Jaime Polop

Presenting Malware World - available in HackTricks Tools! Now you can easily detect potentially malicious hosts on the internet from your browser using Malware World directly from malwareworld.com #hacktricks #tools #malware #threatintel #security #blacklists

If an untrusted PR runs in CI, attackers can steal tokens and push to trusted branches. We added a lab reproducing this AWS CodeBuild attack in HackTricks Training: hacktricks-training.com/courses/arte/ Check out the attack here: cloud.hacktricks.wiki/en/pentesting-…

🚨 CI/CD can become your attack surface. Wiz found an unanchored regex in AWS CodeBuild webhook filters that let attackers bypass PR trust checks and run code in privileged builds. One small CI misconfig → supply-chain compromise.

¡Ya se publicó la agenda RootedCON2026! Mi charla es el 7 de marzo, que ganas de que llegue el tremendo momento. #RootedCON #RootedCON2026

🛢️ Azure Cosmos DB is often seen as a secure, managed database, but misconfigured permissions can turn it into a privilege-escalation goldmine. Over-privileged identities may grant roles, extract account keys, or even abuse firewall rules to bypass network restrictions.

🌍 Expanded Language Support now available! All our course videos now include multilingual subtitles (ES, IT, PT, FR, DE, JP, CN, KR, GR, HI, PL) to support our students all over the world. If another language would help your learning, let us know! training.hacktricks.xyz

Presenting Blue-CloudPEASS - available in HackTricks Tools! Now you can easily assess the IAM configuration of AWS, GCP and Azure from your browser using the Blue-CloudPEASS tool directly from tools.hacktricks.wiki #hacktricks #tools #iam #cloud

🔓 AWS Lambda AWS Lambda lets you run code without managing servers, but misconfigurations can expose serious security risks and hidden attack paths. Lambda can be abused to run unauthorized code, expose secrets via environment variables, and move laterally across AWS services.

Learn more about how App Service misconfigurations can lead to privilege escalation here: #obtaining-scm-credentials--enabling-basic-authentication" target="_blank" rel="nofollow noopener">cloud.hacktricks.wiki/en/pentesting-… And get hands-on experience with the Azure Red Team Expert Certification (AzRTE): training.hacktricks.xyz/courses/azrte #Hacktricks #HacktricksTraining #Azure

Hidden risks in Azure App Services Azure App Services expose management and publishing interfaces that can grant deep access. With the right permissions or attackers could retrieve credentials enable SSH. Review roles, rotate profiles, and disable unused FTP/SCM.

Practice in our hands-on labs and learn more about these concepts with AWS Training Red Team Expert Certification - ARTE. Enroll now at training.hacktricks.xyz/courses/arte

ECR: what’s inside Docker images AWS ECR images can hide code, configs,even secrets & API keys. Pulling them may expose data. Scan images for vulns & secrets, enforce least privilege, and don't bake long-lived creds. Learn more at cloud.hacktricks.wiki/en/pentesting-…

Learn more about how workflows can lead to privilege escalation here: cloud.hacktricks.wiki/en/pentesting-… And get hands-on experience with the GCP Red Team Expert Certification (GRTE): training.hacktricks.xyz/courses/grte

GCP Workflows — what your orchestrations might reveal Over-priv or plaintext creds can leak secrets, hit other APIs, and enable lateral movement. Treat workflows as sensitive code: least privilege, no creds in params, use Secret Manager, watch audit logs & restrict deploy/modify.

ECR: what’s inside Docker images AWS ECR images can hide code, configs, even secrets & API keys. Pulling them may expose data. Scan images for vulns & secrets, enforce least privilege, and don't bake long-lived creds. Learn more at cloud.hacktricks.wiki/en/pentesting-…

RExpository List of 200+ regular expressions for sensitive data extraction: - usernames - IPs - emails - API Keys - Access Tokens - Hashes and others. jaimepolop.github.io/RExpository/ By Jaime Polop with @hacktricks_live

🔐 Just dropped: New AWS Upskill Challenge on @JustHackingHQ Learn AWS Security & the Shared Responsibility Model in a quick, hands-on, totally FREE challenge. ✔️ Key concepts ✔️ Practical steps ✔️ Fast quiz 👉 Join now: justhacking.com/uc/uc-aws-secu…

Early bird discount for AzRTE(Azure Red Team Expert) ends April 25! Learn Azure & EntraID hacking through hands-on labs at the best price: training.hacktricks.xyz/courses/azrte Prefer live? Check out our AWS & Azure hacking course at HackSpaceCon: hackspacecon.com/HackSpaceCon#/… #Azure #Hacking #Cloud

Exciting news: AzRTE (Azure Red Team Expert) is now in pre-release with an early bird discount! Don't miss your chance to get it at the best price. Prepare to boost your Azure & EntraID hacking skills! Check: training.hacktricks.xyz/courses/azrte #hacktricks #training #azure #entraid #hacking

☁️ Cloud Pentesting (AWS, GCP, Azure) ☁️ Tres días, tres nubes, un objetivo: dominar la seguridad en entornos cloud. Carlos Polop (@hacktricks_live), Jaime Polop (@PolopJaime) e Ignacio Domínguez te enseñarán a atacar y defender los tres gigantes: AWS, GCP & Azure. 📅 ¿Cuándo? 3, 4 y 5 de marzo ⏰ Horario: 09:00h - 20:00h 📍 ¿Dónde? Eurostarts i-Hotel Lo que aprenderás: 🔹 Día 1: AWS – Fundamentos, pentesting White Box & Black Box. 🔹 Día 2: GCP – Servicios clave, explotación y ataque Red Team. 🔹 Día 3: Azure – Enumeración, explotación y persistencia. 🔹 CTFs para poner a prueba lo aprendido en entornos ficticios. 🔹 Estrategias para seguir aprendiendo y perfeccionando tus habilidades. Tanto si estás empezando en seguridad cloud como si quieres llevar tu pentesting a otro nivel, este Bootcamp te dará herramientas reales para atacar y defender entornos cloud. 🔗 ¡Inscríbete ahora en nuestra página web! cfp.rootedcon.com 🚀 #rooted #rootedcon2025 #ciberseguridad #hacking #congreso #hacker