Skip to content

Wiz: The Ultimate Cloud Security Championship

Arbaaz Jamadar
Written by
Arbaaz Jamadar
Cloud Security & Application Security Engineer · OSCP · AWS Security Specialty · Master’s in Cybersecurity, University of Maryland
Wiz The Ultimate Cloud Security Championship
Forest
Feel free to reachout on LinkedIn or any of my socials in case you need help with the challenge.
Wiz The Ultimate Cloud Security Championship: Split Horizon
Wiz The Ultimate Cloud Security Championship: Split Horizon
Kubernetes CTF writeup: pivoting from a low-privilege bastion into a hidden cluster service by manually joining a Flannel VXLAN overlay network, bypassing pod network isolation, and discovering an internal endpoint via reverse DNS sweeps against CoreDNS.
Wiz Cloud Security Championship: Happy Birthday
Wiz Cloud Security Championship: Happy Birthday
Wiz Cloud Security Championship AWS writeup: bypass loosely configured StringLike resource policies, derive the AWS account ID, enumerate S3 buckets and SNS topics, and exfiltrate data without authenticated credentials.
Wiz Cloud Security Championship: Trust Issues
Wiz Cloud Security Championship: Trust Issues
Wiz Cloud Security Championship CTF writeup: incident response into a supply-chain compromise where a malicious dependency exfiltrates secrets - static code analysis, AI-assisted reversing, and indicator hunting.
Wiz Cloud Security Championship: Confession Booth
Wiz Cloud Security Championship: Confession Booth
Wiz Cloud Security Championship web writeup: race-condition exploitation against a Go-based confessions app to slip a payload past admin-side review and gain admin access.
Wiz Cloud Security Championship: Game of Pods
Wiz Cloud Security Championship: Game of Pods
Wiz Cloud Security Championship Kubernetes writeup: move laterally inside a cluster by minting service account tokens, then abuse nodes/proxy and nodes/status (CVE-2022-3294) to authenticate as kube-apiserver and reach cluster-admin.
Wiz Cloud Security Championship: State of Affairs
Wiz Cloud Security Championship: State of Affairs
Wiz Cloud Security Championship IaC writeup: race-condition exploitation against a Terraform cron job to inject a malicious provider, hijack a privileged plan/apply, and exfiltrate a flag from a privileged user’s home directory.
Wiz Cloud Security Championship: Needle in a Haystack
Wiz Cloud Security Championship: Needle in a Haystack
Wiz Cloud Security Championship OSINT writeup: passive subdomain enumeration, DNS recon and supply-chain leak hunting to surface a misconfigured internal API and reach a restricted endpoint.
Wiz Cloud Security Championship: Breaking the Barriers
Wiz Cloud Security Championship: Breaking the Barriers
Wiz Cloud Security Championship Azure writeup: chain Microsoft Graph OAuth client credentials, Entra ID dynamic group rules, and guest invitations to escalate privileges and exfiltrate Azure Blob Storage data.
Wiz Cloud Security Championship: Contain Me If You Can
Wiz Cloud Security Championship: Contain Me If You Can
Wiz Cloud Security Championship container escape writeup: sniff PostgreSQL creds with tcpdump, get RCE via COPY FROM PROGRAM, escalate with sudo NOPASSWD, and break out to the host through /proc/sys/kernel/core_pattern.
Wiz Cloud Security Championship: Perimeter Leak
Wiz Cloud Security Championship: Perimeter Leak
Wiz Cloud Security Championship AWS writeup: chain Spring Boot Actuator SSRF into IMDSv2 token theft, harvest IAM role credentials, then bypass VPC endpoint restrictions to exfiltrate a private S3 flag.