In some challenges, you might not see an IAM role or an IP address as the starting point, but rather, an interesting ARN or something like that. Sometimes during cloud penetration tests, we first find something interesting and then work backwards to see who has access to it. Is it just the Administrators? Well, that’s not really a big deal. Is it all developers, or all users, or anyone in the world? That might be a really big deal! ...
TL;DR: You’ve just gained access to the role Ertz. Can you find and access the its-another-secret flag? A lot of the challenges in the category Assumed Breach: Principal will have you assume into a role to simulate a new starting point. You’ll technically start as ctf-starting-user, but your first action will be to assume the role Ertz listed above. This is to simulate a scenario where you’ve just gained access to the role Ertz. ...
For this CTF, your starting CTF user has the following policies: SecurityAudit (AWS Managed) CloudFox (Customer Managed) its-a-secret (Customer Managed) The first two policies allow you to run CloudFox. The third policy allows this starting user to get the flag for this challenge. If you followed the setup steps in the First Flag challenge (if you are doing this in a workshop, the setup in First Flag has been done for you), you’ll have a profile called cloudfoxable which is tied to the user/ctf-starting-user. ...