HackTricks

🎉 New HackTricks Bundles! 🎉 These bundles give you a 20% discount compared to getting each course on its own, so you get more for less! 1️⃣ Expert Bundle: Includes GRTE (GCP Red Team Expert) + ARTE (AWS Red Team Expert): Ideal for those ready to master advanced cloud security techniques in both AWS and GCP. (https://lnkd.in/dQHjHY_Y) 2️⃣ Apprentice Bundle: Includes GRTA (GCP Red Team Apprentice) + ARTA (AWS Red Team Apprentice): Perfect for beginners looking to build a strong foundation in cloud security. (https://lnkd.in/dnznqUvx) Take advantage of this opportunity to boost your skills with a HackTricks bundle (https://lnkd.in/dFRhr5TE)! #gcp #aws #hacking #hacktricks #training

🚨 GRTE Update & Discounts Alert! 🚨 We celebrate it with new discounts for GRTE. Comment and share it to get a 20% discount in our GRTE certification, but hurry, it’s only available to the first 10 people! Our new lesson on how to abuse Google Workspace Sync is up now. Furthermore we have updated our Cloud Functions laboratories, learn how to escalate Cloud functions via storage monitoring here https://lnkd.in/dixWgiBZ. If you’ve already purchased the cert, these lessons are waiting for you now! You can also learn some Cloud Functions cool hacking tricks in https://lnkd.in/dm_5e7qx and learn about Google workspace Sync in https://lnkd.in/dMYRjX-c. #aws #hacking #hacktricks #training

💥 Exploit DynamoDB with the AWS Red Team Expert Certification (ARTE) 💥 AWS DynamoDB is a NoSQL database service. Learn how to exploit insecure input validation within DynamoDB and access sensitive data with the AWS Training Red Team Expert Certification (ARTE - https://lnkd.in/dDBG37_z), and explore deeper DynamoDB injection strategies here https://lnkd.in/e7zA6NuN #aws #hacking #hacktricks #training

🔑 Breach AWS STS with the Red Team Expert Certification (ARTE) 🔑 STS (Security Token Service) a temporary security credentials provider. Learn how to use GitHub Actions to exploit STS services and compromise AWS accounts in the AWS Red Team Expert Certification (ARTE - https://lnkd.in/dDBG37_z), or take a look to the technique in https://lnkd.in/dnQRhYPJ . #aws #hacking #hacktricks #training

🚨 New Course Alert! 🚨 Excited to introduce HACKTRICKS GRTA: GCP Red Team Apprentice, the perfect starting point for mastering security in GCP and Google Workspace (https://lnkd.in/dSDRnywu). 👉 Learn about the GCP key services.  👉 Discover how to spot and exploit common misconfigurations. 👉 Increase your skills in hardening GCP environments. To celebrate it we have reduced the prices of both ARTA and GRTA the following month!! #CloudSecurity #RedTeam #GCP #Cybersecurity #GoogleWorkspace

🔒 Cloud Security Insight: Escalate from Bucket Access to Service Accounts Did you know that having read & write access to cloud storage buckets can allow you to escalate privileges to various cloud services and their associated principals, such as roles or service accounts? Many cloud services store source code in buckets, which is executed to generate containers. By monitoring these buckets for changes, an attacker could modify the code during updates, causing the cloud service to execute malicious code. Learn & practice cloud hacking techniques at https://lnkd.in/dFRhr5TE Examples: - GCP Cloud Functions: https://lnkd.in/d_rHs2Cn - GCP Composer DAGs: https://lnkd.in/dtkf66Jy - GCP App Engine: https://lnkd.in/drJ39WqY #cloud #hacking #hacktricks #training

ARTE has been updated again! Learn how to use and escalate privileges in Step Functions and put it into practice in the AWS Red Team Expert certification (https://lnkd.in/dDBG37_z) If you already pruchased the cert, you can access the new lesson! You can also learn some Step Functions cool hacking tricks in https://lnkd.in/eQbGxqGW #aws #hacking #hacktricks #training #hacktrickstraining

Setting arbitrary environment variables can get RCE in most scripting languages! Some cloud services allow to modify env variables and you can: - Escalate privileges to roles or service accounts without typical permissions to access them (e.g. https://shorturl.at/ziMvo) - Execute code in unexpected places, such as GCP Composer’s DAG processor, triggerer, workers, and webserver (already fixed) Learn and practice these and other hacking techniques at training.hacktricks.xyz and cloud.hacktricks.xyz. #cloud #hacking #hacktricks #training

First independent review of the newest HackTricks Training certification GRTE about security in GCP and Google Workspace. Thank you Hector Ruiz Ruiz! #gcp #hacking #security #hacktricks #training

2 new lessons about (ab)using GCP Cloud Scheduler and Workflows were released in GRTE certification (https://lnkd.in/dixWgiBZ) If you already got access to it you can check them, if not, you can get access to the certification and you will also have access to all the updates in the future! You can also take a glance to these GCP service from a offensive security perspective in: - https://lnkd.in/dPsVyKux - https://lnkd.in/dypgQnxH #gcp #hacking #hacktricks #training