Cloud Security Lab Write-Up: SNS Secrets (CloudGoat Scenario)
📰 Medium · Cybersecurity
Learn to exploit AWS misconfigurations and extract secrets via SNS in a CloudGoat scenario
Action Steps
- Start with exposed AWS credentials and enumerate permissions using AWS CLI tools
- Extract a leaked secret via SNS using AWS SDKs or CLI commands
- Use the extracted secret to retrieve sensitive data or escalate privileges
- Analyze the CloudGoat scenario and identify potential misconfigurations and vulnerabilities
- Apply security best practices to prevent similar misconfigurations in your own AWS environment
Who Needs to Know This
Security engineers and cloud architects can benefit from this tutorial to improve their skills in identifying and exploiting AWS misconfigurations, and to learn how to protect against such vulnerabilities.
Key Insight
💡 AWS misconfigurations can be exploited to extract sensitive secrets via SNS, highlighting the importance of secure configuration and monitoring
Share This
Exploit AWS misconfigurations and extract secrets via SNS in CloudGoat scenario
Key Takeaways
Learn to exploit AWS misconfigurations and extract secrets via SNS in a CloudGoat scenario
Full Article
Title: Cloud Security Lab Write-Up: SNS Secrets (CloudGoat Scenario)
URL Source: https://medium.com/@islamannafi/cloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8?source=rss------cybersecurity-5
Published Time: 2026-06-23T02:23:34Z
Markdown Content:
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Cloud Security Lab Write-Up: SNS Secrets (CloudGoat Scenario)
[](https://medium.com/@islamannafi?source=post_page---byline--acd3c80b6fd8---------------------------------------)
[Islamannafi](https://medium.com/@islamannafi?source=post_page---byline--acd3c80b6fd8---------------------------------------)
3 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Facd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&user=Islamannafi&userId=e4655066871c&source=---header_actions--acd3c80b6fd8---------------------clap_footer------------------)
--
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2Facd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&user=Islamannafi&userId=e4655066871c&source=---header_actions--acd3c80b6fd8---------------------repost_header------------------)
--
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Facd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=---header_actions--acd3c80b6fd8---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3Dacd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=---header_actions--acd3c80b6fd8---------------------post_audio_button------------------)
Share
Press enter or click to view image in full size

I recently completed the **CloudGoat**`sns_secrets`**scenario**, a deliberately vulnerable AWS environment designed to simulate real-world cloud misconfigurations and privilege abuse chains.
The objective was simple in theory, but layered in execution: start with exposed AWS credentials, enumerate permissions, extract a leaked secret via SNS, and ultimately use it to retr
URL Source: https://medium.com/@islamannafi/cloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8?source=rss------cybersecurity-5
Published Time: 2026-06-23T02:23:34Z
Markdown Content:
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Cloud Security Lab Write-Up: SNS Secrets (CloudGoat Scenario)
[](https://medium.com/@islamannafi?source=post_page---byline--acd3c80b6fd8---------------------------------------)
[Islamannafi](https://medium.com/@islamannafi?source=post_page---byline--acd3c80b6fd8---------------------------------------)
3 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2Facd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&user=Islamannafi&userId=e4655066871c&source=---header_actions--acd3c80b6fd8---------------------clap_footer------------------)
--
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2Facd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&user=Islamannafi&userId=e4655066871c&source=---header_actions--acd3c80b6fd8---------------------repost_header------------------)
--
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2Facd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=---header_actions--acd3c80b6fd8---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3Dacd3c80b6fd8&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40islamannafi%2Fcloud-security-lab-write-up-sns-secrets-cloudgoat-scenario-acd3c80b6fd8&source=---header_actions--acd3c80b6fd8---------------------post_audio_button------------------)
Share
Press enter or click to view image in full size

I recently completed the **CloudGoat**`sns_secrets`**scenario**, a deliberately vulnerable AWS environment designed to simulate real-world cloud misconfigurations and privilege abuse chains.
The objective was simple in theory, but layered in execution: start with exposed AWS credentials, enumerate permissions, extract a leaked secret via SNS, and ultimately use it to retr
DeepCamp AI