[CTF] Lambda SQLi PrivEsc to Access Secret in Secrets Manager

Exploit a Lambda function’s SQL injection vulnerability to grant yourself privileges that let you access a secret from Secrets Manager you shouldn’t have access to. You’ve captured the flag when you’re able to read, in plaintext, the vault-password value. Inspired by CloudGoat’s Vulnerable Lambda scenario but slightly modified to challenge your understanding.

What's a Hands-On Lab?

Practical Learning. Dive in and learn cloud security at your own pace with real AWS resources and real-world scenarios

1-Click Deployments. AWS lab environments at the click of a button. Skip the hassle of creating practice accounts and dive straight into using real resources

Risk Free. Keep vulnerable training environments far away from your corporate resources.

Never worry about costs. No surprise bills when you forget to turn off or delete resources

Get started with 🧪 Cybr Labs