Pwned Labs' Electra is an intermediate, multi-account AWS cyber range designed to challenge cloud security professionals and red teamers.
🎯 Why I Took Electra
I took on Electra to prepare for the ACRTP exam from Pwned Labs, aiming to refine my skills and build a comprehensive reference sheet for future AWS penetration tests. The lab effectively met these goals, providing a realistic and challenging environment that stands out in the crowded field of cyber ranges.
👥 Who Electra Is For
The ideal audience for Electra includes pentesters, red teamers, and cloud security professionals looking for hands-on experience with cloud attacks. Before jumping in, I highly recommend a solid background in AWS pentesting. The range is logically structured, but the challenges demand a strong foundation in AWS services. Additionally, an intermediate understanding of web application vulnerabilities is necessary for initial access.
🧩 What the Range Covers
Electra covers multiple AWS services, including S3, EC2, and IAM policies. You need a foundational grasp of these different services, but the lab is straightforward enough that you are rewarded for understanding the core concepts. The journey to collecting all nine flags requires leveraging various exploitation techniques, like web vulnerabilities and cloud account privilege escalation.
🔥 What I Enjoyed Most
This range is heavily focused on the offensive aspects of security, simulating a penetration test for the fictitious company "Electra Motors." The most enjoyable part for me was the initial entry phase; my limited background in web security meant that figuring out how to gain access was a fun, challenging, and fulfilling "side quest." The lab truly replicates a real-world enterprise environment well, balancing challenge with realism in a way that many other labs fail to achieve.
🧪 Shared Environment Experience
Regarding the platform experience, unlike other ranges I’ve completed, Electra is a shared environment. This meant working alongside other users. While this occasionally provided minor hints via leftover artifacts, it also led me down a significant rabbit hole at one point. There are no extensive lab materials provided; you only receive subtle hints through the flags once you obtain them, forcing you to rely entirely on your own research.
💸 Pricing & Value
Pwned Labs' content is excellent, and the pricing makes it an incredible value. I managed to secure a year of access for only $100 after purchasing the ACRTP bootcamp—easily the best value for learning materials I’ve encountered so far. I highly recommend all of Pwned Labs' offerings, especially Electra, to anyone interested in cloud security. The quality has been impeccable so far, and you can explore their content on the Pwned Labs website.