@imnothack3r

CloudGoat Walkthrough: How a Leaky SNS Topic Led to Total API Compromise

Aug 27, 2025 · 6 min read · Welcome to another deep dive into the world of cloud security with CloudGoat! Today, we're tackling the sns_secrets scenario. This lab is a fantastic, real-world example of how a seemingly minor misconfiguration in one service (AWS SNS) can be chaine...

CloudGoat Walkthrough: From Beanstalk Secrets to Admin

Aug 27, 2025 · 5 min read · Cloud security can feel like a black box, but labs like CloudGoat are fantastic for demystifying how attackers move through an AWS environment. Today, we're diving into the beanstalk_secrets scenario, a classic example of how a seemingly small miscon...

Exploiting BadSuccessor: Escalate Privileges from OU Write to Domain Admin in Windows Server 2025

Jul 24, 2025 · 8 min read · Windows Server 2025 brings a host of new features, including a new type of service account called the Delegated Managed Service Account (dMSA). Designed to improve security and management over traditional service accounts, this new feature ironically...

Step-by-Step Guide to Building an Automated SOC Lab for Security Alerts

Jul 16, 2025 · 15 min read · In the world of cybersecurity, theory can only take you so far. True understanding and skill come from hands-on experience—getting your hands dirty in a controlled environment where you can safely detonate malware, analyze attack patterns, and test y...

How to Build an Automated Cyber Threat Intelligence Bot Like VX-Underground

Jul 16, 2025 · 4 min read · Real-time security news & ransomware alerts in Discord & Telegram Introduction If you’ve been in the cybersecurity community for a while, chances are you’ve heard of VX-Underground. They’re a legendary group sharing malware samples, research, and th...