astronaut
Logbook
Web Security • Research • CTF
Menu
Filtered View

Tag: #pwnedlabs

6 posts

Jun 03, 2026

GCP Beginner Path

Phase 6 notes: Google Cloud Storage exposure, hidden file discovery, SSRF, Gopher bypasses, metadata service access, and GCP initial access.

#gcp #cloud-security #google-cloud-storage #ssrf #metadata-service
research
Jun 01, 2026

Azure Beginner Path

Phase 5 notes: Azure Blob Storage exposure, Key Vault abuse, Storage Tables, Entra ID recon, AzureHound, BloodHound, Microsoft Graph, and M365 post-exploitation.

#azure #cloud-security #entra-id #bloodhound #microsoft-graph
research
May 29, 2026

AWS Detection + Blue Team

Phase 4 notes: AWS detection, CloudTrail analysis, Athena queries, Macie, Security Hub, Amazon Detective, and credential abuse response.

#aws #cloud-security #blue-team #cloudtrail #athena
research
May 25, 2026

AWS Privilege Escalation + Service Abuse

Phase 3 notes: privilege escalation paths, trust-policy abuse, and service-level exploitation across S3, IAM, Cognito, SQS, and Lambda.

#aws #cloud-security #privilege-escalation #iam #s3
research
May 23, 2026

Web-to-Cloud Attack Chains

Phase 2 notes: chaining web vulnerabilities into AWS credential theft, secret discovery, and cloud resource compromise.

#aws #cloud-security #web #ssrf #path-traversal
research
May 17, 2026

AWS Storage + IAM Foundation

Phase 1 notes: S3, IAM, account ID discovery, CloudTrail investigation, and exposure risks in EBS/RDS.

#aws #cloud-security #s3 #iam #cloudtrail
research