New Fortress: Amazon Web Services

11 Jul 2022



We are excited to introduce a brand new Fortress, powered by Amazon Web Services. Are you interested in deep diving into cloud hacking and exploitation? Then, this is the kind of challenge you are looking for! 

This interesting Fortress from AWS features a wide variety of realistic and current techniques, ranging from web exploitation to cloud privilege escalations for services used by thousands of businesses in over 190 countries in the world. The lab is designed as an ideal training ground for those who have a good understanding of web penetration testing and basic knowledge of cloud services.

By conquering this Fortress, participants will have the chance to learn and exercise the following abilities:

  • Web Application Pentesting
  • Forensics & Reversing
  • Cloud Exploitation
  • Active Directory Abuse

The main learning objectives of this innovative lab will be focused on enumeration, OWASP Top 10, and AWS API enumeration and exploitation. The AWS Fortress will be available to HTB players from Hacker rank and above. 

"Security is job zero at AWS, so as a penetration tester it’s crucial to continuously learn and hone new techniques. Lots of our security engineers across Amazon use Hack The Box and the various challenges they offer to keep their skills up to date. Says Tobias Grimm, Penetration Testing Engineer at Amazon Web Services, and continues: “We decided to give back to the community and create a customized vulnerable lab that is inspired by our daily experiences on real-world engagements. Through doing so we hope providing this insight into our jobs will enable and encourage new people to join the field of cybersecurity. We wish you the best of luck and hope you have great fun whilst attempting to storm the Fortress!“

Conquering this Fortress will be a great way to train skills applicable to real-life scenarios, get a taste of daily duties as a penetration tester in complex enterprise infrastructure, and even get in touch with AWS recruiters. That is exactly right: by completing this lab, players will have the opportunity to apply for open security engineering positions with the global AWS AppSec team!

10 flags & 220 points! Will you get them all?



Happy (Cloud) Hacking!


About Hack The Box
Hack The Box is an online cybersecurity training platform, that allows individuals and corporate teams to level up their penetration testing skills through a fully gamified, hands-on, and self-paced learning environment. Over 500 constantly enriched virtual labs, real-world scenarios, and CTF-style challenges, all part of a massively growing community of over 1.5 million security enthusiasts exchanging ideas and methodologies. Companies and organizations utilize the platform to train their teams in the most hands-on and engaging way possible. Join now and start hacking: www.hackthebox.com

About Amazon Web Services (AWS)
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully-featured services from data centers globally. Millions of customers, including the fastest-growing startups, largest enterprises, and leading government agencies, are using AWS to lower costs, become more agile, and innovate faster. Read more: https://aws.amazon.com