⚠️ Pracivo Security Lab — Exposed AWS keys in /api/config, S3 listing without auth, IMDS simulation, IAM misconfig.
What to Practice Here
- Find exposed AWS access keys in API responses
- List S3 buckets without authentication
- Abuse the IMDS endpoint to get instance credentials
- Identify overly permissive IAM roles
- Use found keys to simulate cloud privilege escalation