I compiled my penetration testing notes on a GitHub repo. You can find it here: github.com/0xd4y/Notes

The cloud_breach_s3 video regarding the CloudGoat scenario will be uploaded this week! It will cover metadata service remediations, how to be stealthy when pentesting AWS, and much more.

Just uploaded my GCP Penetration Testing Notes Part 2. You can find it here: My Website: 0xd4y.com/2022/10/24/GCP… GitHub: github.com/0xd4y/Notes/tr…

New video released! We go over how to mitigate an AWS metadata misconfiguration, how to exfiltrate credentials stealthily, and we look into the GuardDuty findings and CloudTrail logs to see what our activity looks like from a defender standpoint. youtube.com/watch?v=1MS0GP…

Just reached over 200 subscribers! I owe a big thanks to all of you! For those of you who are not familiar with my channel, in a nutshell I do hands-on penetration testing videos where I go into detail about my methodologies and show it in action. YouTube.com/@0xd4y

Just completed the Weather App challenge on HackTheBox. This challenge involves bypassing a 401 unauthorized error by exploiting an SSRF vulnerability via request splitting which allows you to perform an SQL injection by registering an account.

Here is how to escalate privileges in an AWS cloud environment: It was possible to obtain full control over this AWS account by creating an EC2 instance using a high-privileged instance profile. youtube.com/watch?v=wCKTko…

Want to see how threat actors pivot through an AWS environment? This is how it is done: youtube.com/watch?v=4ghLqw… #aws #cloudgoat #penetrationtesting

This video is a must see if any of the following topics interest you: 👉 Web application exploitation 👉 Escaping out of docker containers 👉 Container instance pivoting 👉 AWS security 👉 ECS Exploitation You can find the video here: youtube.com/watch?v=Dd-joQ… #docker #cloudgoat

Cloudgoat: rce_web_app is out! Two different ways are shown on how to gain access to the objective: the RDS instance. S3 misconfigurations and an RCE vulnerability in a web application are exploited. youtube.com/watch?v=Izs7BB…

And that's not all! There are 9 more perspectives from pros like Tim Connell, Gabrielle 💻🗝, and 0xd4y to help you level up your reporting. Explore insider tips from these 10 offensive security pros 👇 pentest-tools.com/blog/pentest-r…

So we asked 7 #offensivesecurity pros to share how they build trust at every step of an engagement: Matei Anthony Josephs Aaron Boyd Nis Peder Bonde spencer Alexei Skorov 0xd4y Adrian Iovita Check out their examples here: pentest-tools.com/blog/building-…