Cloud

The challenge provides JSON credentials that can be used to authenticate and enumerate IAM Policies. The service account has policies that enable them to enumerate Storage Managers and Cloud Functions. After retrieving a a partial source code of a certain Cloud function, it was discovered that it was possible to invoke a limited access internal function by using an external function as a proxy. Thus, exfiltrating the flag

The challenge provides Access Keys that allows for IAM enumeration that leads to a Lambda permission which allows the user to access the source code of the Lambda function. Next, another crucial permission was present that allowed them to view a sensitive SSM parameter that ultimately allows for invoking the Lambda function that reveals the flag

The challenge provides Access Keys that are used to authenticate to the AWS instance and enumerate AWS IAM resources which includes users, policies, and roles

The challenge provides JSON credentials that can be used to authenticate and enumerate Service Accounts. IAM enumeration reveals that the SA has the permission to do service sccount impersonation. Further enumeration reveals a testing Cloud Function which could be invoked by an impersonated service account leading to the flag

The challenge provides Client Credentials that can be used to authenticate and enumerate available Key Vaults and secrets. Then, using an acquired SAS Token, the flag was retrieved from a blob in a storage container belonging to a storage account