Hands-On Labs Added January 2025: AWS Red Teaming

Cybr's AWS Security Red Team Hands-On Lab launches January 2025

This month, we added two new Hands-On Labs to Cybr, and both of them focus on AWS security red teaming activities! Let’s check them out.

(P.S.: Don’t worry blue team, we haven’t forgotten about you! We’ve got a few planned for you launching in February!)

(P.P.S.: with these 2 new labs, we’re now at 77 AWS security-focused Hands-On Labs. 100 here we come!)

Discover AWS account ID via S3 Bucket

Discover AWS Account ID via S3 Bucket-banner
View Lab >

Learn how to enumerate AWS account IDs with very limited access to S3 buckets. This lab simulates compromised credentials and makes use of a clever automated tool to reduce guesses from 1 trillion possible combinations down to only 120.

Access environment variables via Lambda Function with SSTI

SSTI Lambda CTF hands-on cloud security lab on Cybr
View Lab >

Learn how to exploit a Server-Side Template Injection (SSTI) vulnerability in an AWS Lambda-based web application. In this lab, you’ll discover default credentials in a startup’s web portal with a template-based audit report system, then craft SSTI payloads to execute system commands and access sensitive Lambda environment variables. Through hands-on practice, you’ll understand both the attack methodology and learn essential mitigation strategies for securing serverless applications.

See you next month with more AWS security labs!

View all of our Hands-On Labs >

Get started for free >

Related Articles

Responses

Your email address will not be published. Required fields are marked *