Writeups

This challenge is dealing with a vulnerable Kubernetes node on which is installed Ansible (AWX). Challenge info : We have located Monkey Business operator blog where they are leaking personal informations. We would like you to break into their system and figure out a way to gain full control. Recon The challenge info does not really any useful tips, so we start with a scan with nmap : # Nmap 7. [Read More]

This challenge is shining a light on different AWS solutions working together in order to create a functional website. It is in my opinion very interesting to see how the cloud technologies are replacing the standard websites and servers, and what possible misconfigurations and security risks this shifting create. Challenge info : With increasing breaches there has been equal increased demand for exploits and compromised hosts. Dark APT group has released an online store to sell such digital equipment. [Read More]

This challenge is on AWS and one of its products, Lambda. It allowed me to go deeper into the AWS CLI and how to manipulate it to gain access on cloud infrastructures. Challenge info : One of the local shops in your city is realising new costumes. Go grab them before they run out as the available stock is very limited. Recon Unlike the first one, we don’t immediately know what kind of cloud we’re dealing with. [Read More]

This challenge is a very interesting one on Kubernetes. Even if it is not that hard, it made me practice and learn more about the inner workings of Kubernetes, its various components and how to exploit them. Challenge info : We've installed our Kubernetes cluster inside a steam powered computer, however there's a lot of smoke, therefore we think a bolt is missing. Could you please investigate? Recon The cloud is a category who is beginning to be more and more popular in CTFs. [Read More]