#public-training

The day has finally arrived! HackTricks ARTE (AWS Red Team Expert) cert is now available at https://training.hacktricks.xyz/ !
We've opened 100 spots with an early bird discount, don't miss yours!

@modest elbow Is there dedicate channel for people who registered?

When I asked this yesterday he told me it was this channel.

@modest elbow Access Key/Secret Access Key not showing up in the IAM labs section as shown in the Labs presentation. Where do we get the creds to access the labs if they're not showing near the lab exercises below the video?

I've also raised a ticket for the same thing - hoping its a simple fix

Awesome, thank you. How do we submit tickets?

there's a training support channel

#training-support

also if you add your discord handle (check as some start with a period) from here into your profile on the training website it will give you access to the #arte-general channel as well

@reef orbit See above ^

How to contact support or ask technical questions in a training.
If you have an active course, you can can go to your user profile in https://training.hacktricks.xyz/profile and add your Discord handle. This will add you to a new role in this server where you will be able to find new channels to open support tickets or ask questions.

Asking here since I guess this is a common question for the whole training platform: Is there any way to get a full invoice for the voucher payment? After I bought mine, I got the quick receipt via email, but I see nothing else. Maybe I missed something?

Thanks for asking! We have just added this option, however it's only valid for new purchases. If you already bought the voucher, just open a ticket and we will generate one manually for you

need quick help, if you know there is attached policy for specific user and want to check what exactly that policy looks like via CLI how should we check this?

Also how do we know user has iam:SetDefaultPolicyVersion permissions...

am able to see the policy name, using versions you can check version as well, but whats inside that policy? how do we check

There's no need, ever, to cross-post a question

i thought it be wrong group 😉 hence posted twice

So you delete it from the channel where it's irrelevant, and keep it in the one where it is

done .

You should have enough permissions to see what is inside your policies in (almost) every lab. This way you know what you can exploit.
You might not bee able in specific ones like the BlackBox one, as it's intended to be more "realistic".
Please open a support ticket if you find some lab where you cannot see this information!

Hey, just making sure, if I signed up now, I'd get access to labs immediately right?

I still see the first 100 haven't signed up but want to make sure that if I paid, I wouldn't get put on a wiatlist

@modest elbow

I'd like to begin right away!

Hey!
Not exactly, you can buy a voucher now with the discount and use it whenever you want (right away or next month for example)
There is no waitlist at the moment

oh perfect!!!

Pays immediately.

❤️

I have to mention, HackTricks has been an amazing educational resource for me, I think what you're doing is fantastic

Also, do you have some time for a quick DM?

I have a couple questions regarding something that I would prefer to keep off the public channel

Not about HackTricks

thanks mate, sure. About the dm sure, send it

Hi @modest elbow ! I am considering to purchase the course and looking to clear a couple of doubts I have.

1. Do I get lifetime access to the course materials or the contents will it be limited to a certain time?
2. If lifetime access is provided, will any future updates be included in the purchase as well?
3. (Eventhough this is kinda answered in previous post) If I get the course now, can I start my lab after new year? I won't be able to start the labs now as I am focussing on a different cert atm.

Please let me know. Thanks in advance!

Hi @empty topaz

1. Access to the videos and slider is lifetime. Access to labs is not, purchasing the course grants access for 45 days. It is possible to purchase extra lab time (15, 30 or 90 days)
2. Updates to correct things that change in the future will be included. However, there will be no new material added (like other services)
3. You can purchase the course now with the early bird discount and activate it in the next 365 days. Once the course is activated the lab does start automatically. So only activate the course when you are ready to start the lab
   Let us know if you have any other questions

Thank you for your response! #purchased

Thanks! Let us know how you find it

Hey guys, so far I'm loving the course! Quick question, for the EC2 labs, are the instances up when the lab is running?

Once the lab says provisioned everything is running 24/7 (this might change in the future). Also for lab questions the #arte-general channel is more appropriate

How do I get access to that channel

If you bought the course and activated it you can go to your profile page in the training platform and update your discord handle. You will automatically be added to the ARTE channels

Hi @modest elbow @glacial kelp I bought the ARTE training course and started it yesterday, I also added my discord handle to my profile, but I wasn't added to the ARTE channels just yet. Could you please check if there are any issue? Thank you

Looking into it

looks like your discord handle in the platform is set to a weird number it should be gelbezitrone

just modified, thank you

Hello,
I purchased ARTE training and added my discord handle to my profile, however, I am not added to the channel. Could you please help me with that?
Thank you

@limber sand ensure.you are putting ayaka_81050

Now I am added to the group, thank you!

Afternoon everybody! Quick question regarding the extra credit for the ARTE class. Does the pull request have to be specifically about AWS, or can it be about other cloud environments like Azure or even Digital Ocean?

Yes, the goal os to show your expertise in AWS to reduce 1 flag.
Ince we realease courses for other clouds we will do the same with them

I understand, thank you! Is there a timeline on when those other courses are released?

We are expecting to release GCP and Azure this year.
In any case feel free to send the PR if you want and remind us to apply the flag reduction in the future whenever you do the course!

Hi @carlospolop @glacial kelp I bought the ARTE training course and started it yesterday, I also added my discord handle to my profile, but I wasn't added to the ARTE channels just yet. Could you please check if there are any issue? Thank you

Hi I see in the DB you set the discord handle with the #xxxx try without it. If that does not work try moose_enthusiast I'm not sure now what discord's API recognises as your username

How perfect! I came here to ask the same question on it! Will be eagerly waiting for the Azure and GCP ones!

Hey all! Curious how the ARTE course has been for those taking it. I’m currently doing the AWS CloudBreach course

Hey all, I just finished the HackTricks ARTE exam.
This was a great course and exam, OSCP style (despite a small reset issue at the beginning, quickly addressed by congon4tor).
Really great course, good instructional up-to-date content in the videos, written documentation via Cloud HackTricks, linked resources to original research, great exercises with cool flag system.
I've done a ton of remote trainings (OSCP, OSCE, CRTO, SANS courses etc; I'm holding 17 certs) - including the ones from Altered Security for offensive stuff in on-prem AD and Azure as well as as CloudBreach's AWS and Azure courses. CloudBreach pales in comparison. ARTE was hands down one of my best training experiences. Already am recommending this to my colleagues. 10/10

I was wondering about CloudBreach.

That one you have to like set the labs up yourself with their terraform files right?

No, you don't have to provision anything in your own account, but are on shared infrastructure. It is a good course with one nice, clear attack path detailed in a single PDF document, but really a different experience compared to ARTE in breadth and depth, with your own big lab environment here.

Oh cool, yeah, with ARTE so far (I am just past beanstalk and onto codebuild) I've learned about so many different attack paths, and based on my prior knowledge of AWS exploitation it's only expanded into even more and I already knew how like compromising EC2 can lead to access of a lot of different services and stuff, but like had no clue about a bunch of these other services.

So like, now with that expanded knowledge, I feel like I am more prepared to tackle more elaborate AWS environments, and better yet, even environments of which there aren't labs in ARTE for because of how well documented https://cloud.hacktricks.xyz/ is.

