Загрузка...

How to Find an AWS SSM Backdoor | CloudFoxable Bastion Host CTF

In this video we walk through the CloudFoxable — Bastion challenge (Author: Seth Art) and show how a properly placed bastion host — and the tools around it — can become the launchpad for further access. Using CloudFox and AWS Systems Manager (SSM), we demonstrate how to discover, connect to, and enumerate an EC2 bastion, then use available IAM permissions to find the flag. Small operational choices (and the right tooling) make all the difference.

We’ll show you:
💥 How to deploy the Bastion lab with Terraform and enable the challenge
🔎 How to locate the instance using cloudfox aws -p cloudfoxable instances -v2
🔐 How to connect to EC2 using the SSM Session Manager (Session Manager plugin + loot file command)
🧩 How to enumerate IAM permissions with CloudFox and turn those permissions into an objective (find the flag)
🧹 How to clean up (disable bastion_enabled and terraform apply) to avoid surprise costs
🛡️ Practical tips to harden bastion/SSM setups and reduce attack surface
Subscribe for more CloudFoxable walkthroughs, AWS CTF labs, and defensive tips.

✨ 𝗝𝗢𝗜𝗡 𝐂𝐲𝐛𝐞𝐫𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲𝐓𝐕 ✨
➟ CyberSecurityTV Channel: https://www.youtube.com/channel/UCPunxMZz2wFEp0OdkLZPebA/

💌 𝐋𝐄𝐓'𝐒 𝐒𝐓𝐀𝐘 𝐈𝐍 𝐓𝐎𝐔𝐂𝐇 💌
➟ Security Blog
https://securifyai.co/blog/
➟ Instagram
https://www.instagram.com/securifyai/
➟ Contact us
https://securifyai.co/contact/


📌𝐂𝐲𝐛𝐞𝐫𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲𝐓𝐕 𝐎𝐓𝐇𝐄𝐑 𝐕𝐈𝐃𝐄𝐎𝐒
➟Why Cyber Security May Not Be For Everyone: Challenges & Realities | CyberSecurityTV
🔗https://youtu.be/CXFUqjlkp0I
➟Encryption Basics | CyberSecurityTV
🔗https://youtu.be/7xaw4yflSUQ
➟ What are Dark Web | Email Providers | CyberSecurityTv
🔗https://youtu.be/cSDXn3m1s-U
➟How to Bypass XSS Filters | CyberSecurityTV
🔗https://youtu.be/7xaw4yflSUQ

#cloudsecurity #aws #bastion #CloudFoxable #ssm #terraform #ethicalhacking #ctf #iam #offsec #CloudFox #awssecurity #cybersecurity #ctfwalkthrough

RELATED SEARCHES:
aws ssm session manager exploit
cloudfoxable walkthrough bastion host
aws bastion host ctf
cloudfox aws enumeration
aws iam privilege escalation
aws systems manager security
how to hack aws ec2
cloud security ctf labs
ssm agent backdoor
terraform aws lab setup

Видео How to Find an AWS SSM Backdoor | CloudFoxable Bastion Host CTF канала CyberSecurityTV
AWS SSM Bastion Host CloudFoxable AWS CTF Cloud Security Ethical Hacking AWS Systems Manager Terraform IAM Enumeration CloudFox SSM Session Manager AWS Security CTF Walkthrough AWS Exploit Bastion Exploit AWS Pentesting Cloud Hacking AWS Tutorial SSM Session Manager Plugin AWS IAM Privilege Escalation AWS CloudFoxable Walkthrough AWS Labs Hack AWS AWS for Beginners Cybersecurity Tutorial
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
6 ноября 2025 г. 19:41:59
00:10:35
CyberSecurityTV
Теги
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

Exploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTVExploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTV

5 Tech Fears Everyone Faces in 2025 #cybersecuritycompany #informationsecurity5 Tech Fears Everyone Faces in 2025 #cybersecuritycompany #informationsecurity

XSS Filter Bypass Part 4 | CyberSecurityTVXSS Filter Bypass Part 4 | CyberSecurityTV

Payload Obfuscation Techniques | Part 03Payload Obfuscation Techniques | Part 03

Pentest for beginners with Python | Variables - E02Pentest for beginners with Python | Variables - E02

PHP Obfuscation for Hacking | 02PHP Obfuscation for Hacking | 02

What is Agentic AI? The Future of Autonomous AI Agents Explained | CyberSecurityTVWhat is Agentic AI? The Future of Autonomous AI Agents Explained | CyberSecurityTV

What Is ISO 27001?What Is ISO 27001?

AWS IAM Policy Evaluation Logic ExplainedAWS IAM Policy Evaluation Logic Explained

This Simple Web Mistake Lets Anyone Become AdminThis Simple Web Mistake Lets Anyone Become Admin

OWASP Top 10 | Unvalidated Redirects and Forwards - E05OWASP Top 10 | Unvalidated Redirects and Forwards - E05

OAuth Hijacked — How Cookie Tossing Lets Attackers Take Accounts 🍪🔓OAuth Hijacked — How Cookie Tossing Lets Attackers Take Accounts 🍪🔓

What is VPC - E02 | AWS Security | CyberSecurityTVWhat is VPC - E02 | AWS Security | CyberSecurityTV

Which email provider should you choose for the dark web | CyberSecurityTv | Shorts | API TestingWhich email provider should you choose for the dark web | CyberSecurityTv | Shorts | API Testing

Achieve ISO 27001 Compliance: Protect Sensitive Data and Build Trust | CyberSecurity TVAchieve ISO 27001 Compliance: Protect Sensitive Data and Build Trust | CyberSecurity TV

SOC 2 Compliance: The Hidden Secret That Could Make or Break Your Business | CyberSecurityTVSOC 2 Compliance: The Hidden Secret That Could Make or Break Your Business | CyberSecurityTV

Avoid Heavy Fines: How to Achieve HIPAA Compliance in 2025 | CyberSecurity TVAvoid Heavy Fines: How to Achieve HIPAA Compliance in 2025 | CyberSecurity TV

How to Perform Phishing with XSSHow to Perform Phishing with XSS

Difference between Spider and EnumerationDifference between Spider and Enumeration

The Dark Side of AI: How Cybercriminals Are Duping Experts in 2025 | CyberSecurityTVThe Dark Side of AI: How Cybercriminals Are Duping Experts in 2025 | CyberSecurityTV

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять