Bishop FoxWhat comes next for #CloudFoxable? @sethsec encourages #cloudsecurity practitioners to share examples from real-world breaches and experiences to help make this #AWS environment as close to life as possible.
Happy #cloudhacking! ☁
“One interesting challenge involves an #IAM role that trusts a #GitHub repository through OpenID Connect (OIDC). We’re seeing more and more clients of ours using this configuration, and this challenge was created after this attack path was exploited during a real #pentest. To participate in this challenge, users must create a new private GitHub repository they control and enter that as a variable into #CloudFoxable before deploying this challenge.” #AWS https://bfx.social/43T4dtK
Have you tried #CloudFoxable yet? How did you do? 🤔 Let us know!
(Here's a quick link to the tool itself: https://bfx.social/462AtfN)
“In the next challenge, starting again as the ctf-starting-user the participant must assume another role to access the #secret, adding one additional bit of complexity.” #CloudFoxable #CTF #cloudhacking https://bfx.social/43T4dtK
Try your #cloudhacking skills up against #CloudFoxable yet? Let us know how you’ve done – or where you’re ranked on our leaderboard! https://bfx.social/3X6diwX
Let us know how you do when you try your #cloudhacking skills with CloudFoxable! CloudFoxable has several #CTF challenges – some based off real-world scenarios – that you can use to boost your #AWS #pentesting skills. Use the tag #CloudFoxable to show off your results! https://bfx.social/3X6diwX