I know I can just go there and research how to enumerate the service, I can also go to AWS's website do some research there, and find out what I can achieve through it.

or replace the instance profile of the compromised instance (ec2:ReplaceIamInstanceProfileAssociation). *

aws ec2 replace-iam-instance-profile-association --iam-instance-profile <value> --association-id <value>
``` There is a error. The right query is :--iam-instance-profile Name=<value>

@modest elbow @glacial kelp

What is this about looks like your message is missing a first part?

@glacial kelp https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ec2-privesc#iam-passrole-ec2-associateiaminstanceprofile-and-ec2-disassociateiaminstanceprofile-or-or-ec2-replac At this url

Fixed! Thanks!

Anyone had trouble connecting to their RDS instance after launching it in rds-lab-2?

I set it to --publically-available and verifed that the instance is running

I figured it might be a security group issue but I can't ping

It is highly likely a SG issue

got the flag 😎

@everyone Friendly reminder that today is the last day of the early bird discount for the HackTricks AWS Red Team Expert cert! You can get a voucher today and redeem it within a year! More info in training.hacktricks.xyz

Did anyone else get a 502 bad gateway after uploading their app on the Elastic Beanstalk lab?

Did you solve this? my guess is the service was not ready yet or it was failing to start

I ended up resetting the lab. Going to give it another shot later today

hi, I just entered the ARTE training. Is there a private channel for that? Sorry, I never used Discord before.

Yes! In you account settings https://training.hacktricks.xyz/profile set you discord handle and you will get access to the arte-general channel

It's weird because I tried reuploading literally the same thing I had pulled down with the exception of just adding a comment and it totally just throws 502

If you think something is broken feel free to open a ticket

I did that already. But then what?

In your case your discord handle is michael_45127 once you add that to your profile and save you will automatically get added to the correct discord role

thank you

Will there be an Azure training similar to ARTE in the future?

yes! We expect to release GCP and Azure this year

Hello I have sent an email to support about the AWS Red Team Expert labs, one of them seems to be broken.

Also, is there any consideration to give us a 60-day lab time? This would give us a chance to a complete 1 lab a day instead of 2 labs a day which is very demanding for people who are employed.

This would also leave people time to research the video contents. Please deeply consider this.

Hey @silent rune do you have access to the arte-general and training support channels? You might need to add your discord handle to your account in our website (in the profile page). There you can open a ticket so we can better assist you with any lab issues

Regarding extending the lab duration we are not able to cover the cost of the labs for 60 days without raising the price. For this reason we think it makes more sense to keep the certification cheaper with 45 days and in case people need it they can extend 15, 30 or 90 days.
I wouldn't think of x labs a day as a goal since there are labs that can be done in 10 minutes and others that will take multiple hours to figure out.

But we appreciate the feedback. We give a feedback form at the end of the certification so looking forward to seeing you opinions

Thank you, I will look for that. 🙂

@glacial kelp I added my handle to the profile section. I may need to open another ticket

I've been thinking about the issue you raised about lab costs. What if you start with the cheaper labs (like IAM, S3, Security Groups) and save the pricier EC2, RDS, DynamoDB labs for a separate provisioning cycle (like a part 2 of the course), making them on-demand..?

This way, we keep initial costs down and only use resources when needed, potentially extending lab access without a big price hike. It could balance cost management with a solid learning curve, offering flexibility for those needing more time. Thoughts?

I've been working on something along those lines. Still in early experimental phase

Why change the whole course for one person? I and many others think it's just fine the way it is. Having access to all the labs from day one is actually better for learning due to a process called interleaving and spaced repetition. So, if you limit it and break it into two courses that would be shitty overall experience simply because you don't want to spend some time on the weekends, and at night doing the labs. Not to mention you literally just started, so you don't even know how long it will take you @silent rune . Why not try it first before you complain and ask for changes?

I respectfully would like to respond to this:

"Why change the whole course for one person?"

• While I agree, you shouldn't change the whole course for 1 individual. I'm the only person that "you" saw raise this problem. To write off my entire suggest as I'm the only person is not a fair judgement.

"I and many others think it's just fine the way it is."

• You've not backed this claim with any data, it's an opinion you have. A more proper response would be to have a poll.

"break it into two courses that would be shitty overall experience simply because you don't want to spend some time on the weekends"

• This is very narrow minded. You can simply provision the second part at the start, it would just have a stricter timebound like 30-45 days or something, where as the other labs could be provisioned longer because they are simply cheaper to keep provisioned from a cost point a view. The couse would not degrade in quality. I think you misunderstood my suggestion.

"Not to mention you literally just started"

• 20/50 flags captured so far. I'm about half way through. But again, this doesn't discredit my suggestion as not being beneficial or breaking the course in anyway.

"Why not try it first before you complain and ask for changes"

• Your comment is highly offensive and doesn't take into my perspective. I'd like to share that I am "trying it" and I do enjoy the content. Furthermore, it's difficult to juggle full-time security work and still complete all the labs. I work 40 hours a week for a security firm, I usually need to devote my free time on the weekends to cover the labs I missed during the week.

While I’ve purchased but not started the course yet, it sounds like @glacial kelp point was the lab would be too expensive to keep running for >45 days without raising the price. One way to reduce the infra cost is only spin up the infrastructure needed for the lab. Example, when lab one starts, it provisions lab one infra. When the flag is found it’s deprovisoned. In theory this could allow the course to remain the same price but extend the duration. Or the course authors could just keep the extra money 🤷🏻‍♂️

Guys, we are optimizing the labs so no worries about this. Labs will always be available from day 1 and the quality won't be affected

This is a valid and good suggestion as well. I agree.

Thank you. And we appreciate everything you do! This is only initial feedback, not poor reviews or anything. Keep doing great work, friend.

Also once the exam is passed we share a feedback form to collect opinions and ensure we keep improving as much as possible

totally stuck on blackbox-lab-1. ||When I simulate the group permissions I get nothing back. After adding my user to the group I get back the same permissions I had before when re-simulating.||

Blaclbox1

I respectfully would like to respond to

@modest elbow @glacial kelp hi ! do you know when the course on gcp will be available?

No official ETA yet, but it is in development probably before summer (or even sooner) but no promises

ok thx

hey, I'm just stucked on that way

I modified the database, the status is "active" but postgress seems not accessible

From ec2 instance on lab2 psql is not installed but with nc i am able to get a reply. How do you managed to get the access? seems like sg is denying trafic from public but not from vpc

nvm, got it ||ec2 has internet access, just download psql binary and there we go||

Hey guys with @hardy canyon we wrote a review of the certification for those who are interested ⬇️
https://www.hackcyom.com/2024/02/arte-review/

Thank you for writing this I appreciate the feedback

what is this channel?

For people that have purchased the certification they can access some other channels

what certification?

Our hacktricks training AWS Red Team Expert

Hi all im unable to solve the sts lab 2. I am specifically stuck at running the github workflow where im getting errors unrelated to the lab.
Do we require aws as well?- tried referencing it including my aws arn
Any support would be appreciated

You only require a github account, check github docs on how to connect to aws from github actions using oidc

Thanks!

I am a noob, doing a challenge and have a png file; trying to learn from output of zsteg -all xyz.png am stuck, anyone who can help?

hey friends, someone can help me with some doubts with iam lab?

Please ask away (aviously try to keep spoiler free) and someone will try to help you

You should also have access to the #arte-general channel if you bought the course and configured your discord username in your profile in our website

Do we have a rough timeline for this?

I can't wait to do the Azure and GCP trainings

GCP + Workspace before summer and Azure+EntraID before the end of the year hopefully!

Friends, good evening! Who can help and sort out 2.2 STS - Security Token Service: Github Actions?

Watch it

?

does ARTE have a written component in tandem with the videos?

slides yes

cool, are they comprehensive to stand on their own?

Yes, but the videos clarify everything, once you pay the course you have the content for ever, so I don't see why not to watch the videos

I recomend it

i absorb information better reading. not that i won't watch the videos, i just like having reference text. thanks!

probably going to give it a whirl

The cool thing about the videos is that you have examples of carlos creating / configuring / exploiting services, that you may not bee able without an AWS account.

As Slayer explained almost all videos have demos not represented in the slides

gotcha

thx

Hello, I added my discord handler to my hacktricks profile but I still don't have access to the training channel, can someone help?

Hey! @icy jewel how did you spell it? Discord is case sensitive for this... I believe you need to set it to tartof

Thanks for your answer, it works now !

hey @modest elbow I'm looking to do the ARTE when I have some time - do you have a timescale for the Azure version (I belive there was mention of Azure and GCP versions potentially)

We are expecting to release the GCP one in June and the Azure one at the end of the year!

https://blog.projectdiscovery.io/aws-cloud-security-config-review-using-nuclei-templates/

Interesting 😎

A lot of checks are going to be automated with nuclei now I guess

Powerfull integration

Interesting nuclei took the time to do this. I thought they were more bug bounty related than for whitebox pentests. They don't have too many checks right now compared to prowler or steampipe but they will add more probably

I guess the good templates will be custom by the people like always

I hope they add cognito templates

It's also my favorite exploit

I found an 0day in a hack cracking platform by coalfire.

Based on Carlos's teachings!

Super exciting to have found that

🔥

https://x.com/lauramaywendel/status/1785064878643843085?s=46&t=ed0UUwnQE8skl71qjTa5PQ

Interesting

😂😂😂

Now, AWS came out and stated that they will change the pricing model! Time to run your sites behind custom 4xx pages to get massive discounts! (Not mine, found it somewhere on my Twitter feed)

I can't deploy "github actions" in STS module, though other sub modules are successfully deployed.

<@&937047799441268746> Please help check it

@tame knoll I will notify it thanks

Thx

Hey @tame knoll can you open a support ticket? You will need to add your discord handle to your profile in the website

Sure, will do

I have a question about sql injection wargame, can anyone take a question?

@everyone Discover Hacktricks Training AWS Red Team Expert Certification with John Hammond and Ignacio in https://buff.ly/4bllq3i

Still on track for this @modest elbow ?

tight schedule but still on track!

@everyone
The best hacking course & cert in GCP and Workspace is coming to HackTricks Training!

Learn from the basics (organization hierarchy, permissions...) to expert level (how to escalate privileges, remain undetected, pivot between GCP and Workspace...) in the htGRTE course and certification (GCP Red Team Expert).

Soon we will be releasing the presale with an amazing early bird discount!

ohhhhhhhhhhhhhhhhhhhhhhhhh snap

nice

I'm so glad I've been here from the beginning to see how things are progressing, you're killing it @modest elbow and @glacial kelp !

https://tenor.com/view/guy-slamming-card-on-table-gif-21126320

Take my moneyyyyyyyyy

I AM EXCITED!!

Preparing myself to first blood the GRTE cert exam! 🔥

inb4u

Are there any cool attacks you can do if you only have a Google project ID? I keep finding these in mobile penetration tests that I do as a result of firebase db installations from the app. Being able to leverage that into an attack would be slick

Not directly, but there are some resources that can be publicly exposed and you need to know the project id to bruteforce potential names. So the project ID is useful to find other potentially vulnerable resources (there will be some labs about this in the new cert)

Any timeline for Azure (MARTE!!!??? :D) ?

hopefully for the end of the year

@everyone for those in Barcelona and interested there's a CTF game based on a 0day and serverless cloud environments within aws this Saturday 1.
It's free and there will be prices for the winners!

More info:
https://www.meetup.com/es-ES/hackingcybersecurity/events/300898931/?notificationId=1369556153578446848
https://www.meetup.com/es-ES/serverless-barcelona/events/300898832/

👋 hi…what are the charges for lab extension if needed

I am in a full time job with limited time each day…do you think typically 60 days is more than sufficient or is that a chase to finish the course and labs

Additionally, if I take the course which is for life and at any point I just want to do the labs, is that possible without repurchasing the course but only the labs…also any new updates to the labs will be automatically also available to everyone that bought previously …is that right?

This is for ARTE and do we get a certification badge that can be verified by the employers

Last question 😅…are we taught any stealth and bypass in the course as well

Yes you do get a badge from either Credly or Accredible

Yes you are taught stealth techniques

Lab extension prices are on their website. 🙂

Ok..thanks a ton

Looking forward to get started…planning to start end of June

I read there is no badge..but instead a document with QR code

Yes on completion of the exam you get a pdf certificate with a qr code that can be used to verify in our website

Thnx

And can I buy the course today but go through the document and videos first and start the lab 2 weeks later…I think it’s not possible but just trying my luck

And can you also confirm if there’s any update or new topic added then that will also be covered under life time access to the course material ?

Unfortunately that is not possible lab time starts at the time you activate the course voucher

This is the case for videos and slides. Which we do update if behaviours change in AWS. For new labs if your lab time has expired you would need to buy lab time in order to do new labs

Ok 👍

Thnx

Hi @everyone ! The presale of HT GCP Red Team Expert (GRTE) is finally here!
Become a GCP and Google Workspace security expert by getting access to this certification with the early bird discount!

More information at https://training.hacktricks.xyz/courses/grte

(The certification is expected to be released with all the content and labs on July 22nd)

Nice

activate it at any point in the next year
this is nice

@modest elbow how long is the early bird offer valid for

We haven't decided yet, but potentially for the first 70 students getting it or so

When will the presale start?

It is already available

oh wattt

This is what it says when you try to purchase now

I see the same thing, that's why I asked too.

Hi Carlos, are you planning to give discounts at ARTE on the occasion of GRTE? I missed the first sale and it's a little over my budget so I've been waiting for a sale for a while.

Deploying a fix now it was set so only admins could purchase (for our testing) and I forgot to undo that

let us know when we can buy ❤️

July 22nd here we come baby 🏎️

Should be good now

damn I've having that stupid issue with international purchases again 😐

Is it possible to get student discount in early access voucher?

Moreover, do you have some plans for people who would like to buy ARTE + GRTE? @modest elbow

yep

Are there discounts for students?

Yes there are! Create an account using your universities email address, then send us an email from that email address to training-support@hacktricks.xyz asking for the discount and indicating a link to your linkedin and we will send you a 20% discount.

Yeah, I have seen that earlier but wondering if it also applies for early access

atm we have the discount HACKERMATE enabled with a 20% discount on ARTE thanks to the influencer hackermate

It's not possible to use several discounts at once, either early bird or other discounts.
And we have special discounts if several vouchers are bought in bulk (usually by companies). We might considder adding special packs in the future, but the early bird discount is the biggest discount we give, so atm it doesn0t make sense to create more discounts for GRTE

Any plans of issuing badges via badger or Credly?

We would like to do something like this in the future but have struggled to find the time to investigate what the best provider would be for us

Accredible or Credly seem to be the move for most businesses atm.

Both are above the pricepoint that makes sense for us at our scale. I'm adding a button in the certificates table that simplifies adding the cert to linkedin profiles

Hopefully that is good enough for the time being

@steady sentinel If you go to https://training.hacktricks.xyz/certificates you should see a new linkedin button which will take you to a prefilled form to add the certificate to your linkedin profile. You can add the PDF as Media and it should look pretty nice

Hi @glacial kelp @modest elbow, if I buy the ARTE voucher now, when should I activate it at the latest?

All vouchers have a 1 year expiration

Hey there @glacial kelp ! Super interested in the ARTE training. Is it possible to do a payment plan or installments for the voucher?

Hey, currently we are not able to support payment plans. We do have some student discounts if that helps

Hi all, I have trouble with provisioning the lab for AWS-Lambda, I have tried to rest the lab with no luck . Anyone can can help please.

Have you tried reseting the lab for that specific lesson or the entire lab account from the dashboard. Feel free to open a support ticket

