Welcome to HackAWS.cloud

where we hack AWS services


informations about me

I'm Daniel Grzelak

An AWS hacker and security aficionado based in Australia

I started hacking Amazon Web Services in 2015 while Atlassian was moving it's business to the cloud and I was leading the security function. In 2016 I presented an end-to-end methodology for hacking AWS and published the first comprehensive AWS hacking toolkit. I've been knee deep in securing AWS systems ever since.

I now share my experience through advisory engagements and immersive classroom training for corporate teams. Unfortunately I am unable to service most requests due to a long waitlist and other commitments but please feel free to contact me to see if we can make it work.

I am NOT affiliated with Amazon in any way. Official AWS security information lives here.

Starts at $50k plus expenses

Billed on outcomes

On request


Immersive training

This training is not for the faint of heart. It is almost entirely deliberate practice and guided discovery. We’ll be hacking in teams from start to finish every day. If you want to cruise through some slides, this training will disappoint.

This is for folks who want to be able to take any AWS environment and practically tear it apart like an experienced security researcher would, even if they have never seen the exact setup before. It’s for anyone who wants to deeply understand the security decisions they are making in AWS and their real world implications, beyond what might be written on the sticker.

Request the course outline

Advice and consulting

Are you building technology startup or cloud security product? I can work with your engineering teams to set you up for success.

Are you looking to uplift your AWS logging and detection? I help security operations teams improve detection and response.

Are you running offensive security engagements or red team exercises against AWS infrastructure? I provide guidance and help develop attack chains.

If you are looking for regular cloud security consulting services like architecture review, vulnerability assessment, compliance audits etc., I'd be happy to recommend reputable providers that I trust.

Request a consultation

I am available for an introductory chat.



persistenceremote accesstrojan
Backdooring an AWS account

Maintaining persistence in AWS is only limited by your imagination but there are few obvious and oft used techniques everyone should know and watch for.

Exploring an AWS account post-compromise

Your instinct is probably to type “whoami” and luckily AWS has an equivalent -- aws sts get-caller-identity. It won’t give you much but it will start painting the picture.

Disrupting AWS logging

You’re eager to get to the data theft? What about that whole cyber kill chain thing; installation, command & control, actions on objectives? What if someone is watching?