- Published on
The challenge provides Access Keys that allows for IAM enumeration that leads to a policy that has permissions for S3, Lambda functions and Amazon SQS. Early enumeration restricts S3 object exfiltration but allows downloading the source code of a Lambda function which reveals sensitive arguments that can be published to the SQS service that invokes a Lambda function that reveals the flag in the Lambda Function logs