I'll try the entire lab now - Thanks

I have problem on EC2 Labs, i configure aws:

aws iam list-users
{
"Users": [
{
"Path": "/",
"UserName": "ec2-......
[SNIP]
......

everything is good, but when i do:

aws ec2 describe-instances

Could not connect to the endpoint URL: "https://ec2.us-east1.amazonaws.com/"

What I'm missing? :/

look at what your policy allows

aws iam list-attached-user-policies --user-name <username> #this flag might be wrong?
aws iam get-policy-version v1 --policy-name <policy-arn>```

you may only be able to describe some instances

hi mates, just bought voucher for GRTE, am i right that it will be available after release on 22nd of July?

Yes! You will be able to redeem it from the 22nd of July and start the cert

Hi everyone, GRTE finally starts tomorrow, we are looking forward to it 🎉 Are you guys planning to do Azure RTE in the near future?

GRTE starts 22 of July not June, still 30 days to go

ok, thx)

But we are really happy with how it is turning out I think it is going to be great

If it's anything like ARTE it'll be fantastic

And hopefully teach me what I can do with all these keys for google projects I keep finding on pentests 😂

Hi, you give me an invoice when I purchase the training, right?

Yes, you receive an email from stripe with a link to download the invoice

Hey @modest elbow @glacial kelp, today, I bought ARTE but ran into a small problem. I have contacted training-support@hacktricks.xyz via email. I would be grateful for any assistance you can provide

Hey I'll DM you

Hello @modest elbow I am buying the voucher soon for expert aws cert, I have a couple questions kindly, 1. how long does each lab take per day, 2. is the exam guided (meaning that despite being black box, are there directions to what to exploit or to find?) 3. can i buy the voucher now and begin in few months?
Thank you

@glacial kelp eagerly waiting for your response :^)

Hey 👋,

1. Lab completion time depends a lot on your experience and also what labs. There are some that I expect most people will solve within 15 minutes and others I expect even experienced people to take a few hours. There are 50 of them and they are very varied in difficulty.
2. The exam has very minimal directions. You get a url and work from there to get 3 different flags. It is designed so that if you have worked through the labs you should be able to pass. We have 3 blackbox labs specifically to prepare you for the style of the exam.
3. The voucher is valid for 1 year from the day of purchase. And they once you activate it you have another year to schedule your exam

Beautiful, thank you ❤️

@glacial kelp purchased, added discord id, will discord access be given shortly or only once the voucher has been activated?

Only when the voucher is activated

@everyone
ARTE (https://training.hacktricks.xyz/courses/arte) cert was just updated with new techniques in the Black Box (Red Team) and CloudTrail sections and a new Black Box lab was released!
Get it with a 20% discount using the "SUMMERTRAINING" code before the 1st of August.

If you already bought it, you have lifetime access to these updates. Go to those sections and check the updated slides and videos!

https://tenor.com/view/so-hot-right-now-trending-meme-zoolander-this-is-epic-gif-26091622

https://tenor.com/view/whatever-little-girl-drinking-too-cool-chilling-yeah-whatever-gif-27534207

excellent lab, thanks guys. It broke my brain for a long time.

@glacial kelp please note I DM'd you about voucher questions further, about to activate it. kindly when you have a moment to get to it

T-15 DAYS UNTIL GRTE LAUNCH

🔐 Calling All Cyber Enthusiasts! 🔐

Are you passionate about cybersecurity? Eager to stay ahead of the digital curve? Look no further! Join our exclusive WhatsApp group where we share top-notch resources, insightful content, and cutting-edge techniques to keep your skills razor-sharp. 🚀

Whether you’re a seasoned pro or just starting your cybersecurity journey, this community is for you. Let’s learn, collaborate and elevate our skills together! 💻🔍🔒

join this invite link https://chat.whatsapp.com/J8HVeSEPDUR2gaE5NB4OoM Let’s fortify our knowledge and build a stronger, more secure digital wor

When I purchase the ARTE training, does the course start immediately or do I get to choose a start date? Thx

Once you buy it you will receive a voucher. That voucher can be redeemed any time within 1 year and once you redeem it the countdown will start!!!

SWEET DEAL!! Thanks!!

Wanna know if GRTE is worth to take it???

I'm definitely going to take ARTE, but I don't know how big the market size is for Google Cloud

Well

AWS, Azure and GCP take up like 90% (made up number, probably accurate) of the market share, so by preparing yourself for all three environments, you are then ready to handle assessments that many people just don't know how to do.

Good way to put it.

The GRTE cert is no only about GCP but also about Google Workspace which is one of the most used identity providers. And the companies that use Google Workspace tends to use GCP sooner or later just because it's easier. So even though it's just the hird biggest cloud provider, I find it being used pretty frequently (specially combined with AWS)

Combined market share is 67% in total, and GCP makes up 10%, so it's like half of Azure and 1/3rd of AWS.

So yeah it's pretty common, especially if you think about how often you see AWS and Azure nowadays.

And the multi-cloud / hybrid environments are increasingly more common as well

Thank you very much for the information. Im tend to be very new to the cloud but I found cloud hacking very interesting. Definitely going to get both bro.

💯

Yeah plus it's fun to learn new stuff 😄

To join the arte traning private group, do I have to purchase the course first

yes

thank you very much

T-Minus Monday GRTE

https://tenor.com/qptoQrMAbJB.gif

T-M 24 HRs!!!

Hi,
There is a CORS error that prevents watching videos in the GRTE course.

I'll fix it in a bit sorry

This is resolved now

Lets go @everyone !! GRTE - GCP Red Team Expert- certification is finally live!
Get it with the early bird discount while it last!
And good luck to everybody that is trying to get first bloods of the labs and exam!
https://training.hacktricks.xyz/courses/grte

799€ which is wayyy more out of my budget.

Sry to hear that! But that will be the minimum price for a completely guided certification on hacking GCP and GWorkspace including novel techniques and tens of labs to practice!

Yh I know. 🥲

Got mine already! Also this time it was super easy to download the invoice :). I'm excited to start the labs in Aug 🚀

Anyone else having trouble deploying the lambda lab in ARTE?

If you get errors deployong labs try resetting your entire environment from the dashboard

Resetting the lab is triggering errors.

This occurred after the second deployment of the labs failed.

I was getting unable to deploy project/topic labs or somehting like that, reset my whole lab and it then failed.

second lab reset today and the deployment once again failed just now 😐

Fixed it for you but still investigating the root cause if anyone else has any issues please open a ticket

Found the root cause the lab destruction deletes that resource when it should not

Shold be fixed now. Please reopen a ticket if you find any issues

Hello. I'm stacked on "sts:GetFederationToken". I'm setting credentials to default profile and using custom script. But, Im getting eoor for accessdenied. Is there any change I shoud make the script?
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-post-exploitation/aws-sts-post-exploitation#from-iam-creds-to-console

This question would be better suited for the #arte-general channel if you don't have access you will need to set your discord handle in the profile page in training.hacktricks.xyz

got it. thanks

Hi

GRTE labs - iam section, got multiple issue while trying start up the lab, after couple of lab restart it start working, now do not have possibility to extend lab time due to error, could You check it:

Hi, we are aware of this issue and are looking into it. The IAM lab should now be fixed.
For future occasions this would probably fit better in the #grte-general channel. If you don't have access you will need to add your discord handle in your profile page in the training platform

Do you mind moving this message to the #grte-general channel please

done

<@&1128840997581889586> <@&937047799441268746>

thx

i have a problem with one challenge on EC2
is there someone to help?

Do you have access to the #arte-general channel? If not you can configure your discord handle in the profile page in the hacktricks website and you will automatically be added to that channel

Hi guys!
@SoteriaSecurity is looking for a Senior Offensive Security Consultant (Cloud Pentester) valuing the HackTricks Training ARTE (AWS Red Team Expert) certification as a plus to access the role!

More info about the role in https://ats.rippling.com/en-GB/soteria/jobs/e6251998-dea0-41ab-a13e-e718e1591136

If your company is looking for Cloud Security engineers contact us and we will help you find them!

Anybody have experience with wix4? The example from the website is using the old wix3 https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix. I have wix4 working, able to do update info, icons, banner, add shortcut. I'm struggling to add a new dialog to install prompt for msi to have checkbox for desktop shortcut.

You might get a better response in #hacktricks

@modest elbow when are we getting ARTE/GRTE energy drinks?? 😂

Hahahaha that would be great

And why are you only arta-certified 😂😂😂

It’d be awesome merch! People could buy them prior to exam to get exam-passing superpowers! 🦸

