Cloud security folks!. If you're studying for an AWS, Microsoft or Google cloud security certification, did you know that @PwnedLabs has 30 FREE hands-on cloud security labs to supplement your learning?. That's over 40 hours real-world scenarios for red and blue - for free. Many

RT @vxunderground: Ohhhh, sneaky masquerading trick found in the wild and noted by @JAMESWT_WT. The Threat Actor replaces / with "ん", a Jap….

RT @IAMERICAbooted: 6 places I check when I'm reviewing a company's external footprint and tech stack to get a basic understanding of the a….

RT @PyroTek3: Active Directory computers should be reviewed about once a year. Old operating systems can hold back security progress like k….

RT @IAMERICAbooted: FYI: You can use Purview Content Search to search mailboxes across your org and see what's in the junk folders. You ca….

RT @_dirkjan: It's been almost a year since my last blog. So, here is a new one: Extending AD CS attack surface to the cloud with Intune….

RT @cyb3rops: Finally, some technical insight into CitrixBleed 2 (CVE-2025-5777). Very useful for anyone looking to detect signs of exploit….

RT @binaryz0ne: I’ve officially stepped away from my position at Champlain College & am now looking for new opportunities, in industry or a….

RT @_sigil: My RSAC virtual session is up! Catch "Persisting Unseen: Attacker Methods of Infesting Entra ID" here: .

RT @Hac10101: Automated Cloud Misconfiguration Testing — a tool to find misconfigs in GCP. Supports IAM, Cloud Run, App Engine, GCS, Compu….

RT @_sigil: 🕵️‍♀️ I'll be presenting "I SPy: Rethinking Entra ID research for new paths to Global Admin” at fwd:cloudsec June 30-July 1, al….

RT @Frichette_n: This is huge! AWS now requires specific claims in IAM role trust policies using OIDC for new/updated roles. This effective….

RT @brutecat: Leaking the phone number of any Google user.

RT @xbz0n: From no creds to Enterprise Admin: my new post shows how AD misconfigs can be chained for total domain control. No exploits need….

RT @infosec_au: IP whitelisting is fundamentally broken. At @assetnote, we've successfully bypassed network controls by routing traffic thr….

RT @Frichette_n: Interesting research from @permisosecurity on abusing differences in size limits and white space manipulation to hide IAM….

RT @AustinLarsen_: New Google Threat Intelligence Group (GTIG) research by @dub5p: PRC-nexus 🇨🇳 #APT41 is leveraging innovative tactics, in….

RT @vxunderground: Hahahahhahahaha . Unironically a good idea. It's so unbelievably stupid and it works. Depending on explorer layout, the….

RT @snovvcrash: Why're we still doing the Impacket thing when @skelsec's stuff is so sick?. (just kidding ofc, Impa….

RT @Hac10101: life update: working on some really cool security research work trying to find different ways to exploit gws to get into gcp,….

RT @Oddvarmoe: Interesting post about UDL and REG files by @KillSwitchX7.