Latest

A blog created with Next.js and Tailwind.css

Published on
February 4, 2026
CWL - IAM Access Compass
cyberwarfarelabs cloud GCP gcloud-cli
The challenge provides JSON credentials that can be used to authenticate and enumerate GCP resources which includes IAM roles and service account emails that has admin permissions
Read more →
Published on
February 1, 2026
CWL - Lamba Escalation
cyberwarfarelabs cloud AWS AWSCLI Lambda
The challenge provides Access Keys that are used to authenticate to the AWS instance and enumerate AWS IAM resources & Lambda function permissions. Leveraging those permissions, we can invoke a Lambda function to retrieve the hidden flag
Read more →
Published on
January 31, 2026
CWL - Uncovering the App Registration
cyberwarfarelabs cloud Azure MS-Graph
The challenge provides Client Credentials that are used to identify the Tenant ID, then using that to request an Access Token that we can use to authenticate and enumerate the API Permission assigned to the Application
Read more →
Published on
January 29, 2026
CWL - testIamPermissions() Probe
cyberwarfarelabs cloud GCP testIamPermissions
The challenge provides JSON credentials that can be used to brute-force IAM permissions to enumerate permissions on a service account
Read more →
Published on
January 27, 2026
CWL - Compute Engine Intrusion
cyberwarfarelabs cloud SSRF GCP Command-Injection
The challenge is a webapp that has a Command Injection & SSRF vulnerability, the goal is to chain the vulnerabilities to enumerate the GCP Compute instance and retrieve the Service Account Email ID
Read more →

All Posts →

Subscribe to the newsletter

Latest

CWL - IAM Access Compass

CWL - Lamba Escalation

CWL - Uncovering the App Registration

CWL - testIamPermissions() Probe

CWL - Compute Engine Intrusion