Main Takeaway: Starting with no access to the AWS account, we compromise a webapp hosted in an EC2 instance by finding both an SSRF and ... We start off as a fairly high-privileged user who can perform multiple IAM and EC2 API calls.
Hacking In The Cloud Cloudgoat Lambda Privesc -
Starting with no access to the AWS account, we compromise a webapp hosted in an EC2 instance by finding both an SSRF and ... We start off as a fairly high-privileged user who can perform multiple IAM and EC2 API calls. We start off as a low-privileged user who can perform IAM Get and IAM List on all resources.
Important details found
- Starting with no access to the AWS account, we compromise a webapp hosted in an EC2 instance by finding both an SSRF and ...
- We start off as a fairly high-privileged user who can perform multiple IAM and EC2 API calls.
- We start off as a low-privileged user who can perform IAM Get and IAM List on all resources.
Why this topic is useful
This format is designed to help readers move from a broad question into more specific pages without losing context.
Sponsored
Frequently Asked Questions
What is this page about?
This page summarizes Hacking In The Cloud Cloudgoat Lambda Privesc and connects it with related entries, references, and supporting context.
Is the information always complete?
Not always. Some topics may need verification from official or primary sources.
How should readers use this information?
Use it as a starting point, then open related pages for more specific details.
Visual References
Sponsored