This session will focus on cloud and on-premises hybrid attacks, adopting the perspective of attackers. It will explore the scenario where, after breaching a corporate network, the attacker is unable to obtain valid credentials for lateral movement on-premises. Nevertheless, they can still employ techniques such as Pass the PRT to vertically penetrate into the corporate cloud. Furthermore, by abusing mechanisms like Cloud Kerberos Trust and Hybrid Device Join, especially after gaining cloud admin privileges through privilege escalation tactics, the attacker can inversely breach into the corporate on-premises network.