Hands-On Labs Added January 2025: AWS Red Teaming
This month, we added two new Hands-On Labs to Cybr, and both of them focus on AWS security red teaming activities! Let’s check them out.
(P.S.: Don’t worry blue team, we haven’t forgotten about you! We’ve got a few planned for you launching in February!)
(P.P.S.: with these 2 new labs, we’re now at 77 AWS security-focused Hands-On Labs. 100 here we come!)
Discover AWS account ID via S3 Bucket

Learn how to enumerate AWS account IDs with very limited access to S3 buckets. This lab simulates compromised credentials and makes use of a clever automated tool to reduce guesses from 1 trillion possible combinations down to only 120.
Access environment variables via Lambda Function with SSTI

Learn how to exploit a Server-Side Template Injection (SSTI) vulnerability in an AWS Lambda-based web application. In this lab, you’ll discover default credentials in a startup’s web portal with a template-based audit report system, then craft SSTI payloads to execute system commands and access sensitive Lambda environment variables. Through hands-on practice, you’ll understand both the attack methodology and learn essential mitigation strategies for securing serverless applications.
Responses