We would love to create it. But we have no contacts to do so hahaha

https://www.diybeverages.com/

Hahahaha I'll take a look and let you know

I got AWS Red Team Apprentice certificate 🤞
thanks for your support @modest elbow @jimmy
I just posted on LinkedIn and recommended amazing courses and labs to others
https://www.linkedin.com/posts/mohammadhosseinnamadi_aws-pentesting-hacktricks-activity-7228309612368658433-eGTJ?utm_source=share&utm_medium=member_desktop

Now is time for ARTE 😎

Just got an offer from Coalfire's AWS team! Couldn't have done it without @modest elbow, @glacial kelp and the HackTricks team!

ARTE definitely leveled me up to where I needed to be in order to crush their interviews!

Thanks for your words mate! Happy to have helped!!

Great!!!

Congratulations

Hahaha, I founded that team. Congratz!

A fun killchain that isn't talked about anywhere on Hacktricks is attack AppSync GQL. Lots of devs are lazy and directly inject the temporary API keys into javascript (AWS gives them a maximum life of a couple weeks to prevent this, but people do it anyway). The API key is always fully privileged, so all data is readable.

Less fruitful but just as fun is using Cognito credentials to reach into GQL. Fine grained access control for Cognito+AppSync GQL is really hard, and if they don't use AWS WAF to prevent introspection queries, you can read the entire schema and query whatever you want.

I built a tool a few years ago that makes exploitation pretty easy under the right circumstances: https://github.com/c6fc/countersync

That's awesome!! I don't know if you're still there! But I actually wasn't able to take that offer due it being kind of a low offer and also due to legal's extremely restrictive contract language but it's always cool to know that know that I got the chops now! ❤️

If you're doing the ARTE, put in a PR to HackTricks and you'll get extra credit!

Congrats

Coalfire has been paying less and less it seems

this is correct email to ask about student discount: training-support@hacktricks.xyz?

Yep

Thanks really appreciate this course. There’s is not much training like this out there and new fedramp guidelines require a red team but most people are not teaching cloud red team skills.

Thats exactly why we created it👌

what is the cost for lab extension?

Yeah I actually just breached an AWS environment and significantly escalated as a result of my training here!

It depends on the number of days you would like to purchase

Anyone aware of any configuration mapping tools similar to bloodhound/azurehound but for aws and gcp?

First GRTE Certified!. 🎉

Awesome GRTE journey, I recommend it to anyone interested on GCLOUD, you are not going to find nothing similar to the Hacktricks training course out there!.

https://c.tenor.com/fJh-W38iA3oAAAAM/dance-kid.gif

Congratulations 👏👏

Congrats!!!

In GCP it's possible to find your permissions with the testIamPermissions API even if you don't have any permission!
Moreover, it doesn't generate any logs!
Find a PoC in https://github.com/carlospolop/Bruteforce-GCP-Permissions and learn this and many more GCP & Workspace hacking tricks in the GRTE certification: https://training.hacktricks.xyz/courses/grte

Next Friday Sept 13th is the last day of the GRTE (GCP Red Team Expert) early bird discount! Don't miss it!

Hey, If my labs are expiring and I extend the lab after it expires.Does it carry on the progress I made or it will reset?

Yes, you don’t lose your progress

great, thank you for the response @prisma raven

Your welcome 💪💪

dear sir
I have already purchased the GCP course, but can I study the course first and then start the experimental environment?

@prisma raven

Unfortunately no, both things start at the same time

No, sorry for not answering faster, heavy work day 🔥💀

60 days is more than enough

I was still having 25 days after passing the exam

So don’t worry

ok

thank

https://blog.projectdiscovery.io/azure-config-review-with-nuclei/

Is there a channel for ARTE?

Yes, link your discord ID on the hacktricks training website

And you will be granted access

Got it I'm yet to take the course

Wanted some feedback on how deep do the modules go

I've got lot of mixed reviews online saying most of that content is out on youtube or that it is to basic :/

That’s fake 😂😂😂😂

Im pretty sure you won’t be finding nothing like ARTE anywhere else

Tell me what you want to know , I will answer your doubts

You can also check my post where I explained how it works

https://slayer0x.github.io/ARTE/

Can I dm you?

Sure

2 new lessons about (ab)using GCP Cloud Scheduler and Workflows were released in GRTE certification (https://training.hacktricks.xyz/courses/grte)
If you already got access to it you can check them, if not, you can get access to the certification and will have access to all the updates in the future!

You can also take a glance to these GCP service from a offensive security perspective in:

• https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security/gcp-services/gcp-cloud-scheduler-enum
• https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security/gcp-services/gcp-workflows-enum

@modest elbow and @glacial kelp you could have been rich: https://www.linkedin.com/posts/parisel_aws-vdp-vulnerability-disclosure-program-activity-7242113598800429056-Jpdr?utm_source=share&utm_medium=member_desktop

Saw it yesterday they finally have a VDP although it is not a bug bounty program so I guess they are still not paying for vulns?

Can be yes... maybe only diplomas XD

like NASA, PDF letters

probably...

BTW if you haven't read this one it is probably the scariest AWS vuln I've seen in the last couple of years https://engineering.doit.com/aws-transit-gateway-peering-exploit-a1715edd4c8a

Let´s see

oof

that's a big nono

luuul XD... how can Amazon fall in this stuff... Only front-end limitting privileges

well

they have like thousands of services

yeah...

don´t know XD

it's pretty tough to catch EVERY thing

it's easy to say from our perspective 😄

after discovering this you always asks your self if someone has discovered before XD

You would think a service this critical would have been tested a lot more... I feel like any pentester would try this the first thing they would do when assessing this service

Yeah true I would

that´s why im saying...

"I wonder if I can connect to random on-prem environments!"

Did you know that setting arbitrary environment variables can get RCE in most scripting languages?

Some cloud services allow to modify env variables and you can:

• Escalate privileges to roles or service accounts without typical permissions to access them (e.g. https://shorturl.at/ziMvo)
• Execute code in unexpected places, such as GCP Composer’s DAG processor, triggerer, workers, and webserver (already fixed)

Learn and practice these and other hacking techniques at http://training.hacktricks.xyz and http://cloud.hacktricks.xyz.

When are we gonna get HackTricks Prod Energy Drinks?

"Fuel Your Code. Break the Rules. HackTricks Prod—Power for the Bold."

🔥

Still need to look into that hahaha

It’d be cool for patreon supporters or something like that, or just as merch you can buy!

Do you have a patreon btw?

https://github.com/dafthack/MFASweep.git

Interesting tool for fast checking in azure/microsoft stuff

HackTricks as the wiki has github sponsors

Yeah, for Azure there are a lot more tools than for all the other clouds (even together hahaha)

I can understand why

😅

Yeah this works really well too btw

Is anyone familiar with any vulnerabilities related to dce-rpc in azure ?

ARTE has been updated again!

Learn how to use and escalate privileges in Step Functions and put it into practice in the AWS Red Team Expert certification (https://training.hacktricks.xyz/courses/arte)
If you already pruchased the cert, you can access the new lesson!

You can also learn some Step Functions cool hacking tricks in https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-stepfunctions-enum

🚨 New Course Alert! 🚨

Excited to introduce HACKTRICKS GRTA: GCP Red Team Apprentice, the perfect starting point for mastering security in GCP and Google Workspace (https://training.hacktricks.xyz/courses/grta).

👉 Learn about the GCP key services.
👉 Discover how to spot and exploit common misconfigurations.
👉 Increase your skills in hardening GCP environments.

To celebrate it we have reduced the prices of both ARTA and GRTA the following month!!

Hi there, how are you? If I want a sanity check on an ARTA flag, can I consult through this channel?

Hi @wraith canyon , you should go to #arte-general

If you dont have it, in the profile section of hacktricks training you can provide your discord username and you will be added!!

Thank you!

Anytime, you can also open a ticket for any further questions!!

hello all
I'm just curious
if i want to conduct a pentest on Azure and the client will create a user account for me to test with
which role should that iser account get assigned with?
maybe global reader? or is it something else?

I typically ask for multiple roles. Not just a single one.

Usually I'll ask for whatever the like standard RBAC roles that gets used when deploying new users to the environment, then I'll also ask for a Global Reader role so I can approach it as a greybox test.

Additionally, make sure that the client assigns you an O365 license and all that. It will increase the depth of the analysis you will get to perform.

I recently did a red team op where we could've done a whole bunch of cool stuff and demonstrated a lot of impact had we been assigned a 365 license to our assumed breach account likke everyone else had been

🔥

hello
how can i know how many days i have left for the lab

