IAM Privilege Escalation Labs

Learn first-hand how attackers exploit IAM misconfigurations in AWS with tactics pulled from real case studies. This course is entirely made up of 🧪 Hands-On Labs with different scenarios that will teach you how to exploit some of the most dangerous IAM privilege escalation weaknesses. The final section is made up of Challenges that will test your new skills and knowledge by providing vulnerable environments for you to capture the flag with limited information and hints. Good luck and have fun!

Christophe · November 19, 2023


“This course not only taught me how to think like an attacker, but also how easy it is to escalate privileges if excessive IAM permissions are present in the cloud. I honestly loved it and recommend it 100%!” – Mariana Arce Aguilar (Cybersecurity Engineer)

Who is it for?

Anyone interested in learning about AWS IAM security. Red teamers and blue teamers will pick up new skills they can apply directly on the job to find weaknesses and misconfigurations, and to be able to demonstrate impact. Relevant roles include:

  • Cloud penetration testers
  • Security researchers
  • Cloud Architects
  • Cloud Security Engineers
  • DevSecOps roles and teams

What will you learn?

  • AWS IAM Enumeration and Reconnaissance
  • How to identify cloud misconfigurations
  • Lateral movement and pivoting in the AWS cloud

What makes this course different

100% 🧪 Hands-On Labs and Practical: This course is the definition of practical learning and is made up entirely of Hands-On Labs. Each section has a deployable learning lab with a specific scenario for you to complete that will teach you a practical and real-world IAM vulnerability exploit. The final section is made up of Challenges which are challenge labs that test your new skills and knowledge. Most training platforms do not offer this many and this level of AWS IAM security labs because of the risks involved. This is our specialty.

About the Course

Number of labs: 12 learning labs and 2 challenge labs

Difficulty: Beginner to Intermediate. The labs start off easy and become a little bit more advanced as we go along, which is great for people interested in getting started with AWS pentesting and security research.

Recommended pre-requisites: You should have the AWS CLI installed (or the know-how to install it), and you should already have an AWS account. Even though you won’t need it for this course since we provide the environments, if you’ve never used AWS before, this is not the course to start with. We recommend a decent understanding of AWS IAM (you know what users, groups, roles, and permissions are). We would instead recommend starting with our Introduction to AWS Security course, or maybe even the AWS Cloud Practitioner if you have limited prior AWS experience.

About the Author

This course was created, developed, and published by Christophe Limpalair. Christophe is the founder and an author at Cybr, where he’s published many courses on topics of ethical hacking. Over the past 7 years, Christophe has taught multiple AWS courses including associate and professional-level AWS certification courses, and helped tens of thousands of learners get certified. He also helped pioneer, develop, maintain, and secure Linux Academy’s Hands-On Labs and Assessments technology which ran as a $1m+ budget on AWS, and which has since become the lab platform used by Pluralsight. He shares his AWS security expertise in this course to help you get started learning how to secure your own AWS resources and environments.

Hall of Fame

🎉 The first person to successfully complete and solve both of the Challenges in this course:


  • Updated February 2024

Course Content


Introduction to AWS Enumeration

About Instructor


18 Courses

Not Enrolled

Course Includes

  • 35 Lessons