Home > Hands-On Labs > Lab
Login or register a free account to launch this lab!
Comments
What's a Hands-On Lab?
1-Click Deployments
AWS lab environments at the click of a button. Skip the hassle of creating or managing practice accounts and dive straight into using real resources.
Practical Learning
Learn cloud security with real AWS resources and real-world scenarios, not just theory.
Risk Free
No surprise bills when you forget to delete learning resources, and keep vulnerable training environments safely isolated from your corporate and production resources.
Responses
Nice one!
Thanks!
Hey ! I’m havinf a hard time to understand what’s the use to give us permission on a S3 bucket we created… Is it possible to not do the warm up and to directly do it on an existant S3 bucket ?
Hey, Stratus Red Team creates its own separate resources on purpose, so that you don’t affect existing resources in your environments. It’s fully self contained and doesn’t have external resource requirements. You could do the same on existing resources by writing your own attack scripts, but that defeats the purpose of this tool. The warm up for this particular scenario just creates a new S3 bucket to perform the attack against. The detonation will then create and attach a bucket policy that grants access to an external AWS account that’s outside of your control (attacker-controlled). This simulates a backdoored bucket policy, since it will grant access to all the objects within it to the attacker. I would suggest taking a few steps back and learning more about Amazon S3 and how it works before moving on to attacks like this, and we have a full course on this to help.