S3

Published on
March 18, 2026
CWL - SNS PubSub Intrigue
cyberwarfarelabs cloud aws awscli s3 lambda sns lambda-logs
The challenge provides Access Keys that allows for IAM enumeration that leads to a policy that has permissions for S3, Lambda functions and Amazon SQS. Early enumeration restricts S3 object exfiltration but allows downloading the source code of a Lambda function which reveals sensitive arguments that can be published to the SQS service that invokes a Lambda function that reveals the flag in the Lambda Function logs
Published on
February 14, 2026
CWL - KeyMaster (Decoding S3 Secrets)
cyberwarfarelabs cloud aws awscli kms s3
The challenge provides Access Keys that allows for IAM enumeration that leads to an additional user policy from the Permission Boundary. The policy allows for a specific S3 bucket enumeration. From there, a KMS decryption key was found and is used to decrypt and download unauthorized sensitive files such as the flag
Published on
February 8, 2026
CWL - Trust Me, Relationship is Malicious
cyberwarfarelabs cloud AWS AWSCLI AssumeRole s3
The challenge provides Access Keys that is used to authenticate as a user that has the sts:AssumeRole permission. It is then used to escalate privileges by impersonating a role that was created leading to an S3 bucket compromise revealing the flag

CWL - SNS PubSub Intrigue