i got busy in the past week and didn't get the chance to study

Hi!! If you go to the dashboard, in the section "Your Labs", you should see how many days you have left for the laboratories of the courses you are taking.

Let me know if you find it!!

thanks for answering
but what if they don't have a default RBAC
Global Reader is ok to have
but is not enough to barely do things
what do you think is the suitable approach in this scenario

well with global reader, you can read teams/sharepoint

Felicitaciones por el tremendo trabajo que realizaron en los labs y en la metodologia. Sigo digeriendo el material aun y seguire por bastante mas tiempo. 👏👏👏

https://www.linkedin.com/feed/update/urn:li:activity:7249238712474099713/

passed CRTP, CRTO, PNPT, and OSCP in the last 2 months it's finally time for this baby

https://youtu.be/IospQtj544o?si=UrH_a-Q3__6Tk2yn

Hello, will the azure red team expert be available soon?

Around the end of this year or the beginning of the next!!!

Thanks a lot

🚨 GRTE Update & Discounts Alert! 🚨

We celebrate it with new discounts for GRTE. Go to our LinkedIn (https://www.linkedin.com/posts/hacktricks_grte-update-discounts-alert-we-activity-7254065963841576962-Lhio?utm_source=share&utm_medium=member_desktop) or Twitter (https://x.com/hacktricks_live/status/1848302265641173155) and learn how to get the discount!!

Our new lesson on how to abuse Google Workspace Sync is up now. Furthermore we have updated our Cloud Functions laboratories, learn how to escalate Cloud functions via storage monitoring here https://training.hacktricks.xyz/courses/grte.

If you’ve already purchased the cert, these lessons are waiting for you now!

You can also learn some Cloud Functions cool hacking tricks in https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloudfunctions-privesc and learn about Google workspace Sync in https://cloud.hacktricks.xyz/pentesting-cloud/workspace-security/gws-workspace-sync-attacks-gcpw-gcds-gps-directory-sync-with-ad-and-entraid

Hiya, Python security researcher here. Can someone reach out to me regarding an inquiry in the course content for GRTE when you have the opportunity? (Not a generic question, probably more line of business/abuse of platform related.)

Tell me

Shot ya' a DM Carlos. Cheers 😄

Did you send it already?

I did yes.

Might be stuck in your DM requests.

Hopefully it didn't go to Spam lol.

🎉 New HackTricks Bundles! 🎉

These bundles give you a 20% discount compared to getting each course on its own, so you get more for less!

1️⃣ Expert Bundle: Includes GRTE (GCP Red Team Expert) + ARTE (AWS Red Team Expert): Ideal for those ready to master advanced cloud security techniques in both AWS and GCP. (https://training.hacktricks.xyz/bundles#expert)

2️⃣ Apprentice Bundle: Includes GRTA (GCP Red Team Apprentice) + ARTA (AWS Red Team Apprentice): Perfect for beginners looking to build a strong foundation in cloud security. (https://training.hacktricks.xyz/bundles#apprentice)

Take advantage of this opportunity to boost your skills with a HackTricks bundle (https://training.hacktricks.xyz) !

Hello!
Does anyone else experience with training site issues?

Should be working just accessed it without any problem!!

Try reloading it

Ah, it works now 🙂

How can I join the ARTE channel?
I am a student and got stuck

Hi!! Once logged in, you can yo to the profile section on top right of the page. There you should see a box that says "Discord handle (Optional)", you should fill it with your discord ID

You will be added automatically

Thanks, I did, but..I don't see the private channels

Weird should be right below this one

@glacial kelp Should it be already there right??

You have the role you should be able to see #arte-general

🔥 Black Friday Deals Are Here! 🔥

Until November 30th, take advantage of 30% OFF our Cloud Security Bundles and 20% OFF on individual courses with our Black Friday discount codes. Master advanced security tactics in AWS and GCP with our ARTE and GRTE certifications!

⏳ Don't miss out on these limited-time deals and start your journey with HackTricks today!

The discounts are applied automatically in the web http://training.hacktricks.xyz

@everyone In addition to the already mentioned Black Friday discounts we would like to offer a 20% discount in extra lab time until the 30th of Nov as some people requested!
Use the coupon BLACKFRIDAYLABS20 to get it!

Thanks for the discount offers. When can we expect to see the release of the Azure material?

we are working on it, ETA for the first Azure course is early 2025

Hey how do I buy the course ?

Nvm my bad no coffee full piss head mode

Hi team, just quick question.
How long does hacktricks takes to respond on my emails regarding student discount as i need to buy the ARTE asap

Not much, why?

You can dm me!!

Hi all. I need a copy of my invoice for ARTE course. Can I request that through email (If so, which email address)? Thanks

Hi!! You can send us an email to training-support@hacktricks.xyz

Great! Thanks

I see I had actually sent an email to this address with this request a few weeks back and never received a response. I just sent another email now.

You should have received a response!

Got it! thanks for quick turnaround!

Anytime!

Are the labs in browser or do you create your own lab environment?

The labs are cloud based, you gain access to them, so you only need a computer/vm to install the tools needed to interact with the different clouds.

We set everything up for you. You just click a button and wait a bit for provisioning

Hello, sorry to bother you.
It seems that the azure training is scheduled for early 2025.
Will be there some early bird discount?

Hi!! Yes there will be an early bird discount

Thanks a lot, I intend to buy both the AWS and the azure course, but I have a limited budget.
I intend to buy the AWS course this year and Azure course next year if it's around the same price

⏳ Black Friday Deals Ending Soon!

This is your LAST chance to grab Black Friday deals on HackTricks Training. Until November 30th, take advantage of 30% OFF our Cloud Security Bundles and 20% OFF on individual courses with our Black Friday discounts. Master advanced security tactics in AWS and GCP with our ARTE and GRTE certifications!

🔥HURRY!!🔥

The discounts are applied automatically in the web http://training.hacktricks.xyz.

My GRTE lab hasn't been provisioned yet, can someone have a look into it. Its been 5 hours since I activated my voucher.

GCP modified an API just today in there was some labs that couldn't be provisioned. It's fixed already but you need to go to the labs page and reset the lab.
Sorry for the inconvenience

Is there a specific labs page, the only page I see is https://training.hacktricks.xyz/dashboard

Here on the "continue where you left"

The labs start in the part 2!

I get an empty page when I try to access part 2

Weird i can access with no issue, can you try other browser?

ok, let me try chrome

same thing in chrome

@glacial kelp @modest elbow Can you take a look to this?

Look dm!!

Hey @glad orbit I think you should be good to go now. GCP made a change yesterday and yours was 1 of the 2 deployments that failed because of this. I missed that it happened twice and only retried for the other student. Sorry about the delay

Thanks @glacial kelp, I am able to access now

By the way if you add your discord handle in the profile section of the website you will be added to some private channels and a support ticket system

thanks @glacial kelp , I added my handle to https://training.hacktricks.xyz/profile

Hi there! I keep getting this error message, I'd like to purchase this before the deal ends

Hi! It was until midnight EU time.
However we just extended it until the 2nd of December till 23:59 GMT+1!!
Don't miss it❗

Can I get access to the private channel?

Any updates on when the AzRTE is coming out?

Also, @glacial kelp I never got my GRTE badge

Added you to the role

It is a shame you have to choose between what can to show in discord

Ik 😭

But thanks!

We are aiming for February, but there is a lot of research left to do

Thanks a lot! Now I got it. By the way, I can send the voucher again at any time, is that correct? Even if the first voucher link expires

I dont understand the question 😅

I received this after purchasing the course.

However, I assume I can use this option to get a new activation link at any time

Hi! I think you will get the same activation link with that button. The vouchers is expected to be used in 1 year from the time it's purchased (note you have un 1 Dec 2025). However, if you want to activate it later let us know

I have a couple of questions, can you add me to the private channel

YOu should see the #arte-general channel

I see it now, I am working on GRTE, can you add me to that specific channel

oh sorry #grte-general

Thanks, I see it now

Great

Howdy @modest elbow or anyone that can help.
I am doing the ARTE and am stuck on 2.13 ECR - Elastic Container Registry 2nd Lab - Push Docker Image.
I downloaded the walkthrough but still cannot get it to work.
When I run the lambda invoke command I get the following error in the out.txt file:
{"errorType":"Runtime.InvalidEntrypoint","errorMessage":"RequestId: 0f86b30a-b562-4235-bac1-61ce7e19ad0c Error: fork/exec /lambda-entrypoint.sh: exec format error"}

Howdy @carlospolop or anyone that can

Hi, please open a ticket so I can help you

How do I open a ticket

go to #training-support

I dont have access

Did you added your discord id to your profile in hacktricks training?

I'll do that now

Hey there, I am thinking to get 15 days lab extension for ARTA course. But if I am able to finish all the labs in the allocated time that I have left and if I did not redeem the voucher for lab extension (I am guessing everything on this platform is based vouchers), can I then issue an refund for this unused voucher?

If its being more than a month, and of course it has not being used yes.

But note that a 2% percent of the transaction will not be refunded, because of Stripe fees

Okay 👍

Looking forward to it my dude

Me too 😂

creds are fine, anyone has same output for kms:PutKeyPolicy (I reset lab, same thing)

other labs ok

I ran --debug also, but doesnt seem to be issue on my end - could someone help please

Open a ticket

ok

Hi all 🙂 Is this the right channel to ask for hints about ARTE labs? I think my instance of "API Gateway Sign Request" may be faulty

Is the #arte-general general one

You have to add your discrod name to the hacktricks-training profile

Awesome thanks - just added 🙂

You should see the channel now!

Is there any way to invoke Lambda function without the Invoke permissions?

I noticed the lambda:UpdateFunctionConfiguration privilege escalation via env variables but is it enough just to set them or do I need to invoke the function anyway?

You need the Invoke permission to invoke it yes

Im not aware of any other way of doing it

But there can be some triggers, right? like uploading something to S3 bucket ?

Yes there could be triggers

Also if the lambda is exposed via URL and everyone is allowed to acces the URL it's a way to "invoke" it

I added GCP and AWS Red Team Apprentice Courses to the Cloud Security Fundamentals section of https://learntocloud.guide a few weeks ago.

Thanks!

Hi @everyone !
We are releasing the HackTricks assistant chatbot https://www.hacktricks.ai/ for free!

This chatbot has access to HackTricks & HackTricks Cloud knowledge base so you can ask it questions about topics discussed in HackTricks or cybersecurity in general and it'll be able to help you using HackTricks knowledge.

Moreover, it also allows to generate interesting facts and questions about the selected HackTricks topic or even about a specific certification. This allows you to practice hacking (from a theoretical way) from anywhere and prepare for the top certs!

Cool

Might have been a temporary vercel breakdown, its working now

I still can't access it.

? I can access it without any problems

And a couple of guys I asked also can.
You get that error always?

My friends also cannot access the webpage.

I can access the webpage now.

I was able to access the website using a VPN. After disconnecting the VPN, I can still access it. However, browsers that have never accessed the site using a VPN cannot reach it.

By the way, I am currently in Taiwan.

Yes, I accesed vercel to see the logs and openai is returning some 403 because of the location of some used vercel servers. I'm trying to update the configuration to only use vercel servers from the US

could you try again and let me know?

new deployment, could you try again?

shit, ok, I'll take a look these days but for the moment I guess you need to keep using the VPN

guys i got an announcement of a pentest AI assistant bot

how to access it ?

think it was from this server, if i remember correctly

www.hacktricks.ai

been using chatgtp some time and its quite alright for brainstorming

how would this compare?

This is like chatgpt with further access to hacktricks data with an interface prepared to learn about hacktricks content and prepare for other certs with questions related to them

This is great

Probably less chance to hallucinations then since hacktricks data is awesome

Even in polish it has good flow when I am testing it :d

Hi @everyone ! Happy Sunday!
As requested by some users, the mobile version of the web is up now.
Just access www.hacktricks.ai from your phone and test yourself about hacking topics anywhere!

Works great !

Not related to this training but pretty interesting resource https://comparecloud.in/

Hey thanks for sharing. @south wave

Hi! I don't know if it's proper channel to ask, but: has anyone run into issues with the ARTA SQS lab? Could you walk me through the correct way to retrieve the output after injecting commands into the vulnerable Lambda function? I’ve tried several approaches and still can’t figure it out. Thanks in advance! 😉

hi!! do you see the #arte-general channel?

looks like I don't have access there

Did you put your discors id into the hacktricks trainning account?

no, I'll do it in a minute - thank You!

nice resource, it allows to filter extensions for free, unlike greyhatbuckets > https://osint.sh/buckets/

Hi everyone, would someone from support be so kind and add me to the gcp channel ? Thank you in advance ps. yes i added my discord id on my profile

Hi, do you see the #grte-general channel??

hi @near prairie , thanks for reaching out. no unfortunately not.

You should have it now @molten vortex

Thank you @near prairie

@everyone Learn cloud Hacking from 0 to Hero in 3 days!
The 3 days-3 clouds course is back at RootedCON: https://www.rootedcon.com/trainings-rooted2025/
Learn AWS, Azure and GCP security in 3 intense days with 3 expert cloud hacking instructors in this amazing course (in Spanish)!

Not available in English too?

Azure course has been released?

It'll be available in english at HackSpaceCon in May, for the moment this is course we only deliver in person

not in the training platform, still working on the labs but we will give news soon!

Any plans for this in English, but in Europe?

We give also to companies interested that reach us, but we don't haven't look for any other conference in EU yet

Hi, I'm thinking about buying a voucher for the courses, but before doing so, want to check one thing. Is there any expiration for the certifications, or are they valid indefinetly?

No, there is no expiration for the certification!

Thank you!

I passed Google's Cloud Security Professional Engineer Exam last night and I attribute most of my success to actually taking the GRTE Hacktricks Course: https://hackidle.com/Course+%26+Certification+Reviews/Google+Cloud+Certified+Professional+Cloud+Security+Engineer

I really just had to fill in a few personal gaps in key management

That is really interesting I'll read the blog post more in depth curious to see how the two certs compare as the have slightly different angles

@everyone we are super excited to share with you that AzRTE (Azure Red Team Expert) is now in pre-release with the early bird discount applied! Don't lose the opportunity to get it at the best price.
Get ready to improve your Azure & EntraID hacking skills!
More info in https://training.hacktricks.xyz/courses/azrte

Signing up now! [or well, one of my guys are] ... great to see this coming out, we have been waiting with bated breath 😄
Will it be possible to gain access to the course material prior to the 29 March ?

Unfortunately no, March 29th will be the first day to access the material.

thanks for the update, we will look forward to starting, payment has been processed now 🙂

Awesome!!

Pls I have html script am looking for the php who can help out

I honestly read AzERTY (which is like the qwerty of french keyboard layouts) when I said the message out loud

when is the kubernetes course coming out? @modest elbow

Atm it's available on-premise for conferences and companies. For Hacktricks Training platform we will work on it after the Azure one is finished

got it

why the domain is not indexed?

is it just me?

Another question, is microsoft grapth api mention in any of this chapters from the new azrte?

I assuming that tokens & API could covered it

Google de-indexed it some time ago now we use https://book.hacktricks.wiki/en/index.html, and https://cloud.hacktricks.wiki/en/index.html

Yes it will be covered in the tokens & Api lesson

In AzRTE we will talk a lot about EntraID and its APIs

And you will be using it in the labs too

Would ARTE help with Security Engineering?

If what you do relates to aws I would say yes. Although it is more tailored towards attacking aws more than defending

Does the GRTE course have any training on "Apigee X" ?

Please use the #arte-general channel for these questions, or the ticket system

I struggled a while with the signup form to create an account for the new azrte training.
It says 8 to 32 chars. But it's actually **24chars **max, it won't accept passwords of 25chars or longer

My advice would be either allow up to 32 chars or change the error msg. It's a bit outdated though, why not accept 40 chars passwords e.g.?

I'll take a look at why it is limiting at 32, y can increase it to 64 but will keep a limit as not having a limit can end in long delays calculating hashes which can impact performance

Yeah, so it's limiting at 24 now, but I think that's what you meant.

Yes sorry, I'll check in a bit

You should be able to use up to 64 char passwords now

Let´s get ready to rumbleeeee 😎

Yeaaahhh

Hi guys, not sure if it's the proper channel...
I'm a little blocked in the EC2 lab from ARTA...
I did the SSRF, i got two roles, the one listing the secrets is not allowed to read them...
So, after trying this and that, and re-readig the materials a couple of times I'm lost...
I also tried to privesc based in the roles I found but I couldn't move forward from that...

lab 1

@modest elbow

you can add yourname bong into the hacktricks profile which will give you a hidden channel for ARTE-general or ARTA-general . I am not sure for ARTA as i enrolled for ARTE

Please, do as @jovial hamlet said to be able to ask in the right channel and to open private support tickets

thanks!

Hi folks, general question:
It's not yet clear for me whether Cloud attacks are post-exploitation/pivot or we can target the cloud gathering the organization ID or even with no credentials ??

