Back to Course

IAM Privilege Escalation Labs

0% Complete
0/0 Steps
  1. Introduction

    About this course
  2. Real-world case studies
  3. Useful IAM tips and security tools
  4. Introduction to AWS Enumeration
    [LAB] Getting Started with the AWS CLI
  5. [LAB] Introduction to AWS IAM Enumeration
  6. [Cheat Sheet] IAM Enumeration CLI Commands
  7. [LAB] Introduction to Secrets Manager Enumeration
  8. [Cheat Sheet] Secrets Manager Enumeration CLI Commands
  9. [LAB] Introduction to Amazon S3 Enumeration
  10. iam:CreateAccessKey
    [LAB] [CTF] iam:CreateAccessKey PrivEsc
  11. iam:CreateAccessKey Solution
  12. iam:CreateLoginProfile
    [LAB] [CTF] iam:CreateLoginProfile PrivEsc
  13. iam:CreateLoginProfile Solution
  14. iam:UpdateLoginProfile
    [LAB] [CTF] iam:UpdateLoginProfile PrivEsc
  15. iam:UpdateLoginProfile Solution
  16. iam:SetDefaultPolicyVersion
    [LAB] [CTF] iam:SetDefaultPolicyVersion PrivEsc
  17. iam:SetDefaultPolicyVersion Solution
  18. iam:AddUserToGroup
    [LAB] [CTF] iam:AddUserToGroup PrivEsc
  19. iam:AddUserToGroup Solution
  20. iam:AttachUserPolicy
    [LAB] [CTF] iam:AttachUserPolicy PrivEsc
  21. iam:AttachUserPolicy Solution
  22. iam:AttachGroupPolicy
    [LAB] [CTF] iam:AttachGroupPolicy PrivEsc
  23. iam:AttachGroupPolicy Solution
  24. iam:PutUserPolicy
    [LAB] [CTF] iam:PutUserPolicy PrivEsc
  25. iam:PutUserPolicy Solution
  26. iam:PutGroupPolicy
    [LAB] [CTF] iam:PutGroupPolicy PrivEsc
  27. iam:PutGroupPolicy Solution
  28. iam:AttachRolePolicy
    [LAB] [CTF] iam:AttachRolePolicy PrivEsc
  29. iam:AttachRolePolicy Solution
  30. iam:PutRolePolicy
    [LAB] [CTF] iam:PutRolePolicy PrivEsc
  31. iam:PutRolePolicy Solution
  32. Challenges
    About challenges
  33. Challenge #1 - Secrets Unleashed
  34. Challenge #2 - IAM Escape Room
  35. Conclusion
    What's next?
Lesson 1 of 35
In Progress

About this course

Christophe November 19, 2023

Welcome to Cybr’s first ever all-hands-on-labs course!

In this course, you will learn how to exploit AWS environments that have misconfigured IAM policies that create vulnerabilities and allow for privilege escalation exploits.

Who is this course for?

This course is considered beginner to intermediate level, meaning that the labs and challenges are easily solvable with a little bit of research, but they will require research especially if you’re not that familiar with the AWS CLI or AWS IAM.

To clarify: If you’ve never used AWS before, or if you are a complete beginner to AWS you should not start here. Instead, get familiar with AWS first — like by completing our Intro to AWS Security course and maybe also our Pentesting AWS course first, and then coming back here. If you have limited prior IT experience, I’d recommend starting with the AWS Cloud Practitioner first.

Getting started

In the next lesson, I will be providing a few tips and tricks including useful IAM security tools you can use to speed up the process of finding vulnerabilities, but how you complete this course is entirely up to you. You can make it as hard or as easy as you’d like, or as automated or as manual as you’d like, and I encourage you to experiment and try different approaches within the hands-on labs.

Each of the learning labs provide solutions so if you get stuck you can reference those, or you can also compare how you solved the lab with how we recommend that you solve the lab since there are many valid approaches, and we show different approaches along the way.


At the end of the course, your new skills will be tested with challenges. These challenges will provide minimal guidance and may require chaining multiple of the exploits you learn about to make it a little bit more difficult.

We will not be posting solutions to these challenges, but if you get stuck, please reach out in our Discord community for guidance. We won’t give you outright answers but we can point you in the right direction! That’s how you’ll learn!

Ready to get started?

So that’s it! That’s our intro to the course, I’ll see you there, let’s get started, good luck, and have fun!


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.