameworks to gain initial access - Perform token abuse for lateral movement - Hands-on purple teaming in Azure - Increase resource access through Microsoft 365 - Exploit Conditional Access Policy / MFA enablement gaps - Attack and defend Azure App Services - Create Azure and Microsoft 365 tenant security reports - Detect threats with Microsoft Sentinel - Lateral Movement from Azure to on-premises Active Directory, and back! Find out more here:

New lab alert 🚨 Create Custom Tooling to Explore AWS 🛠️ Let’s add a new tool to our AWS security toolbox with a Python script that allows us to enumerate and exfiltrate S3 bucket contents! Play the lab!

Introducing the Amazon Cloud Attack and Defense bootcamp, and the Amazon Cloud Red Team Professional (ACRTP) certification! AWS is the largest provider of cloud infrastructure with over 2 million businesses relying on it. But this also makes it an attractive target for threat actors who are constantly looking for misconfigured settings and exposures to gain a foothold, steal (or destroy) data and create huge cost with crypto-mining operations. Our new fully hands-on bootcamp enables participants to adopt a purple-team mindset and practice skills in attacking and defending AWS infrastructure. Whether you are just starting out, moving into cloud security, or looking to build on existing knowledge, the four-week, instructor-led bootcamp will build proficiency in: - Simulate compromising developer accounts to test the blast radius - Exploiting misconfigured IAM roles and trust policies to increase access - Leveraging AWS resources to gain initial access and move laterally - Expanding access through DevOps platforms and OpenID Connect - Detecting cloud threats using Splunk, GuardDuty, Athena and CloudTrail …and much, much more Complete the bootcamp, and you can attempt the ACRTP certification lab. The exam challenges you to apply your newfound expertise in completing an exploitation chain and getting the flag. You can find out more here: