Whitepapers
May 19, 2025
Offensive Security in the Cloud Era: Adapting Security Testing for Modern Infrastructure
Discover how offensive security practices must evolve to address cloud-native environments.
OffSec Team
1 min read
Train Your Team to Outsmart Modern Infrastructure
Cloud complexity has changed the game. Has your offensive security team kept up?
Traditional playbooks don’t work in the cloud. Identity has become the new perimeter, misconfigurations have replaced open ports, and hybrid environments are now the norm. Offensive security leaders must rethink their approach to adversarial operations before real attackers exploit the gaps.
This 5-page white paper explores a modern framework for cloud pentesting and offensive security strategy. You’ll learn:
- Why solutioning and architecture matter as much as tooling
- How to exploit identity and IAM roles with precision
- What it takes to operate across hybrid environments
- How OffSec’s hands-on Offensive Cloud Learning Path builds real-world skills at scale
Download the white paper to start building your cloud-ready offense team.
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec
Research & Tutorials
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.
May 15, 2025
3 min read
Research & Tutorials
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution
A critical SSTI vulnerability was discovered in the open-source meal planning application Tandoor Recipes leading to a full system compromise.
May 8, 2025
2 min read
Research & Tutorials
CVE-2025-29927: Next.js Middleware Authorization Bypass
In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.
May 1, 2025
3 min read