Latest

The challenge provides Access Keys that allows for IAM enumeration that leads to a policy that has permissions for S3, Lambda functions and Amazon SQS. Early enumeration restricts S3 object exfiltration but allows downloading the source code of a Lambda function which reveals sensitive arguments that can be published to the SQS service that invokes a Lambda function that reveals the flag in the Lambda Function logs

The challenge provides Access Keys that allows for IAM enumeration that leads to a policy that has permissions for Amazon SQS. An interesting permission allows us to read messages from the queue URL which reveals the flag

The challenge provides Client Credentials that can be used to authenticate and enumerate roles which have permissions to read available workflows from Logic Apps. One of the workflows reveal another set of credentials that we can use to authenticate and enumerate API permissions of another certain app.

The challenge provides JSON credentials that can be used to authenticate and enumerate IAM Policies. The service account has policies that enable them to enumerate Storage Managers and Cloud Functions. After retrieving a a partial source code of a certain Cloud function, it was discovered that it was possible to invoke a limited access internal function by using an external function as a proxy. Thus, exfiltrating the flag

The challenge provides Access Keys that allows for IAM enumeration that leads to a Lambda permission which allows the user to access the source code of the Lambda function. Next, another crucial permission was present that allowed them to view a sensitive SSM parameter that ultimately allows for invoking the Lambda function that reveals the flag