Beginner Lab red team icon aws

Get Situational Awareness in AWS with Cloudfox

Cloudfox by Seth Art is a great tool for getting situational awareness in the cloud, and this hands-on lab will introduce you to some of the really useful commands!

Play now

Scenario

On a red team engagement for our client Huge Logistics, you scanned their GitHub repositories for secrets using TruffleHog and found AWS keys committed in a .env file. Your mission is to see what this key gives you, and see how far you can go!

Lab prerequisites

Basic Linux command line knowledge

Learning outcomes

Use Cloudfox to get situational awareness in AWS
Retrieve the source code from a Lambda instance
Retrieve data from a DynamoDB table

Real-world context

Getting situational awareness is an important step when assessing the security of unfamiliar cloud environments. While penetration testers and red teamers will do this on engagements, it's also a good exercise for blue/purple teamers to undertake periodically, as the shifting permissions environment of the cloud can unintentionally expose secrets and open up unintended paths for resource and data access.

Cloud Security Training To Protect Your Business

Pwned Labs for Business gives your team access to dedicated business content, including labs and cyber ranges.

We also offer in-person or remote workshops, and our cloud penetration services are helping businesses become more secure!

Find out more

Get Situational Awareness in AWS with Cloudfox

Cloud Security Training To Protect Your Business

Privacy Policy | Terms & Conditions