Red Teaming AWS Lambda CTF Hands-On Labs
We’ve launched 2 Lambda Hands-On Labs:
- Exploiting Lambda Command Injection to access DynamoDB
- Exploiting Lambda SSRF to Access S3 Buckets
Exploiting Lambda Command Injection to Access DynamoDB

Exploit a Lambda function’s command injection vulnerability to compromise a web application, gaining unauthorized access to a DynamoDB database and its data. Capture the flag by retrieving an administrator’s token and decoding it.
Exploiting Lambda SSRF to Access S3 Buckets

Exploit a Lambda function’s SSRF vulnerability to compromise an e-commerce application, gaining unauthorized access to an S3 bucket. Capture the flag by retrieving a specific object stored in the bucket.
Responses