# Capture the Flags (CTFs)

- [Flaws.Cloud](/cloud-security/capture-the-flags-ctfs/flaws.cloud.md): A walkthrough of the CTF Flaws.Cloud
- [Level 1](/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-1.md): A CTF walkthrough for level 1 of Flaws.Cloud
- [Level 2](/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-2.md): A CTF walkthrough for level 2 of Flaws.Cloud
- [Level 3](/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-3.md): A CTF walkthrough for level 3 of Flaws.Cloud
- [Level 4](/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-4.md): A CTF walkthrough for level 4 of Flaws.Cloud
- [Level 5](/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-5.md): A CTF walkthrough for level 5 of Flaws.Cloud
- [Level 6](/cloud-security/capture-the-flags-ctfs/flaws.cloud/level-6.md): A CTF walkthrough for level 6 of Flaws.Cloud
- [PwnedLabs](/cloud-security/capture-the-flags-ctfs/pwnedlabs.md): A collection of capture-the-flag walkthroughs from PwnedLabs.io
- [Escalate Privileges by IAM Policy Rollback](/cloud-security/capture-the-flags-ctfs/pwnedlabs/escalate-privileges-by-iam-policy-rollback.md): A walkthrough demonstrating how to abuse the IAM permission: SetDefaultPolicyVersion
- [Exploiting Weak S3 Bucket Policies](/cloud-security/capture-the-flags-ctfs/pwnedlabs/exploiting-weak-s3-bucket-policies.md): A walkthrough demonstrating how weak S3 Bucket policies can lead to system compromise, data exposure and exfiltration.
- [Leveraging S3 Bucket Versioning](/cloud-security/capture-the-flags-ctfs/pwnedlabs/leveraging-s3-bucket-versioning.md): A walkthrough demonstrating how S3 Bucket Versioning can lead to data exposure and exfiltration.
- [S3 Enumeration Basics](/cloud-security/capture-the-flags-ctfs/pwnedlabs/s3-enumeration-basics.md): A walkthrough demonstrating how to enumerate S3, exploit a misconfiguration, and escalate privileges to obtain sensitive data.
- [Pillage Exposed RDS Instances](/cloud-security/capture-the-flags-ctfs/pwnedlabs/pillage-exposed-rds-instances.md): A walkthrough demonstrating how to exfiltrate data from a public RDS instance.
- [EC2 SSRF Attack](/cloud-security/capture-the-flags-ctfs/pwnedlabs/ec2-ssrf-attack.md): A walkthrough demonstrating a Server Side Request Forgery attack leading to credit card data exfiltration.
- [Hunt for Secrets in Git Repos](/cloud-security/capture-the-flags-ctfs/pwnedlabs/hunt-for-secrets-in-git-repos.md): A walkthrough demonstrating the importance of preventing credentials being committed to git repositories.
- [Cybr](/cloud-security/capture-the-flags-ctfs/cybr.md): A collection of capture-the-flag walkthroughs from cybr.com
- [Challenge - Secrets Unleashed](/cloud-security/capture-the-flags-ctfs/cybr/challenge-secrets-unleashed.md): A walkthrough demonstrating how to abuse and escalate IAM permissions.
- [WIZ - The Ultimate Cloud Security Championship](/cloud-security/capture-the-flags-ctfs/wiz-the-ultimate-cloud-security-championship.md)
- [June 2025 - Perimeter Leak](/cloud-security/capture-the-flags-ctfs/wiz-the-ultimate-cloud-security-championship/june-2025-perimeter-leak.md): A walkthrough of the WIZ Ultimate Cloud Security Championship for June 2025