Find your lab!
-
We have created this fun lab to highlight alternate forms of credential that can be abused to get access and move laterally in Azure. Get ready to leverage service principals, web app managed identities and administrative units as we look to go from external access to the top of the tree!
Tags: Azure, Web App, Service Principal, Certificate, Managed Identity, Blob Storage, Key Vault, Administrative Unit
-
We created this beginner-friendly lab to showcase how attackers can leverage common services to move laterally in an Azure environment. You'll get hands-on experience with Azure Key Vault and Storage tables, understand what made this attack path possible and how it could have been prevented.
Tags: AZURE, KEY VAULT, ENTRA ID, STORAGE TABLE
-
We created this beginner-friendly and hand-on lab to teach about Amazon Macie, and how this powerful service can be used to improve the security of deployed S3 buckets. The lab covers discovery of sensitive data as well as highlighting buckets that are world-readable and world-writable.
Tags: AWS, MACIE, S3
-
We created this beginner-friendly lab to teach about the potential dangers of S3 bucket versioning, if the admins have not sufficiently restricted who can access them, and about the dangers of inadequate data segregation and storing secrets in plain text fields. Advice on remediation is also included.
Tags: S3, Web, AWS, Versioning
-
We created this beginner-friendly lab to showcase how both attackers and defenders can use BloodHound and the AzureHound collector to better understand Azure environments and the potentially abusable relationships and attack paths that may exist. You'll get hands-on experience with BloodHound, as well as enumerating custom security attributes and virtual machine user data using the command line and the Azure portal.
Tags: azure, entra id, bloodhound, virtual machine
-
The lab introduces a fun scenario where our red team needs to access the secret algorithm of Mega Big Tech's social media app. Along the way you will learn how to abuse dynamic security group membership, and much more!
Tags: azure, sas token, dynamic group, administrative unit, key vault, github, CTF
-
We have created this beginner-friendly lab to showcase how how accidental commits to public git repositories can result in threat actors getting a foothold in a GCP environment. It introduces GCP services and moving laterally between them. It also provides an awareness of how this scenario could have been prevented.
Tags: gcp, iam, gitlab, cloud sql, secret manager, CTF
-
We created this beginner-friendly lab to showcase the GraphRunner Microsoft 365 post-exploitation toolset, and how it can be used to loot data from Exchange Online, Teams, SharePoint and OneDrive. You'll also get hands-on experience with MFASweep, PowerShell and Azure SQL Database.
Tags: azure, entra id, graphrunner, azure sql database, exchange, teams, sharepoint, onedrive, CTF
-
We created this fun and beginner-friendly lab to highlight how serverless apps are not immune to vulnerabilities affecting traditional web apps. It also showcases how a managed identity assigned to a compromised web app can be leveraged for lateral movement. We'll also learn how this scenario could have been mitigated.
Tags: azure, managed identity, app service, function app, sql injection, web
-
We created this beginner-friendly and hand-on lab to teach about Amazon Macie, and how this powerful service can be used to improve the security of deployed S3 buckets. The lab covers discovery of sensitive data as well as highlighting buckets that are world-readable and world-writable.
Tags: aws, macie, s3, CTF
Pwned Labs:
Your cloud security training ground
Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.