astronaut
Logbook
Web Security • Research • CTF
Menu
May 23, 2026

Web-to-Cloud Attack Chains

Phase 2 notes: chaining web vulnerabilities into AWS credential theft, secret discovery, and cloud resource compromise.

research

Phase 2 — Web-to-Cloud Attack Chains

Phase Summary

Completed 6 Red Team labs focused on chaining web-layer weaknesses into cloud credential compromise and AWS data access.

This phase is especially useful because it directly connects web pentesting with cloud security operations.

Learning Objectives

  • Chain web vulnerabilities into cloud access paths.
  • Understand how temporary or leaked credentials are obtained and abused.
  • Practice secret discovery across repositories, build artifacts, and container images.
  • Learn practical impact: pivoting from initial web access into AWS resource compromise.
  • Build stronger detection and prevention mindset for web-to-cloud attack chains.

Lab Path

OrderLabTypeSummary
7SSRF to Pwned🔴 RedSSRF against an EC2-hosted application to reach metadata service and extract temporary AWS credentials.
8Path Traversal to AWS credentials to S3🔴 RedUse path traversal to recover AWS credentials, then pivot to S3 access.
9Hunt for Secrets in Git Repos🔴 RedIdentify leaked credentials and sensitive tokens in Git repositories.
10Uncover Secrets in CodeCommit and Docker🔴 RedDiscover exposed credentials stored in AWS CodeCommit history and Docker images.
11Leverage Leaked Credentials for Pwnage🔴 RedOperationalize leaked secrets to access cloud resources and extract sensitive data.
12Access Secrets with S3 Bucket Versioning🔴 RedUse S3 object versioning to recover historical secrets and plaintext sensitive fields.

Key Knowledge After Phase 2

  1. Web bugs can become cloud compromise vectors when they expose metadata services, local files, or credentials.
  2. Credential exposure is the core pivot point across repos, containers, and misconfigured storage.
  3. Temporary credentials are still dangerous if not tightly scoped and monitored.
  4. Attack chains matter more than single findings, because small web issues can escalate into full cloud impact.
  5. Prevention requires layered controls: secure coding, secret hygiene, least privilege IAM, and continuous monitoring.