- Published on
The challenge provides Access Keys that is used to authenticate as a user that has the sts:AssumeRole permission. It is then used to escalate privileges by impersonating a role that was created leading to an S3 bucket compromise revealing the flag