You can gather info without credentials (unauth enumeration) and in some services exploit misconfigurations that might have. About post-exploitation is usually when you have some kind of access already and you can change certain things/configurations inside the organization.

thanks Jim, i see... then it's clear to me now that it's possible to perform unauth tests against the cloud... but the "how-to" is not yet fully 100% clear... should I gather target information, as a "must-have" element, or I as the pentester might have my own cloud user/org to perform the test?
coz in my mind there're 2 possible scenarios: my-creds (kind of "cross env" testing), or no-creds.
So, both scenarios test for publicly available resources, but i wonder if behind the scenes, the cli/cloud requires some such of creds being loaded, or the tests on the publicly available services won't fail when there's someone testing without creds... ??

the "technical" part is not yet fully clear...

So you are wondering how to perform a blackbox approach, right?

Well... correct me if I'm wrong: black-box test means no previous intel/knowledge of the target (surface included).
I would like to know just a smaller detail: how the unauth test is performed, should i use my creds (kind of "cross env" testing), or no creds are needed?

Now i get the question, ill answer in the arte channel or in DM whatever you prefer

ARTE might be better in case someone like to add something 😋

Bought it today as well! Will be activiating after March 29, and can't wait to dive into it!

Niiiceee

Lets go for first blood 😎

hahahahahahaha

we are all ready

Glory for everyone, we fight the same battle

🫡

Hi all! Happy Friday! Hope you enjoy your weekend!

@glacial kelp @near prairie can i buy the voucher and activate in 3 month?

Yep

You got 12 months to activate it

Yes, you have one year to use it, starting on the 29th of February

Got it

Of march *

Yes March😅

oh lol my bad lol - it's here: https://hackidle.com/Course+%26+Certification+Reviews/Google+Cloud+Certified+Professional+Cloud+Security+Engineer+Review

https://permiso.io/blog/introducing-detention-dodger

This is interesting

Didn’t know about it

Have you ever found it applied in real assessments? @modest elbow @glacial kelp

Im curious now

Never seen this

Hi there! Is there a timeline on when the AzRTA course will be available?

Probably a couple months or so after AzRTE

Oh its much longer than I thought🤣 Looking forward to it!

Go for AzRTE! Let´s tryhard

I'll definitely go for it! Just want to take steady steps lol

Hi @everyone ! To celebrate the Azure Red Team Expert certification is released in a week we are going to launch the first Cloud PEASS!
Welcome Azure PEASS (https://github.com/carlospolop/cloudpeass), a script that can get a management and/or a graph token and find ALL your permissions inside Azure resources and Entra ID. Moreover, it'll use Cloud Hacktricks (https://cloud.hacktricks.wiki/en/index.html) and HackTricksAI (https://www.hacktricks.ai/) to color the sensitive permissions you have and even tell you how to (ab)use them!

This is just the first of the 3 initial Cloud PEASS to be released with HackTricksAI support for red teams!

Hello, who is/are the authors of the AZRTE course please?

Hi! The HackTricks Training team, Ignacio, Jaime and Carlos

Thank you

After AZRTE purchase, can I enable it whenever it fits my schedule?

Yes, you have 1 year to enable it whenever you want

Thanks a lot

Thank you!

Does the course cover hybrid scenarios?

It will cover AD <--> EntraID scenarios, but this the only lesson that won't be released tomorrow as we are still developing the labs

ok, I understand

@everyone the new AzRTE (Azure Red Team Expert) certification is up and running!
If you have a voucher you can redeem it from today!
If you don't, get one while the early bird discount lasts (only a couple weeks more left!)

And so it shall be!

Hey carlos make a complete web hacking frow intermediate to enterprise level in video form

If you can't then help me about your wiki pages

I am confused

Does those content about web is enough for bug bounty and entry level jobs?

for entry jobs despite of "know" vulnerabilities you have to have some basic of app developing, networking, scripting and so one. Most of companies form my experience looking for people which could learn fast, have analytic mindset got basic knowledge which will be valuable during problem resolution. No one looking for guy who could from memory describe all owasp top 10 vulnerabilities

This is just describing me

so if you got a match not be worried to try 😄 job interviews are not hard like most people thinking

Main thing is my english language is weak and and am still learning computer language 🥲, communication skill is literally 0

Is there anyone looking for developer?
Now I am actively looking for a new job opportunity or task, and here, I'd like to connect with you. Thank you.

Hello, I don't know it this is the right channel but I'm stucked on SSRF lab, on ARTA.

Hi, no, go to #arte-general or open a ticket with #training-support

Appear as No Access.

Add your discrod handle to your account in hactricks training

Then it should appear automatically

hellooo, I have been researching recently about device flow authentication, and discovered in a yt video that is supported by Az Cli, what didn´t expect as Az Cli can´t be configured with access tokens, I might take a look on how it´s managing the connection, cause maybe something can be done in order to make it work with Access/refresh tokens

At the end of the day that´s what you get when device login, a FOCI refresh/access token

Hi @everyone !

AzRTE (Azure Red Team Expert) early bird discount will be gone on April 25th. Learn Azure and Entra ID hacking with tens of hands-on labs to practice at the best price while it lasts at https://training.hacktricks.xyz/courses/azrte

Moreover, if you prefer to learn on a live training check out the 2 days 2 clouds course we offer at HackSpaceCon in https://www.hackspacecon.com/HackSpaceCon#/awsazurehacking and learn AWS and Azure hacking in 2 days!

Pfeww i'm getting the payment on the 24th. Right on time!

https://www.linkedin.com/posts/hector-ruiz-ruiz-05a6aa236_cloud-security-cybersecurity-activity-7317532080718995456-4HZm?utm_source=share&utm_medium=member_desktop&rcm=ACoAADrV1cYBDWqdY2taKcRxU2cnHp4XG-rMfRc

Thanks everyone for the support, don´t know why but the tool is getting too much love ❤️

Hello. In ARTA KMS Lab any ideas?

An error occurred (InvalidCiphertextException) when calling the Decrypt operation:

aws kms decrypt --ciphertext-blob ms_lab_1_user2_credentials_encrypted.txt --key-id 32778d35-462d-4bf6-b62d-f2c6eb043bbe --profile audit01 --region us-east-1 --output text --query Plaintext | base64 --decode

i removed whitespaces in the base64 encrypted key file already

i used file://enc.txt and fileb://enc.txt

nothing working

file should work as its textmode

Hi @leaden patio, please, in the training web go to your settings and set your discord hadle. Then, you will be invited to other training private channels were you will be able to get support and also open tickets!

hmm i have done this but never got an invite

😦

It's automatic, note that you id is "p3rpl3x_x25"

ok solved both problems

is the hacktricks training dashboard not loading for anyone else?

i’m not able to access my courses

Its working for me

Working for me too.

Try removing te cache

tried that, tried switching browsers, tried on my phone

just getting a blank screen

maybe something’s wrong with my account

You should not have any issues, in any case @glacial kelp can you take a look to this?

I'll DM you to troubleshoot the issue

Has this been shared yet and did anyone get around the test it out? https://github.com/FalconForceTeam/dAWShund

https://www.hacktricks.ai/
Could you please open it?

Its working for me

few days back there some discounted offer for gcp course right? is it still valid?

@modest elbow

Last one I think that was in Black Friday. But we always have discounts for students and bulk purchases, what do you need?

let me ask my boss il get back!

Hey, I bought ARTE last June. But I didn't activate the voucher. I'm going through a busy period. Is there a deadline to enable it? Or can I enable it whenever I want?

It is one year after purchase to activate the voucher but if you can't start it yet message us at our support email and we'll help you out

Hey everyone,
I have a couple of questions about the ARTE certification.
In the FAQ section, it says:
"The voucher will grant you 60 days to complete the laboratories. However, you will be able to purchase laboratory extensions if you need them."

• How much does it cost to extend the lab time, say for an additional 30 days?
• Is an extension typically necessary, or are the 60 days usually enough to properly prepare for the exam?
  Also, after passing the exam, is the certificate provided only as a PDF, or do you also receive a digital badge for LinkedIn or other social media platforms?
  Thanks in advance!

60 days in my opinion is more then enough i finish all in 30 days

Hi!
Most of the students dont need the extra days to finish the course, but in case that you need it to extend it, the 30 days extension is 259€.

Regarding the digital badge, no, for the moment we just issue the PDF.
Let us know if you have more questions!

I just started the ARTA training. I deployed my first lab and was able to configure the CLI. When I deploy my lab again, will it generate new keys that I need to update my CLI profile with?

Hi! Yes it will give you new credentiasl to use for the lab, and update your config credentials file!